What is Int 13-512

Viruses and worms
1

Did an avast scan which found virus name “Int 13-512” in c:\pagefile.sys. I can’t find any info on this virus, what is it, should I delete or try to repair? If I delete it will XP create a new one, or do I have to do that? I’m running XP, this all started when I began getting AV8 virus warnings and my browser window would close, that’s why I did the scan. I never clicked on any of AV8 windows, don’t run with privileges. Running current signatures for Bitdefender, it didn’t find anything.
tnx

2

Looks like a very old file infector

Virus.DOS.Int13.a
http://www.securelist.com/en/descriptions/old5156
http://about-threats.trendmicro.com/archiveMalware.aspx?language=us&name=INT13.512.B

How did you remove the AV8 virus, did you run Malwarebytes

3

I haven’t removed AV8 yet, I read about it and couldn’t find any files or registry entries that inidicate it’s present. I’m familiar with Avast from work, so I thought I’d run that and see if it finds anything. I did read about malwarebytes, I’d need to do a little more research to understand the right procedure.

Back to the infection that avast found, should I let it try to repair pagefile.sys?

4
I'm familiar with Avast from work, so I thought I'd run that and see if it finds anything.
does that mean that there was already a AV program installed on the computer ? and you now have two installed ?
Back to the infection that avast found, should I let it try to repair pagefile.sys?
What is pagefile.sys http://ask-leo.com/what_is_pagefilesys_and_can_i_move_it.html Pagefile.sys, a windows system files act as a virtual memory extension of a computer’s real memory RAM.

Try repair or move to chest, see what happens…

Remove Antivirus8 or Antivirus 8 (Uninstall Guide)
http://www.bleepingcomputer.com/virus-removal/remove-antivirus8

5

The pagefile.sys file is meant to be excluded from scans, it certainly is in the File System Shield, so it may be worth adding it to the avastUI, Settings, Exclusions and copy and paste ?:\PageFile.sys into the new entry.

You could also change your windows settings to clear the pagefile.sys on shutdown to make sure it is empty. Once you have done that after the next reboot change the settings back. You could then initiate the scan again and see if anything is found, obviously doing this after excluding the file wouldn’t work.

6

[quote author=Pondus link=topic=70432.msg590163#msg590163 date=1296344636]

does that mean that there was already a AV program installed on the computer ? and you now have two installed ?

I didn’t install avast, I have it on a bootable CD that I’m using. I have bitdefender (an AV program) installed but disabled right now.

What is pagefile.sys http://ask-leo.com/what_is_pagefilesys_and_can_i_move_it.html Pagefile.sys, a windows system files act as a virtual memory extension of a computer’s real memory RAM. Try repair or move to chest, see what happens....

I understand conceptually what pagefile.sys is, but I’m more familiar with Linux so don’t understand details of how it is created, specified, etc. I’ll try the repair.

Remove Antivirus8 or Antivirus 8 (Uninstall Guide) http://www.bleepingcomputer.com/virus-removal/remove-antivirus8

I was reluctant to solve one infection problem by downloading something I wasn’t familiar with from a site I never heard of. This seems to be a consistent recommendation on this site, so I guess I’ll try it.

7

This worked, I set pagefile to “no pagefile”, rebooted, then increased it to original size. Scan came up clean. I couldn’t figure out how to just scan the pagefile, had to do the whole C drive which was a pain. There must be some way in the interface to pick a file, not all of the folders under a device name, but I couldn’t find it.

Went on to download malwarebytes, it did not find any signs of infection. I never actually got a prompt to buy anything, nor did I click on the small AV8 message that said something like “AV8 has detected a virus on this machine”. I’m guessing that was a popup from some site I visited, but since I closed the browser without clicking on it, no actual infection took place.

8

The page file is a somewhat strange beast as it is constantly changing and there may be an occasion that it may have a data string that matches a virus signature.

The pagefile.sys file is a hidden file so unless you have your Windows Explorer, Tools, Folder Options, set to show hidden files and folder you won’t see it. If you can see it then you could right click on it and the ashQuick scan should be able to scan it; obviously if you excluded it from on-demand scans this option wouldn’t scan/find anything.