I have a Mac running Mac OS X 10.10 Yosemite and have Bootcamp running Windows 8.1. Yesterday, when I did a full system scan booted on the Mac partition, Avast found Win32:Malware-gen embedded deep within a Chrome folder (/Users/MisterRyan07/Library/Application Support/Google/Chrome/Default/File System/000/t/00/00000000). So, I went ahead and had Avast delete the file. So being paranoid, I booted to the Windows side and scanned the whole system, including the Mac partition just to be safe and found nothing. I even downloaded and scanned using Malwarebytes and it too found nothing.

Now again, just to be sure I’ve rid of all the malicious files I’ve decided to scan my computer again, booted on Mac OS partition, full system but had scan whole files enabled and this time it found Win32:Reveton-RH on my Windows partition and the infected file is pagefile.sys. This time I couldn’t delete it because it’s on a different partition and it looks like a necessary Windows system file based on what I’ve researched on Google. So here I am, booted on the Windows partition scanning the full system with the scan whole files enabled to alleviate the issue. I’m hoping this is a false-positive.

That being said, is there anything I need to do in regards to changing passwords of everything? Or am I safe in saying once it’s deleted, I’m good to go? I posted this issue originally in the “Avast for Mac” topic and the moderator told me to post it under this topic and kept telling me that to be sure they aren’t harmless they would need the SHA256 hash of the file. I have no idea what that is or how to obtain it. Sorry it’s so long!!!

This is a Windows forum.
You can find the MAC forum here:
https://forum.avast.com/index.php?board=5.0

That’s where I posted this issue originally if you read the whole thing and the moderator told me to post it here. And this issue applies to both Mac OS and Windows OS since I have both OS’s on my computer and these malwares are affecting both sides.

For the Windows part follow the instructions and attach the logs:
https://forum.avast.com/index.php?topic=53253.0

For clearing the pagefile.sys file system (and then resetting it) follow the steps on this page http://mywindows8.org/delete-pagefile-in-windows-8/
After the reboot reverse the steps to set it up again

And then after that is it no longer infected?

That is correct as the pagefile will be deleted on the reboot. When you reset it a new one will be created

This is a “viruses and worms” forum, not a “Windows” forum. Malware suspicion is solved here
regardless of the platform. If you do not know anything about other platforms (which you don’t
according to Your previous posts here and in the Mac section), than please simple ignore such
posts and let those, who may help do so.

Really strange Tumic,
since other avast team members told me that all things concerning mac’s should be posted in the mac forum and not here.

Eddy is correct.
This started a long time ago when Essexboy, magna86 and the rest of the removal guys said that they did not know anything about Mac and could not help with malware removal
I guess we assumed that does who know anything about Mac, regardless of what issue it is, is monitoring that forum section (Mac) and if posted here it would just drown among all the other posts…

All program related things should really be discussed in the Mac section and so they are.
But malware should be discussed here, regardless of the platform as this is the forum, watched
by the viruslab. Avast for Mac developers watching the Mac forum are not experts on malware,
so they are not the right people to give advises about how to handle suspicious files/false
detections.

Awesome. Thanks! So, with that being said. Deleted and all, I shouldn’t be worried if sensitive material was leaked or anything like that?

No, as if it was active then Avast would have alerted you sooner

Great! Thank you so much! Ran hours and hours of full scans and my system is throughly cleaned out!