Ok, first off, is pagefile.sys REALLY critical to the system, or can it be safely deleted (what’s the purpose of it anyway?) second, What does the RPC in Win32:RPCexploit [trj] mean, and was it fixed in any of the latest crit update packages by windows?
System=WinXP
Firsts the pagefile.sys is Windows swapfile and is necessary, but is no security risk.
RPC means “Remote Procedure Call”, Blaster(and others) uses this exploit for spreading. It was fix a long time ago, but there where several bugfixes for the bugfix!
Maybe i am wrong, but i think “Win32:RPCexploit” is a kind of heuristic/general detection. If you still have that file test it here: http://www.kaspersky.com/remoteviruschk.html
Well, today’s just been my lucky day… I’ll try to use Servant Salamander to do somthing to it… but I can’t logon right now…
Let’s see…
Bought new game… system can’t support it…
Went to download crit update packs, 1 wouldn’t download…
went to scan for viruses, only one and it’s on a system file…
the trojan, if you haven’t guessed, is on pagefile.sys …
pagefile.sys reported as infected= false alarm . If you want, you can delete the file by starting from a bootdisc or PE cd. Windows will create a new one after reboot.
Ok, now I have a new problem…well… actually it appeared at the same time… after I boot my computer up, you know where the “Press Ctrl-Alt-Del to log in” screen appears? well, it’s been replaced with a screen of alternating green and blue vertical bars… I thought this would be fixed after the deletion of pagefile.sys (e-mailed dad… said it was OK and would be rebuilt on startup.) but apparently, it hasn’t… I had 2 other files that had corrupted data(several others were from Spybot-Search and Destroy… but that’s all password locked stuff) and failed to be deleted by the BART CD…
well, now my dad got me an updated version of BART, so I’m gonna try this out…
what I don’t understand is how Avast let in a trojan/virus/worm when I have it on Update Automatically, since I have DSL connection…
The Blaster worm (or any other RPC exploits) don’t spread by the ordinary ways (e-mail, file) - they misuse an error in a network protocol. Therefore, an ordinary antivirus won’t stop it; you’d need a well-configured firewall for that.
To prevent the infection, you should install the necessary Windows updates and then remove the files with avast!.