system
1
Ok, first off, is pagefile.sys REALLY critical to the system, or can it be safely deleted (what’s the purpose of it anyway?) second, What does the RPC in Win32:RPCexploit [trj] mean, and was it fixed in any of the latest crit update packages by windows?
System=WinXP
raman
2
Firsts the pagefile.sys is Windows swapfile and is necessary, but is no security risk.
RPC means “Remote Procedure Call”, Blaster(and others) uses this exploit for spreading. It was fix a long time ago, but there where several bugfixes for the bugfix!
Maybe i am wrong, but i think “Win32:RPCexploit” is a kind of heuristic/general detection. If you still have that file test it here: http://www.kaspersky.com/remoteviruschk.html
system
3
Well, today’s just been my lucky day… I’ll try to use Servant Salamander to do somthing to it… but I can’t logon right now…
Let’s see…
Bought new game… system can’t support it…
Went to download crit update packs, 1 wouldn’t download…
went to scan for viruses, only one and it’s on a system file…
the trojan, if you haven’t guessed, is on pagefile.sys …
raman
4
pagefile.sys reported as infected= false alarm . If you want, you can delete the file by starting from a bootdisc or PE cd. Windows will create a new one after reboot.
system
5
Ok, now I have a new problem…well… actually it appeared at the same time… after I boot my computer up, you know where the “Press Ctrl-Alt-Del to log in” screen appears? well, it’s been replaced with a screen of alternating green and blue vertical bars… I thought this would be fixed after the deletion of pagefile.sys (e-mailed dad… said it was OK and would be rebuilt on startup.) but apparently, it hasn’t… I had 2 other files that had corrupted data(several others were from Spybot-Search and Destroy… but that’s all password locked stuff) and failed to be deleted by the BART CD…
system
6
well, now my dad got me an updated version of BART, so I’m gonna try this out…
what I don’t understand is how Avast let in a trojan/virus/worm when I have it on Update Automatically, since I have DSL connection…
igor0
7
The Blaster worm (or any other RPC exploits) don’t spread by the ordinary ways (e-mail, file) - they misuse an error in a network protocol. Therefore, an ordinary antivirus won’t stop it; you’d need a well-configured firewall for that.
To prevent the infection, you should install the necessary Windows updates and then remove the files with avast!.