Trojan Horse in pagefile.sys

[Stg-Flame]

Apparently, I had more viruses on my old HDD than I thought. Last time I scanned, I came up clean, so that is the last time I let my roommate use my computer.

Like the Malware that I just cleared up, this will not let me Move To Chest. Any suggestions?

Mechbgon, I have not yet burned the program you sent me as I was only at 44% complete with the scan. I figure it would be best to continue with the scan rather than abort it, just in case there are any viruses I can get rid of without that program you linked me to.

Lastly, if Avast finds anymore viruses, I will just post them in this topic rather than making new ones.

 

[lxskllr]

Set your page file to 0, reboot your machine, defrag, then set the page file again.

 

[Stg-Flame]

But can I delete this file? Also, this trojan isn't on my main HDD. It is on my storage HDD which used to be my old XP HDD for my other PC.

 

[lxskllr]

Oh yea. If it isn't your real page file, just delete it.

 

[Stg-Flame]

Will it have any adverse effects when I stick this back in my old PC?

 

[lxskllr]

If it's needed in the old computer, it'll get recreated. Otherwise, it won't hurt anything to delete it.

 

[gsellis]

Originally posted by: lxskllr
Set your page file to 0, reboot your machine, defrag, then set the page file again.

This is not great advice and would not not solve anything on an active infection.

It appears you had something loading in memory that is malicious. What Mechbgon recommended will make sure you do not have it on the current system. I would do it.

Since that pagefile.sys is on your old drive (and you are not booting on it, right?), just delete the file. If you have a hiberfil.sys file, it would probably be in there too. Kill that too.

 

[nordloewelabs]

my approach towards the Pagefile is "delete at Shutdown". i dont know if this has any side-effect but the fact is that my 3 machines have had this setting enabled for years.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"ClearPageFileAtShutdown"=dword:00000001

 

[gsellis]

Originally posted by: nordloewelabs
my approach towards the Pagefile is "delete at Shutdown". i dont know if this has any side-effect but the fact is that my 3 machines have had this setting enabled for years.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"ClearPageFileAtShutdown"=dword:00000001

That clears (does not delete - writes 0's iirc) the pagefile at shutdown so that there is not any potential system data in the file that can be recovered (if you are using this for security reasons - don't allow hibernation). The caution on using that setting is that it will increase shutdown time noticibly.