Pagefile and avast

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Have Duel boot Win7 with Avast on one partition.

When scanning the partition Avast isn't on it detects a trojan in the  
pagefile.sys, It doesn't find anything else.

How can I check if it's a false positive? At 1.74 GB its a bit big to  
sent to VirusTotal

Re: Pagefile and avast

Dex wrote:

Quoted text here. Click to load it

What's in the pagefile is a copy of what you currently have or did have
in memory.  It is not necessarily what is in a file.

Just clear the pagefile.  Disable using it, reboot to delete it,
reenable it, and reboot to establish a new one.  See:

http://windows7themes.net/en-us/how-to-delete-pagefile-sys-in-windows-7/

While some folks with huge amounts of memory like to think they can run
without a pagefile, it is not recommended.  Some apps specifically
preload blocks of code or data into memory or deliberately request a
specific size in the page cache.  With no pagefile, their requests will
fail so the program may fail to load or exhibit abnormal behaviors.

You can configure Windows to clear its pagefile when it is shutdown.
This is a registry setting.  If you have a non-Home edition of Windows
then you can use its local policy editor; see:

http://helpdeskgeek.com/windows-7/force-windows-7-to-clear-virtual-memory-pagefile-at-shutdown/

If you have a Home edition of Windows then you don't have a policy
editor.  The policy settings still exist in the registry (all policies
are registry settings) but you have no handy editor to access them.
Instead you will have to edit the registry settings manually by using
regedit.exe.  

http://www.pctools.com/guides/registry/detail/244/

Or you could use a utility that changes the registry setting for you,
like Ultimate Windows Tweaker (an enhanced 3rd party replacement to run
on Windows 7 for the old Tweaker app available for Windows XP but which
does not work under Windows 7).

Note that having Windows go through its pagefile to empty it will slow
the shutdown time of Windows.  Some users configure the pagefile to
clear on every shutdown as a security or privacy measure.  Bits of files
you edit are in memory so they can be ferreted out of the pagefile
although they are spread around in chunks of the memory that would be
difficult to paste together.

Re: Pagefile and avast

On 19/05/2014 23:02, VanguardLH wrote:
Quoted text here. Click to load it

That seemed to cure it. Strange as Avast would remove it and a new one  
would be created when 7 without Avast booted, after booting back to 7  
with Avast it would flag the pagefile again.

Might have been a false positive removed by an update.

Thanks.


Site Timeline