Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Here's a weird thing.....

  • 28-05-2008 1:23pm
    #1
    Dartz
    Registered Users, Registered Users 2 Posts: 4,405 ✭✭✭


    Not quite in the spirit of the forums, but there's nowhere else really to do this.

    Not really a Help I've got a virus topic, more... a quick question that's nagging me.

    I dual boot Windows and Linux...I have Avast! on my Linux partition, to scan Windows occasionally, and check downloaded files and stuff for nasties if I'm going to be running them on a Windows machine. I use Windows on my Laptop a lot in work, networked with work PC's, but rarely on the web. It has McAfee security centre, with Spybot S&D and Windows defender. All three of these come up clean.

    But, when I run Avast from within Linux over the Windows partition.... which has been shutdown... It gives me an alert that it has discovered something. A Win32:Adloader-AC Trojan. The weird thing is, is where I'm finding this thing. It's in pagefile.sys, of a shutdown Windows. I know what that is of course, I'm not that clueless.


    So, what do ye think? I think it might be a false positive myself...given where it's finding it. It's not finding anything else suspicious throughout Windows.but at the same time, given that I was involved in some 'experimentation' with an adware site that was hacked into a forum I administrate at the weekend... using IE6 in Wine.... and the Windows partition was mounted at the time..... It does worry me.

    Scanning with McAfee, Spybot and Defender inside MS comes up clean, and there's none of the usual malware signs. Windows Vista Premium is running alright. There's no weird network connections going on...Okay, I'm almost certain it's a false positive, so sorry for wasting yousre time, but still... I'd want to know if it's possible for something to hide in the pagefile when Windows shuts down, and if it's possible this could actually be there...

    Also, a full blown Spyware attack is bloody scary.... even with IE6 in Wine it practically locked my Laptop up, sucking in memory like a black hole... 3.2Gb and I manually killed the process from another terminal.


Comments

  • #2
    geddy2112
    Closed Accounts Posts: 1 geddy2112


    Hi,
    The exact same situation has happened to me. I recently set up me hp notebook to run a dual boot ubuntu/vista, with many common files stored on my vista partition (so both systems can use them). I have downloaded avast to keep my windows system clean while I am running linux, and on the first scan this was found. My windows virus scanner, AVG 8.0, has never found anything like this. Nor has windows defender. I am going to do some more scanning with vista running, but I think that this is a false positive. I've barely even downloaded anything since I set up the dual boot.


  • #3
    Dartz
    Registered Users, Registered Users 2 Posts: 4,405 ✭✭✭Dartz


    I'm certain it's a false positive. It's caused by whatever Vista does with the pagefile when it shuts down.

    It could just be that Avast! considers Vista itself to be a Virus....
    I mean, on most OEM computers it's something you didn't request, that takes of HDD space, that disimproves performance and creates further security vulnerabilities. It calls home regularly, reporting private details...

    Need I go on?


Advertisement