Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 49505 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Pagefile.sys virus - False positive?

toddh

Hey,

I have a Sophos client reporting the following as multiple different viruses:

Virus/spyware Not cleanable Mal/Iframe-F \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy13\pagefile.sys
Virus/spyware Not cleanable Mal/Badsrc-C \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy13\pagefile.sys
Virus/spyware Not cleanable Troj/Fujif-Gen \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy13\pagefile.sys
Virus/spyware Not cleanable Troj/Iframe-CG \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy13\pagefile.sys
Virus/spyware Cleanup failed Troj/Badsrc-M \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy13\pagefile.sys


This showed up the same day as the now infamous Shh/Updater-B False positives

At first I ignored it because I figured it would start to show on multiple computers, but it didn't.

It only showed on a single computer so now I am not sure if this is a false positive or not. Can the pagefile.sys get infected by a virus?

Has anyone seen the behavirous before? And if so, should I take action to clean it? Or can it be ignored as a false positive?

Thank you.

:33137


This thread was automatically locked due to age.
Parents
  • 0

    Hi QC,

    Yes so far I have only had one instance of this detection.

    It is still showing on my console so it defintiely not a false positive. Although I am not entirely sure what it is.

    I have run other scans against the system using software like malwarebytes and all have come back negative.

    I found this from symantec How to clear the volumeShadow (sorry for posthing a link to another anti-virus company, hopefully this is okay. If not I'll remove it).

    I am inclined to try just deleting the offending VolumeShadow and see if that successfully clears the detection

    :34815
Reply
  • 0

    Hi QC,

    Yes so far I have only had one instance of this detection.

    It is still showing on my console so it defintiely not a false positive. Although I am not entirely sure what it is.

    I have run other scans against the system using software like malwarebytes and all have come back negative.

    I found this from symantec How to clear the volumeShadow (sorry for posthing a link to another anti-virus company, hopefully this is okay. If not I'll remove it).

    I am inclined to try just deleting the offending VolumeShadow and see if that successfully clears the detection

    :34815
Children
No Data