This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Pagefile.sys virus - False positive?

Hey,

I have a Sophos client reporting the following as multiple different viruses:

Virus/spyware Not cleanable Mal/Iframe-F \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy13\pagefile.sys
Virus/spyware Not cleanable Mal/Badsrc-C \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy13\pagefile.sys
Virus/spyware Not cleanable Troj/Fujif-Gen \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy13\pagefile.sys
Virus/spyware Not cleanable Troj/Iframe-CG \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy13\pagefile.sys
Virus/spyware Cleanup failed Troj/Badsrc-M \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy13\pagefile.sys

This showed up the same day as the now infamous Shh/Updater-B False positives

At first I ignored it because I figured it would start to show on multiple computers, but it didn't.

It only showed on a single computer so now I am not sure if this is a false positive or not. Can the pagefile.sys get infected by a virus?

Has anyone seen the behavirous before? And if so, should I take action to clean it? Or can it be ignored as a false positive?

Thank you.

This thread was automatically locked due to age.

Parents

0 QC over 12 years ago

Hello Todd,
the client I've checked does (or did) have the item in QM. The "offense" also seems to have disappeared as subsequent scans turn up nothing (guess the shadow copy no longer exists anyway).
Christian
:34945
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 12 years ago

Hello Todd,
the client I've checked does (or did) have the item in QM. The "offense" also seems to have disappeared as subsequent scans turn up nothing (guess the shadow copy no longer exists anyway).
Christian
:34945
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data