1 |
On Saturday 29 Oct 2011 19:40:49 Mick wrote: |
2 |
> On Saturday 29 Oct 2011 19:25:00 Pandu Poluan wrote: |
3 |
> > On Oct 30, 2011 1:15 AM, "Mick" <michaelkintzios@×××××.com> wrote: |
4 |
> > > pagefile.sys of a WinXP OS and it thinks it is a Win32:Patched-HO. |
5 |
> > |
6 |
> > If pagefile.sys is detected as a malware, most likely the actual malware |
7 |
> > was once loaded into (Windows XP's) memory got swapped, and avast! picked |
8 |
> > up its remnant. Loaded into memory doesn't mean that the malware was |
9 |
> > active, if the Windows XP was equipped with a good antivirus. |
10 |
> |
11 |
> Interesting! The WinXP has Microsoft Security Essentials on it. I'll ask |
12 |
> my wife if it picked up anything lately. |
13 |
|
14 |
She can't recall any MSE reports of malware. I did check the WinXP fs for all |
15 |
the files and registry entries that this trojan is meant to create and none |
16 |
were present. Then I've zero'ed the pagefile and a second scan did not flag |
17 |
anything up. |
18 |
|
19 |
I also checked for a reported trojan in a Windows 7 vdi file (in virtualbox). |
20 |
Nothing found there either. I am tempted to think that avast! is rather |
21 |
super-sensitive. However, avast! also picked up some php files from a backed |
22 |
up website - so this may be a worthwhile find. |
23 |
|
24 |
Anyway, I can't make it integrate with kmail which was the original user |
25 |
requirement. Tried this script but the kmail Antivirus Wizard will not pick |
26 |
it up: |
27 |
|
28 |
http://forum.avast.com/index.php?topic=17898.0 |
29 |
|
30 |
So I am now heading for clamav to see how that works with a Linux desktop. |
31 |
|
32 |
-- |
33 |
Regards, |
34 |
Mick |