Every time a run a Panda Antivirus Full Scan I get the following virus:
Virus detected JS/Sality.AO Location: C:\pagefile.sys
However, before I run the scan I cannot see anything called this in the root directory c: drive.
Why does this file keep on returning and why can't I see it?
I have gone through all the registry stuff in regedit as described here:
https://www.pandasecurity.com/homeusers ... /Sality.AO
None of these things appears in the regedit:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001 \Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
%sysdir%\winlogon.exe = %sysdir%\winlogon.exe:*:enabled:@shell32.dll,-1
where %sysdir% is the Windows system directory.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPol icy\StandardProfile\AuthorizedApplications\List
%sysdir%\winlogon.exe = %sysdir%\winlogon.exe:*:enabled:@shell32.dll,-1
It creates these entries in order to add itself to the list of applications authorized by the firewall.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum
0 = SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer
UpdateHost = 00, 50, 3D, EB, 75, 51
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer
UpdateHost = 00, 50, 3D, EB, 75, 51
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{7504870 0-EF1F-11D0-9888-006097DEACF9}\Count HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Nqzvavfgengbe\Qrfxgbc\5p18r829-rs40-465o-n1qq-3sp9rprs8p87 - svkzncv_.rkr = 08, 00, 00, 00, 06, 00, 00, 00, 40, 09, FD, 1B, 24, 90, C9, 01
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum
0 = SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}
Virus detected JS/Sality.AO Location: C:\pagefile.sys
-
- Official moderator
- Posts: 1568
- Joined: Tue, 24 Oct 2017, 12:04
Re: Virus detected JS/Sality.AO Location: C:\pagefile.sys
Technical support – Panda Security
www.pandasecurity.com
www.pandasecurity.com
Re: Virus detected JS/Sality.AO Location: C:\pagefile.sys
I have Panda Antivirus.
I have scanned my computer. The Dome one removed it. The older Green one (I had to reinstall the Panda Antivirus) just leaves it there.
I cannot see it in the Dos prompt or normal File Explorer. I can only see it in a custom scan of Panda Antivirus where it lists it in the C: directory.
I have scanned my computer. The Dome one removed it. The older Green one (I had to reinstall the Panda Antivirus) just leaves it there.
I cannot see it in the Dos prompt or normal File Explorer. I can only see it in a custom scan of Panda Antivirus where it lists it in the C: directory.
-
- Official moderator
- Posts: 1568
- Joined: Tue, 24 Oct 2017, 12:04
Re: Virus detected JS/Sality.AO Location: C:\pagefile.sys
Ok. bur please scan your computer with the instructions I gave you before.
Technical support – Panda Security
www.pandasecurity.com
www.pandasecurity.com
Re: Virus detected JS/Sality.AO Location: C:\pagefile.sys
Thank Darth Panda for the reply.
I have used the cloud scan as you suggested.
The standard scan (no advanced options) did not even pick up about the pagefile.sys file.
I then checked with my Green-Panda program I paid for, and it is still saying pagefile.sys is there and it is a virus.
I then tried the the Cloud-Panda what you suggested, but with the Advanced Options (something about boot checking). This immediately had an error:
Setup: Error during Analysis.
I then check my Green-Panda program I paid for, and it is still saying pagefile.sys is there and it is a virus.
I then did the standard method of deleting the pagefile.sys:
Control Panel|System and Security|System|Advanced System Settings|Advanced|Performance|Settings|Advanced|Virtual Memory|Change
Uncheck Automatically Manage Paging File Size for All Drives
Click 'No Page Filing'
Click Set
Then click multiple OKs
Then reboot.
This deleted the file and the Green-Panda I paid for no longer complained.
So I returned (by checking again) the option of 'Automaticlly Manage Paging File Size for All Drives'.
After reboot the pagefile.sys reappeared and the Green-paid-for-Panda said it was a virus again.
What can I do? (Also, why does the Advanced option of the Cloud-Panda not work?)
I have used the cloud scan as you suggested.
The standard scan (no advanced options) did not even pick up about the pagefile.sys file.
I then checked with my Green-Panda program I paid for, and it is still saying pagefile.sys is there and it is a virus.
I then tried the the Cloud-Panda what you suggested, but with the Advanced Options (something about boot checking). This immediately had an error:
Setup: Error during Analysis.
I then check my Green-Panda program I paid for, and it is still saying pagefile.sys is there and it is a virus.
I then did the standard method of deleting the pagefile.sys:
Control Panel|System and Security|System|Advanced System Settings|Advanced|Performance|Settings|Advanced|Virtual Memory|Change
Uncheck Automatically Manage Paging File Size for All Drives
Click 'No Page Filing'
Click Set
Then click multiple OKs
Then reboot.
This deleted the file and the Green-Panda I paid for no longer complained.
So I returned (by checking again) the option of 'Automaticlly Manage Paging File Size for All Drives'.
After reboot the pagefile.sys reappeared and the Green-paid-for-Panda said it was a virus again.
What can I do? (Also, why does the Advanced option of the Cloud-Panda not work?)
-
- Official moderator
- Posts: 1568
- Joined: Tue, 24 Oct 2017, 12:04
Re: Virus detected JS/Sality.AO Location: C:\pagefile.sys
Do you have more machines on this LAN?
Technical support – Panda Security
www.pandasecurity.com
www.pandasecurity.com
Re: Virus detected JS/Sality.AO Location: C:\pagefile.sys
Yes, my brother's, but I do not want to do anything with that machine that could make it vulnerable.
-
- Official moderator
- Posts: 1568
- Joined: Tue, 24 Oct 2017, 12:04
Re: Virus detected JS/Sality.AO Location: C:\pagefile.sys
The issue is: probably, most sure, yoru brother´s machine is the infected one. switch off both machines.
Then turn on only yours
Scan it.
Inform on the results
Then turn on only yours
Scan it.
Inform on the results
Technical support – Panda Security
www.pandasecurity.com
www.pandasecurity.com
Re: Virus detected JS/Sality.AO Location: C:\pagefile.sys
My brother's machine only shares the same WiFi. The machines are not connected in any way other than that.
He has been away, so his machine has been turned off whenever I have done these scans on my machine.
So I am certain it is my machine that has the problem.
He has been away, so his machine has been turned off whenever I have done these scans on my machine.
So I am certain it is my machine that has the problem.
Re: Virus detected JS/Sality.AO Location: C:\pagefile.sys
Thank for the help.
It was seeming a permanent virus so I have done a Windows-Refresh (but keeping my personal files) and that has got rid of the virus. Pagefile.sys now scans without a virus and all is well.
It took about 3 hours to do the refresh of the windows operating system, and then about a whole Saturday to re-install all my programs. Overall, I think it was the most time optimal solution.
Before the refresh, something must have kept on replacing the pagefile.sys with a virused version, so it seemed pretty permanent.
Thanks again for the help though.
It was seeming a permanent virus so I have done a Windows-Refresh (but keeping my personal files) and that has got rid of the virus. Pagefile.sys now scans without a virus and all is well.
It took about 3 hours to do the refresh of the windows operating system, and then about a whole Saturday to re-install all my programs. Overall, I think it was the most time optimal solution.
Before the refresh, something must have kept on replacing the pagefile.sys with a virused version, so it seemed pretty permanent.
Thanks again for the help though.