ubuntu cannot remove win32:Poison-DE in pagefile.sys

Asked by Colin Thompson on 2010-04-28

Ubuntu found the following virus but cannot remove it to the quarantine chest ----- win32:Poison-DE in pagefile.sys

Please advise a solution

Thankyou

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu clamav Edit question
Assignee:
No assignee Edit question
Last query:
2010-05-03
Last reply:
2010-05-04
Przemek K. (azrael) said : #1

You can just delete the pagefile.sys file - Windows will recreate it on next boot. pagefile.sys is a swap file in Windows - in other words - it's a place on disk where Windows writes data when it's out of RAM.

Tom (tom6) said : #2

Hi :)

Yup. Delete "pagefile.sys". This type of answer is NOT always the best but with pagefile it is fine.

Windows and linux both use swap to cache stuff in to allow hard-drives and stuff to read ahead to ensure that the cpu always gets its data fast enough for it. I think the simplest way of looking at it is that data is copied from the hard-drive to swap, then to Ram, then to L2 cache on the cpu & then to L1 cache on the cpu & then gets processed by the cpu. The results from the cpu then often get dumped back down to ram & swap before going on to the drives or off to the network/internet, display or where-ever.

Swap is often called "Virtual Memory" and the total memory of a system is often thought to be = Swap + Ram. Linux also uses the swap to store the entire contents of ram if the machine is sent into sleep or hibernate modes because Ram can't retain data when it receives no power. Windows has a different way of handling sleep/hibernate i am pretty sure.

So, swap really only contains data that is only needed while the power is on. When the machine is powered down it doesn't need to retain anything.
Good luck and regards from
Tom :)

Tom (tom6) said : #3

Hi :)

Please let us know how this is going?

Regards from
Tom :)

Colin Thompson (colmerl) said : #4

Many thanks for your instructions.  I have deleted the pagefile.sys okay, but the virus still persists, so I reckon that I will have to re-format the hard drive.

Once again,

Many thanks for your assistance.

Regards,

Colin

--- On Thu, 29/4/10, Tom <email address hidden> wrote:

From: Tom <email address hidden>
Subject: Re: [Question #108638]: ubuntu cannot remove win32:Poison-DE in pagefile.sys
To: <email address hidden>
Date: Thursday, 29 April, 2010, 21:34

Your question #108638 on firefox-3.5 in ubuntu changed:
https://answers.launchpad.net/ubuntu/+source/firefox-3.5/+question/108638

Tom proposed the following answer:
Hi :)

Please let us know how this is going?

Regards from
Tom :)

--
If this answers your question, please go to the following page to let us
know that it is solved:
https://answers.launchpad.net/ubuntu/+source/firefox-3.5/+question/108638/+confirm?answer_id=2

If you still need help, you can reply to this email or go to the
following page to enter your feedback:
https://answers.launchpad.net/ubuntu/+source/firefox-3.5/+question/108638

You received this question notification because you are a direct
subscriber of the question.

Tom (tom6) said : #5

Hi :)

You are doing the virus scanning from the command-line or from clamtk?

You have emptied your wastebin? to completely get rid of pagefile.sys? Have you updated the virus definitions and done another full recursive scan?

Before considering reinstall Windows & before wiping the Windows partition please remember to back-up all the data. Windows tends to hide stuff in "Applications Data" for cameras and stuff & templates and all kinds of stuff so it means really digging around :(

Good luck and regards from
Tom :)

Colin Thompson (colmerl) said : #6

Hi Tom,
Many thanks for your interest and help.  I feel that I have tried everything now.  I hope next week to talk to a colleague at work who is a lot more computer literate than me.  As you have warned me I need to ensure that my files are properly backed up before doing a re-format of the hard drive.

Once again many thanks for your help.

Regards,

Colin

--- On Sat, 1/5/10, Tom <email address hidden> wrote:

From: Tom <email address hidden>
Subject: Re: [Question #108638]: ubuntu cannot remove win32:Poison-DE in pagefile.sys
To: <email address hidden>
Date: Saturday, 1 May, 2010, 15:32

Your question #108638 on firefox-3.5 in ubuntu changed:
https://answers.launchpad.net/ubuntu/+source/firefox-3.5/+question/108638

    Status: Open => Answered

Tom proposed the following answer:
Hi :)

You are doing the virus scanning from the command-line or from clamtk?

You have emptied your wastebin? to completely get rid of pagefile.sys?
Have you updated the virus definitions and done another full recursive
scan?

Before considering reinstall Windows & before wiping the Windows
partition please remember to back-up all the data. Windows tends to hide
stuff in "Applications Data" for cameras and stuff & templates and all
kinds of stuff so it means really digging around :(

Good luck and regards from
Tom :)

--
If this answers your question, please go to the following page to let us
know that it is solved:
https://answers.launchpad.net/ubuntu/+source/firefox-3.5/+question/108638/+confirm?answer_id=4

If you still need help, you can reply to this email or go to the
following page to enter your feedback:
https://answers.launchpad.net/ubuntu/+source/firefox-3.5/+question/108638

You received this question notification because you are a direct
subscriber of the question.

Tom (tom6) said : #7

Hi :)

You should only need to backup your Windows files if you do plan to do a full reinstall but since it's Windows i would tend to play it safe and backup everything. One of the problems with Windows is that it does not keep all the users data together and many programs scatter things like photo albums all over the place.

Actually i would really recommend just leaving Windows the ways it is. Reinstalling Windows is too painful and really not worth the effort. I would reinstall Windows inside a virtual machine inside Ubuntu. Since it is just a reinstall to the same hardware you should be able to use the same product/licence key and many people go this route with Windows.

Since Windows is then on a stable linux platform and effectively slightly "sandboxed" it doesn't matter so much if it ever does get infected. Also i think it's easier to cut&paste between the 2 platforms this way, allowing a more seamless integration between them.

The default virtual-machine program in Ubutnu (and many other distros) is Virtualbox and it's worth having a quick play with it to see what i mean. I don't think you will have any trouble working it out as it is nothing like as complicated or scary as it sounds.

From the top taskbar click on

System - Administration - Synaptic

and use either search tool to find "virtualbox" and install it.
Good luck and regards from
Tom :)

Can you help with this problem?

Provide an answer of your own, or ask Colin Thompson for more information if necessary.

To post a message you must log in.