Ridding a Windows OS NTFS partition of a virus, if one is found from a linux AV app.?

Edward78 · 4 Jun 2010 at 17:59

I got Avast for OpenSuSE 11.0 & did a scan of my Windows OS partition & it found one, but I was worried it would somehow mess windows up. The delete/move to chest box said it was the pagefile.sys file, just wondering if it would remove that whole file. Oh & can I set up Avast to have root privileges in my user account?

craptakular · 4 Jun 2010 at 19:14

Why do you have A/V on linux?

I wouldn't be running AV from linux on my windows HDD.

Why not boot into windows and virus scan from there?

mod1fied · 4 Jun 2010 at 20:00

Oxy said:
Why do you have A/V on linux?

I wouldn't be running AV from linux on my windows HDD.

Why not boot into windows and virus scan from there?

Avira Rescue CD boots a variation of Linux and will scan a hdd for viruses and attempts to repair/delete the files. So this would be similar using Avast and openSUSE.

@OP : If the virus has damaged key system files and the AV removes them you may as well reformat.

Edward78 · 4 Jun 2010 at 20:14

Oxy said:
Why do you have A/V on linux?

I wouldn't be running AV from linux on my windows HDD.

Why not boot into windows and virus scan from there?

In case Windows can't be cleaned from windows.

Plus, a oddity Avast 5 did a boot up scan & it found nothing. Why did the linux version spot a virus?? It is Avast also, maybe Avast for windows doesn't scan some files?

craptakular · 4 Jun 2010 at 20:16

Maybe Avast on linux found a false positive?

Edward78 · 4 Jun 2010 at 21:51

Oxy said:
Maybe Avast on linux found a false positive?

Maybe, pagefile.sys would still get scanned by the windows av right? I can post a pic tomorrow if you want.

Dj_Jestar · 4 Jun 2010 at 22:14

Set windows to clear the page file out next time you shut down, then run the scanner in linux to see if it is still there. The "virus" in pagefile.sys might be just the 'memory dump' of a file that has the same signature.. if you get what I'm on about?

masterluke · 5 Jun 2010 at 11:29

Just delete pagefile.sys from linux and reboot - Windows will recreate a clean one on startup. Simples! Probably a false positive but no harm done either way.

Edward78 · 5 Jun 2010 at 16:56

This is weird today it has found a new one in the same file

masterluke · 6 Jun 2010 at 10:02

did you delete the file before?

Edward78 · 6 Jun 2010 at 17:04

masterluke said:
did you delete the file before?

No, it is odd how it was not the same one though. I am thinking they are false positives. Asked about deleting pagefile.sys on another forum & not even using it in windows xp, I have 2 gigs of ram, they freaked. They said, that I need it. Avast for windows found nothing on the boot up scan.

masterluke · 7 Jun 2010 at 08:46

Its correct that you DO NOT want to run without a pagefile, but that isn't what I'm saying to do. When you delete it windows will create a new one transparantly. If you are worried then you could just rename to pagefile.backup or something so that if anything goes wrong you can put it back in.

Edward78 · 11 Jun 2010 at 06:25

Cool, I got the app. to run with root privileges, it asks me for pass. just like YaST2.

:Hides under sheet to stop noobieness from showing: