How can I scan my pagefile with my anti-virus app?

[slowday444]

Even though I have "show hidden files and folders" enabled and I think I've booted in safe mode, NOD32 can't access C:\hiberfil.sys (I've solved this by disabling hibernation since I never do that!) and C:\pagefile.sys. Like I said, "IF" I remember correctly, I've scanned after a safe mode boot and it still couldn't access them. I have no viruses, I just want to try it! Thank You!

[Andavari]

Not possible in Windows, normal mode or safe mode hence it's an in-use locked file. You'd have to have an OS like Win98 which you could boot in MS-DOS with to use a DOS virus scanner - but even then I have no ideal if a DOS antivirus scanner pays much attention to the pagefile. I have no ideal if a pagefile could contain an infection or not, but it's fairly easy to do a registry "tweak" to have the pagefile cleared by Windows when it shutsdown or restarts.

 

The "tweak" to have the pagefile cleared at shutdown and restart on WinXP is located here at http://www.kellys-korner-xp.com/xp_tweaks.htm, scroll down to #248 it's the one on the right 'Clear Page File on Exit - Undo'. If you use it make sure you download 'Clear Page File on Exit' and 'Undo' there's two downloads for that "tweak." Note: If you use it expect a long time for Windows to shutdown or restart.

[DjLizard]

The page file contains code and data segments from active programs that have been swapped to disk -- and if you have been infected with malware, pieces of the file may get swapped to disk. However, after you restart the computer, the page file becomes invalid for that session, and it basically ignores the data inside of it and begins overwriting it all over again. So, the page file can contain fragments of malware processes, but they are unusable in the page file form - nothing to worry about there. Besides, if you had an active infection, the page file is of little concern.

 

Modern DOS scanners (F-Prot, McAfee, and NavDX) do not scan hiberfil.sys nor pagefile.sys, as it is pointless, and extremely time consuming (since those files are usually on the order of 512 MB and up for each one). avast for DOS was not written so intelligently, and it will scan a page file (which takes forever) and will actually find malware code in it and end up deleting the file. It's easier just to have it deleted on shutdown, or ignore it. Tell your virus scanner to exclude it from future scans.

[Andavari]

Good explaination DJLizard!

Which would also be why antivirus companies recommend a cold boot to remove a memory virus.

[slowday444]

Thank you for the replies! My computer is as clean and safe as anyones out there. I have really reliable "anti" softwares and I never venture anywhere that is even remotely unsafe. Unfortunately, I'm rather obsessive about my pc and when an app says it can't do such and such I crave to know why! My computer literacy is probably still in the lower 25 percentile, maybe less (I'm about to be 58), however, since I got broadband (8/04) it has probably sored at least 1000%! My youngest of four children is a sophomore in college and my wife, the nurse, works 12hr shifts and every other weekend. I'm home alone after work for a few hours and mess with this more than my truck, especially during winter, so I keep learning from you all a little at a time!