HEUR:Trojan.PowerShell.generic on pagefile.sys could be false positive?

[thirossato]

Kaspersky keeps detecting this as virus, but when I click on resolve button, it kind of only update the detection date and time.

I’ve tried to remove it using Kaspersky Virus Removal tool, but it didn’t detect it on scan. Tried with rescue disk, and other brands tools like malwarebytes. None of them detected this.

Should this be a false positive?

[Berny]

@thirossato Welcome.

Can you unhide the protected operating system files and locate “pagefile.sys” ?
 

[thirossato]

@thirossato Welcome.

Can you unhide the protected operating system files and locate “pagefile.sys” ?
 

Yes I can, it is on “C:”

 

[Berny]

@thirossato Please submit the file here  https://opentip.kaspersky.com/  and ask for “Reanalyze”

[thirossato]

@thirossato Please submit the file here  https://opentip.kaspersky.com/  and ask for “Reanalyze”

@Berny When I try, I receive a message saying that file is in use for another program

[Berny]

@thirossato How much RAM do you have on your system, please close all running applications ?

[thirossato]

@Berny that is not possible, the file have more than 2gb, and the analyze tool allows only files up to 256MB. Even so, I believe that this file is used by the system somehow, I tried to check that with Process Explorer, and looks like no process is using it.

 

[Berny]

@thirossato Please contact Kaspersky Technical Support :

https://my.kaspersky.com/techsupport#/requests/new 

[Wesly.Zhang]

Hello,

This file can be deleted by following step If the system memory is above 4GB!

After do that, Please reboot PC. Because of deleting pagefile.sys by OS, The period of reboot may take a while time, Please be patient.

Notice/Imporant!   If the pagefile.sys has been deleted. Please turn the settings back !!! and reboot PC again.

Regards.

[Apoio10]

Apoio Secure is best antivirus for cleaning computer and protect your computer from virus and trojan.
download from apoiosecure.us