Pagfile & NOD32

This may be an idle brain ? but I get this error when scanning with NOD32 "C:\PAGEFILE.SYS - error opening [4]" I assume this is because the pagefile cannot be opened while Wk2 is running? I just want to make sure this is a normal response that others are seeing and if the pagefile cannot be scanned then why tell me? Just curious...

 

Hello,

Yes, it is.

No problem, no AV has access to the swapfile.

Rgds,

 

I think his point was though why tell him if no av has access to the swap file. I was very curious myself when I got NOD32 and got this error message. I had never seen that with the antivirus programs I had used before and so I thought it was an important error!! I had to ask to find out it is irrelevant. I think NOD 32 should just be silent about it.

 

Here is some background info on that file for you.


"Windows XP" is realy NT5.1 and "Windows 2000" is really NT5.0, so
they use the NT name for swapfiles: pagefile.sys. (Windows doesn't
really swap arbitrary memory objects, it swaps-in and -out "pages" of
typically 4K in size. Hence, pagefile.sys is really a "paging" file.)

They also allow multiple pagefile.sys swapfiles on other partitons, as
long as there's at least a 2MB pagfile.sys in the partition in which
the OS is installed.

The ".sys" extension doesn't mean that it's
a driver or a service. Such naming consistency apparently only applies to the rest of us, not to MSFT.






How to Delete the Pagefile.sys File in Recovery Console
Microsoft Knowledge Base Article - 255205
The information in this article applies to:
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server

http://support.microsoft.com/default.aspx?scid=KB;en-us;q255205



How do I delete Pagefile.sys in the Recovery Console?



Pagefile.sys is NOT accessible in the Recovery Console.

You can't see it and you can't delete it, UNLESS:

1. Switch to the drive root (CD \).

2. Copy c:\boot.ini pagefile.sys

3. DEL pagefile.sys





MANIPULATE YOUR PAGEFILE.SYS

The page file, also known as the swap file, is one of the most important
files on the Windows NT system. Without the page file, the system would
still boot, but it would appear to be standing still instead of running.

Think of the page file as an extension of the computer's memory. When
several applications run at the same time, more memory is required than
what the computer contains. When this happens, the operating system copies
the applications that are currently not running to a file on the disk,
which frees the memory for running applications.

By default, Windows NT creates a page file on the system drive in a file
called Pagefile.sys. You can change the size and location of the file
but not its name. Here's how:


1. Open Control Panel, double-click the System icon, and go to the
Performance tab.

2. Click the Change button and the Virtual Memory dialog box will
appear. The page file settings exist on this dialog box.


It's possible to have more than one Pagefile.sys. In fact, a page file
can be placed on each partition. Depending on the system setup, this can
have either good or bad side effects. We'll discuss this in greater detail
in future Windows NT tips.

http://www.pchelper.com/article.php?sid=236
_________________________
General Information -

The page file is a special file used by windows for holding temporary data which is swapped in and out of physical memory in order to provide a larger virtual memory set.

The file name is pagefile.sys and it is created during setup in the Root of the boot drive as a hidden file. It will not show up on an Explorer file listing unless you toggle off the "Hide system Files" option. In its default state it should be approximately 1.5 times the system RAM.

Here are some tips on optimizing the use of pagefile.sys file...

Avoid having the page file on the same drive as the system files
Don't place pagefiles on multiple partitions of the same physical hard drive.
Don't put pagefiles on mirrored or RAID-5 partitions
Configuring -

A page file can be individually set for each drive by doing the following.

On the desktop, right click "My Computer"
Select "Properties" from the provided selection list.
Click the Advanced Tab on the top right of the window
Click the "Performance Options..." button
Click the Change button, the "Virtual Memory" window will open.
At this point you can select the drive from the provided list and then type in the amount of memory you want dedicated to the swap file in the provided text boxes. A box is provided for the initial size and the maximum size. Simply enter the amount and click the Set button.

My personal belief is that using the same value for both the initial and maximum would improve performance and cut down on possible fragmentation.



Configuring the Pagefile -
KB article Q197379 - Configuring the Page Files for Optimization and Recovery

The article above describes how to perform this operation.

http://support.microsoft.com/default.aspx?scid=KB;en-us;q197379


Problems with Page File -

Problems with permissions can prevent the page file from working properly. Removing the Everyone Group might cause this problem. NTFS needs the Everyone Group with Full Control permission on the root drive ( KB Q130016 ).
http://support.microsoft.com/default.aspx?scid=KB;en-us;q130016


The solution of course is to make sure the group Everyone has full permissions on the root drive.

Another fix is to change the security of the drive containing the page file by adding SYSTEM to the permissions. This is done by right clicking the C drive, Select Properties, Click the Security Tab, Click the Advanced Button, Click the Add button, Select SYSTEM from the selection list and click the OK button.



KB article Q255205 - How to Delete the Pagefile.sys File in Recovery Console

The "Recovery Console" is a Start-up option you can install which helps you gain access to your Windows 2000 installation to replace damaged files and disable or enable services.

The Recovery Console takes about 7MB of hard disk space.

The recovery console can also be started from the Windows CD disk or from the start up disks.

http://support.microsoft.com/default.aspx?scid=KB;en-us;q216417


How to Delete the Pagefile.sys File in Recovery Console
The Pagefile.sys file is not accessible when you are in Recovery Console. To work around this behavior, copy another file to the Pagefile.sys file. After you copy a file to Pagefile.sys, the Pagefile.sys file is displayed and can then be deleted. ...see KB link above.
http://support.microsoft.com/default.aspx?scid=KB;en-us;q255205

http://www.techadvice.com/win2000/p/page-file_w2k.htm

 

Mele20, that was part of the question, yes, simply because I had understood that the pagefile was not normally accessable while windows is running. For instance, I use a small app called pagedfrg.exe that runs at restart prior to windows starting.

Jack, thanks for the clarification.

But because NOD32 made a point of listing this as an error, it lead me to wonder why and was it something to be concerned about? Otherwise why tell me about it?

So I am still confused on that point. What is the value of this prompt?