ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Abt Pua.win32.packer
waqas1985


Joined: 12 Jun 2012
Posts: 2
Reply with quote
my problem is that Smile in this month of june i saw this malware while scanning ma files over joti or virustotal that calm av detect PUA.Win32.Packer.MasmTasm-3 ....... i made scan with avast, kasper, avira, etc use all application bt its show that ma pc is not infected and its fully clean ......... bt problem is that if a download a clean exe from a web of a yahoo tool or etc ..... then how can it infected with out clicking ......... even i formated ma hard & partition ....... bt ..... i just want to know following things ?

1, what is PUA.Win32.Packer.MasmTasm-3 ??
2, is it harmfull ??
3, y antivirus not detecting it if its most active malaware of this month lyk calm av statistic




and most important think that i would lyk to ask from all of u pplz...

this is old scan of a exe taken in December 2011
http://virusscan.jotti.org/en/scanresult/3b0323f1b8ee14344c2943b2a18618523f1bc5e8/61175517acb3276bd616a678eb8954ac40af94f6

in this scan Calm Av show or detect nothing

i just download this exe.... and put for scan didnt open it as well

bt now calm av shows that its contain PUA.Win32.Packer.MasmTasm-2
http://virusscan.jotti.org/en/scanresult/61175517acb3276bd616a678eb8954ac40af94f6

how can this possibel that with out opening a tool some thing binded to it .... in other hand ma pc is totaly clear

need a detail response about this issue Smile and help
thanx in advance
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4491
Location: USA
Reply with quote
Please turn off PUA detection, and do not use it again. It is broken!

PUA detection (Potentially Unwanted Applications) is for detecting files that are packed with packers used by malware or tools that could be used by malware (such as keyloggers, remote admin tools, some scripts, etc.). The problem is that both malware and "good" programs can use the same packers. Many "good" websites also use java scripts and other scripts that are put in your temporary internet folder that will be detected as PUA files. Many businesses use remote administration tools as well.

Since PUA detection is optionally selected by the user, Clam AV (Clam AV furnishes its scan engine and virus signatures to
ClamWin) does not make any adjustment to its PUA signatures. The PUA.Win32.Packer detections will detect many, many, many, many, many, many, good programs. If you use PUA detection with quarantine, it will quarantine important files in error, and you will not be able to restore them--because it will also quarantine the ClamWin quarantine restore program!

Use ClamWin to detect real viruses--not PUA. One last time... Do not use PUA detection. It is broken!

Regards,
View user's profileSend private message
waqas1985


Joined: 12 Jun 2012
Posts: 2
Reply with quote
u did not understand ma question........


i posted 2 virus scan report one is old and one is new ,.......... in old scan report u see....... calm av didnt detect any pua win 32 packer........ bt when i scan the clean tool now its show there is pua . win 32 ...............

question ?? how can calm shows pua win32 packer in a clean program ...??

em downloading a clean tool from a web ???????? with out opening it i just first put in to for scan........ and just only Calm AV shows that there is pua win 32 packer in this tool............. y calm shows now ?? y not before ?? u can see both virus scan report ???
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4491
Location: USA
Reply with quote
No, I understand you. Clam AV (they furnish their scan engine and virus signatures to ClamWin) has recently published many PUA.W32.Packer signatures that will detect many "good" files that should not be detected. Clam will probably not change the PUA signatures, so they will continue to detect many "good" files. In a recent test the PUA detection quarantined my copy of ClamWin, ClamWin restore, Clam Sentinel, Clam Sentinel restore, Panda Free Cloud AV, and many other programs. It took me about 45 minutes to fix things, and I still cannot use Panda Free Cloud AV. Even if Clam is forced to change the PUA signatures, PUA will still detect many files that it should detect.

As I said, please turn off your PUA detection, and never use it again. We only want ClamWin to detect "real" viruses--not "potentially unwanted applications." PUA is broken! Do not use it! If you also use Clam Sentinel, turn off PUA there. The Clam Sentinel heuristics will tell you if a file is malicious, and they are much better than the Clam AV PUA.

Regards,
View user's profileSend private message
Hannah25


Joined: 22 Nov 2018
Posts: 1
Location: London
Reply with quote
Thank you alch, Unfortunately, I don't have a back up of the whole hard drive just the "my documents" folder. This scan log you mention, where do I find it? ClamWin has quarantined itself as well so should I reinstall the new version 0.96.4? Thank you.

PS I don't know how to use a batch file to restore the quarantined files. Is there some tutorial which might guide me?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4491
Location: USA
Reply with quote
The scan log is probably in C:\ProgramData\.clamwin\log on your computer. The ClamWin quarantine folder has an accompanying text file for each quarantine item to identify where the quarantined file came from to help ClamWin restore it. You can run the ClamWin Qrecover program located in the C:\Program Files (x86)\ClamWin\bin folder to restore quarantined files. Find the Qrecover.exe program and click/double click to run it. Even if you have a lot of files, the Qrecover should be able to restore each one. Qrecover is pretty easy to use. Even if ClamWin does not work, Qrecover probably will work. You should whitelist/exclude ClamWin from scanning the folder(s) from which many files were quarantined, rather than whitelist/exclude each one.

If you continue using ClamWin, by all means update to the latest version--always run the latest version.

Let us know how it goes.

Regards,
View user's profileSend private message
Abt Pua.win32.packer
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic