ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
This topic is locked: you cannot edit posts or make replies.
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
Well actually, Cisco owns ClamAV, so it should be their responsibility to take over. I have seen some new guys publish signatures in the past 6 months, as well. Alain is the head of the ClamAV sig team and Shaun usually works on the FP side of ClamAV, but ever since VT did their FP thing, I haven't seen him push any updates to fix FPs.

So I guess, we should be complaining the Cisco to take better care of their product, especially considering they are a big time commercial company and they are the ones who bought it out.

And also, Oracle does not own ClamWin. Where did you read this?
View user's profileSend private message
jimimaseye


Joined: 04 Jan 2014
Posts: 95
Reply with quote
ROCKNROLLKID wrote:

And also, Oracle does not own ClamWin. Where did you read this?

I didnt. I just remember you guys somewhere saying someone owning something somewhere after buying them. (So its Clam and Cisco). I was close. Laughing
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4631
Location: USA
Reply with quote
The "volunteers" are all Cisco employees now--there are no more open source reps. Since Clam is not a money-making effort, it gets Cisco employee attention when they have the time for it.

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
As long as ClamAV, ClamWin, and Snort remain open-source, I will be happy. I wonder what they have in-stock for 1.0, or whatever major update comes next.

By the way, has anyone been able to figure out how to get Snort to run on Windows?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4631
Location: USA
Reply with quote
Re: Snort on Win: I've given up using anything that requires the user to jump through hoops--Python, Ruby, or otherwise in order to install it. Lots of AVs now have some behavior blocking (to a greater or lesser degree), and that is sort of a substitute for IDS like Snort.

Regards,
View user's profileSend private message
jimimaseye


Joined: 04 Jan 2014
Posts: 95
Reply with quote
UPDATE: Another night, another scan....but POSITIVE change.

Of the initial 5 FP's, (we know one was removed a couple of days ago leaving 4)....now over night only 1 remains:
D:\INSTALLATIONS\McAfee\MCPR.exe: Win.Trojan.Ramnit-8178 FOUND

Note: this, and the others that have now been rectified had NOT been uploaded and checked with Virustotal by me (I hadnt got round to it) so the removal of it seems to be purely down to me reporting them via the clam FP page.

(Took them 9 nine. Still leaves me scratching my head why this last one was left behind though. )
View user's profileSend private message
False Alarm
SQ


Joined: 12 Feb 2016
Posts: 1
Reply with quote
Hello,

Your poduct kill yourself, web-server IIS, and can kill Windows Server 20012 R2

https://www.virustotal.com/ru/file/f36e888de62f5ab6758cf9fb4f614dc4a45ee596d5d27358c581794d09435b27/analysis/1455268739/

Quote:
C:\Program Files (x86)\ClamWin\bin\python23.dll: Win.Trojan.Bancos-2115 FOUND
C:\Program Files (x86)\ClamWin\bin\python23.dll: moved to 'C:\ProgramData\.clamwin\quarantine\python23.dll.infected'
C:\Program Files (x86)\ClamWin\lib\_sre.pyd: Win.Trojan.Bancos-2115 FOUND
C:\Program Files (x86)\ClamWin\lib\_sre.pyd: moved to 'C:\ProgramData\.clamwin\quarantine\_sre.pyd.infected'
C:\Program Files (x86)\ClamWin\lib\_ssl.pyd: Win.Trojan.Bancos-2115 FOUND
C:\Program Files (x86)\ClamWin\lib\_ssl.pyd: moved to 'C:\ProgramData\.clamwin\quarantine\_ssl.pyd.infected'
C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll: Win.Trojan.Bancos-2115 FOUND
C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll: moved to 'C:\ProgramData\.clamwin\quarantine\pythoncom23.dll.infected'
C:\Program Files (x86)\ClamWin\lib\shell.pyd: Win.Trojan.Bancos-2115 FOUND
C:\Program Files (x86)\ClamWin\lib\shell.pyd: moved to 'C:\ProgramData\.clamwin\quarantine\shell.pyd.infected'
C:\Program Files (x86)\ClamWin\lib\wxc.pyd: Win.Trojan.Bancos-2115 FOUND
C:\Program Files (x86)\ClamWin\lib\wxc.pyd: moved to 'C:\ProgramData\.clamwin\quarantine\wxc.pyd.infected'
C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll: Win.Trojan.Bancos-2115 FOUND
C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll: moved to 'C:\ProgramData\.clamwin\quarantine\wxmsw24h.dll.infected'
C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd: Win.Trojan.Bancos-2115 FOUND
C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd: moved to 'C:\ProgramData\.clamwin\quarantine\_bsddb.pyd.infected'
C:\Program Files (x86)\ClamWin\bin\libclamav.dll: Win.Trojan.Bancos-2115 FOUND
C:\Program Files (x86)\ClamWin\bin\libclamav.dll: moved to 'C:\ProgramData\.clamwin\quarantine\libclamav.dll.infected'
C:\Program Files (x86)\ClamWin\bin\libclamav_llvm.dll: Win.Trojan.Bancos-2115 FOUND
C:\Program Files (x86)\ClamWin\bin\libclamav_llvm.dll: moved to 'C:\ProgramData\.clamwin\quarantine\libclamav_llvm.dll.infected'


C:\Windows\SYSTEM32\inetsrv\ModSecurityIIS.dll: Win.Trojan.Bancos-2115 FOUND
C:\Windows\SYSTEM32\inetsrv\ModSecurityIIS.dll: moved to 'C:\ProgramData\.clamwin\quarantine\ModSecurityIIS.dll.infected'
C:\Windows\SYSTEM32\inetsrv\libaprutil-1.dll: Win.Trojan.Bancos-2115 FOUND
C:\Windows\SYSTEM32\inetsrv\libaprutil-1.dll: moved to 'C:\ProgramData\.clamwin\quarantine\libaprutil-1.dll.infected'
C:\Windows\SYSTEM32\inetsrv\libxml2.dll: Win.Trojan.Bancos-2115 FOUND
C:\Windows\SYSTEM32\inetsrv\libxml2.dll: moved to 'C:\ProgramData\.clamwin\quarantine\libxml2.dll.infected.000'
C:\Windows\SYSTEM32\inetsrv\lua5.1.dll: Win.Trojan.Bancos-2115 FOUND
C:\Windows\SYSTEM32\inetsrv\lua5.1.dll: moved to 'C:\ProgramData\.clamwin\quarantine\lua5.1.dll.infected'

C:\Windows\assembly\NativeImages_v2.0.50727_32\System\4976746d2f27ea6b60301a84d6c3e4be\System.ni.dll: Win.Trojan.Bancos-2115 FOUND
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\4976746d2f27ea6b60301a84d6c3e4be\System.ni.dll: moved to 'C:\ProgramData\.clamwin\quarantine\System.ni.dll.infected'
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\12c5330f4a7fbf221679f6223d48408f\System.Web.ni.dll: Win.Trojan.Bancos-2115 FOUND
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\12c5330f4a7fbf221679f6223d48408f\System.Web.ni.dll: moved to 'C:\ProgramData\.clamwin\quarantine\System.Web.ni.dll.infected'
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ee6d89830b1aea077e5fc12fb95df6a0\System.Configuration.ni.dll: Win.Trojan.Bancos-2115 FOUND
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ee6d89830b1aea077e5fc12fb95df6a0\System.Configuration.ni.dll: moved to 'C:\ProgramData\.clamwin\quarantine\System.Configuration.ni.dll.infected'
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\49201f5658aca21352debffb85ff41df\System.Xml.ni.dll: Win.Trojan.Bancos-2115 FOUND
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\49201f5658aca21352debffb85ff41df\System.Xml.ni.dll: moved to 'C:\ProgramData\.clamwin\quarantine\System.Xml.ni.dll.infected'
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\7c638034e2e6f9aa208b3372732917ac\Microsoft.JScript.ni.dll: Win.Trojan.Bancos-2115 FOUND
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\7c638034e2e6f9aa208b3372732917ac\Microsoft.JScript.ni.dll: moved to 'C:\ProgramData\.clamwin\quarantine\Microsoft.JScript.ni.dll.infected'
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4866914f813d886206e4b507e5ffcc63\System.Web.Mobile.ni.dll: Win.Trojan.Bancos-2115 FOUND
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4866914f813d886206e4b507e5ffcc63\System.Web.Mobile.ni.dll: moved to 'C:\ProgramData\.clamwin\quarantine\System.Web.Mobile.ni.dll.infected'
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\60891b05589fad0aa016ead518199431\System.ServiceModel.ni.dll: Win.Trojan.Bancos-2115 FOUND
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\60891b05589fad0aa016ead518199431\System.ServiceModel.ni.dll: moved to 'C:\ProgramData\.clamwin\quarantine\System.ServiceModel.ni.dll.infected'
C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\213a039f8e64e876d997be8a933abae2\SMDiagnostics.ni.dll: Win.Trojan.Bancos-2115 FOUND
C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\213a039f8e64e876d997be8a933abae2\SMDiagnostics.ni.dll: moved to 'C:\ProgramData\.clamwin\quarantine\SMDiagnostics.ni.dll.infected'
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9056bdf1d8022eafb78c6bd805d3facc\System.Data.ni.dll: Win.Trojan.Bancos-2115 FOUND
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9056bdf1d8022eafb78c6bd805d3facc\System.Data.ni.dll: moved to 'C:\ProgramData\.clamwin\quarantine\System.Data.ni.dll.infected'
View user's profileSend private message
Re: False Alarm
jimimaseye


Joined: 04 Jan 2014
Posts: 95
Reply with quote
SQ wrote:
C:\Program Files (x86)\ClamWin\bin\python23.dll: Win.Trojan.Bancos-2115 FOUND
C:\Program Files (x86)\ClamWin\lib\_sre.pyd: Win.Trojan.Bancos-2115 FOUND
C:\Program Files (x86)\ClamWin\lib\_ssl.pyd: Win.Trojan.Bancos-2115 FOUND
C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll: Win.Trojan.Bancos-2115 FOUND
C:\Program Files (x86)\ClamWin\lib\shell.pyd: Win.Trojan.Bancos-2115 FOUND
C:\Program Files (x86)\ClamWin\lib\wxc.pyd: Win.Trojan.Bancos-2115 FOUND
C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll: Win.Trojan.Bancos-2115 FOUND
C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd: Win.Trojan.Bancos-2115 FOUND
C:\Program Files (x86)\ClamWin\bin\libclamav.dll: Win.Trojan.Bancos-2115 FOUND
C:\Program Files (x86)\ClamWin\bin\libclamav_llvm.dll: Win.Trojan.Bancos-2115 FOUND

Oh dear oh dear. Oh the irony! Sounds like the pattern for this definition is * (anything will match!) Laughing

I just tested and confirm that the last definition update does this (yesterdays defs didnt). Hope they dont take two weeks to fix this FP! Im turning off system drive scanning immediately. (Unbelievable!)
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4631
Location: USA
Reply with quote
Probably either a new sigmaker at Clam AV or a lack of testing of signatures before release. When I worked there, I tested sigs on my own Windows system before release--since Clam did not have many important Windows apps on its false positive "farm". The could at least do that to catch some FPs.

There is some PYD malware, but I didn't use to see very much. Maybe you could whitelist .pyd in certain folders.

Regards,
View user's profileSend private message
jimimaseye


Joined: 04 Jan 2014
Posts: 95
Reply with quote
GuitarBob wrote:

There is some PYD malware, but I didn't use to see very much. Maybe you could whitelist .pyd in certain folders.

If you look at his initial post you will see that it isnt just .PYD, many are DLL's. And whitelisting .DLL's is brainless (given that many viruses live in them) and .PYD's (given you have already said that there are some PYD malware).

I agree with you about the 'no testing' comment though. To be honest, I came to that conclusion about the sig makers a LONG time ago. Wink
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
Database number 21360 had a large number of false positive fixes. Does the false positives still exist after that update?
View user's profileSend private message
AnalogGuy


Joined: 12 Feb 2016
Posts: 4
Location: Southeast Mass.
Reply with quote
Hello,

I have been using ClamWin for many years, and have gotten used to going to Virus total to detect occasional false positives.

Today, I was hit with such a long list of warnings that I couldn't believe it! If you don't mind, I will post the Log file here.

Sorry, the copy and paste did not go well, and I couldn't re-paste it! As you see, Trojan.Bancos-2115 is endlessly mentioned. Sorry about the mess. If this problem can't be fixed by the daily database update, I doubt if I will continue using ClamWIn.

I'm not angry, I'm just trying to communicate my feelings on this. Thanks. Bob P.


Scan Started Fri Feb 12 07:26:44 2016------------------------------------------------------------------------------- *** Scanning Programs in Computer Memory *** *** Memory Scan: using ToolHelp *** *** Scanned 28 processes - 356 modules *** *** Computer Memory Scan Completed ***C:\HP\KBD\msg.dll: Win.Trojan.Bancos-2115 FOUNDC:\HP\KBD\onl.dll: Win.Trojan.Bancos-2115 FOUNDC:\Program Files\TOAST.net\Accelerator\cx_core.dll: Win.Trojan.Bancos-2115 FOUNDC:\Program Files\TOAST.net\Accelerator\components\NOWImaging.dll: Win.Trojan.Bancos-2115 FOUNDC:\Program Files\ClamWin\bin\python23.dll: Win.Trojan.Bancos-2115 FOUNDC:\Program Files\ClamWin\lib\_sre.pyd: Win.Trojan.Bancos-2115 FOUNDC:\Program Files\ClamWin\lib\_ssl.pyd: Win.Trojan.Bancos-2115 FOUNDC:\Program Files\ClamWin\lib\pythoncom23.dll: Win.Trojan.Bancos-2115 FOUNDC:\Program Files\ClamWin\lib\shell.pyd: Win.Trojan.Bancos-2115 FOUNDC:\Program Files\ClamWin\lib\wxc.pyd: Win.Trojan.Bancos-2115 FOUNDC:\Program Files\ClamWin\lib\wxmsw24h.dll: Win.Trojan.Bancos-2115 FOUNDC:\Program Files\ClamWin\lib\_bsddb.pyd: Win.Trojan.Bancos-2115 FOUNDC:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll: Win.Trojan.Bancos-2115 FOUNDC:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll: Win.Trojan.Bancos-2115 FOUNDC:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll: Win.Trojan.Bancos-2115 FOUNDC:\WINDOWS\system32\MFC71.DLL: Win.Trojan.Bancos-2115 FOUNDC:\WINDOWS\system32\ATL71.DLL: Win.Trojan.Bancos-2115 FOUNDC:\WINDOWS\system32\MSVCP71.dll: Win.Trojan.Bancos-2115 FOUNDC:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll: Win.Trojan.Bancos-2115 FOUNDC:\Program Files\ClamWin\lib\gizmosc.pyd: Win.Trojan.Bancos-2115 FOUNDC:\Program Files\ClamWin\lib\htmlc.pyd: Win.Trojan.Bancos-2115 FOUNDC:\Program Files\ClamWin\bin\libclamav.dll: Win.Trojan.Bancos-2115 FOUNDC:\Program Files\ClamWin\bin\libclamav_llvm.dll: Win.Trojan.Bancos-2115 FOUND----------- SCAN SUMMARY -----------Known viruses: 4256761Engine version: 0.97.8Scanned directories: 0Scanned files: 384Infected files: 23Data scanned: 134.68 MBData read: 0.00 MB (ratio 0.00:1)Time: 97.094 sec (1 m 37 s)

The following files are Digitally Signed by Microsoft Corporation and may have been incorrectly detected as viruses:C:\WINDOWS\system32\ntdll.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\winsrv.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\KERNEL32.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\USER32.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\RPCRT4.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\msvcrt.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\CRYPT32.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\WINSTA.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\SHELL32.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\SHLWAPI.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\ole32.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\OLEAUT32.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\CLBCATQ.DLL: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDc:\windows\system32\mstlsapi.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDc:\windows\system32\ACTIVEDS.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDc:\windows\system32\ATL.DLL: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\WININET.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDc:\windows\system32\qmgr.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\System32\netshell.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\System32\eappcfg.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDc:\windows\system32\certcli.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDc:\windows\system32\wscsvc.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\System32\Wbem\wbemcore.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\System32\Wbem\esscli.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\System32\Wbem\FastProx.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\comsvcs.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\System32\wbem\wmiprvsd.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\System32\upnp.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\System32\netcfgx.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\System32\wbem\wbemsvc.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\System32\actxprxy.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\BROWSEUI.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\SHDOCVW.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\urlmon.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\System32\webcheck.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\DSOUND.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\System32\NETUI1.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\Program Files\Common Files\System\OLE DB\oledb32.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\System32\msjet40.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\MSVCR100_CLR0400.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\dbghelp.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDC:\WINDOWS\system32\RICHED20.dll: [Win.Trojan.Bancos-2115] FALSE POSITIVE FOUNDPlease do not be alarmed and help us by submitting the files identified above as FALSE POSITIVE at ............
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
Well I just did a memory scan on my system and I have no Win.Trojan.Bancos-2115 FP. Can you confirm your ClamWin is up-to-date (I assume it is but you never know)?
View user's profileSend private message
AnalogGuy


Joined: 12 Feb 2016
Posts: 4
Location: Southeast Mass.
Reply with quote
I have just done another virus database update at about 7 pm Friday Feb 12,(eastern time)..
Now, there are no problems. (I did the previous update earlier in the day, Friday Feb. 12, 2016).

This is a "Programs in memory" scan, which is what I most often do. But around once a week, I do a full scan.That one with all the errors was also a memory scan. I am using Windows XP SP3 Home on this machine, And I am on dial-up. From my many years on dial-up I find that I just about never get a virus or malware, but I still check the memory every single time I go offline.

----------- SCAN SUMMARY -----------
Known viruses: 4257432
Engine version: 0.97.8
Scanned directories: 0
Scanned files: 382
Infected files: 0

Data scanned: 134.58 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 89.844 sec (1 m 29 s)
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 562
Location: **UNKNOWN**
Reply with quote
Database number 21360 had a lot of FP fixes, so I assume it was fixed then and that was released in the morning of today.
View user's profileSend private message
Sudden malware or false positives?
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 4 of 7  

  
  
 This topic is locked: you cannot edit posts or make replies.