ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
AMD Radeon Crimson ReLive ccc-slim Trojan?
davebit


Joined: 18 Jan 2016
Posts: 23
Location: America
Reply with quote
C:\AMD\Packages\Apps\Radeon-Crimson-ReLive-16.12.1-ccc-slim-161208WHQL\ccc-slim.msi: Win.Trojan.Agent-5309166-0 FOUND
C:\AMD\Packages\Apps\Radeon-Crimson-ReLive-16.12.1-ccc-slim-161208WHQL.exe: Win.Trojan.Agent-5309166-0 FOUND

How do I find out what exactly triggered it thinking these contained a Trojan? VirusTotal says they're clean, but how do I know they don't actually contain a Trojan or Trojan-like code that could be exploited nefariously?

https://virustotal.com/en/file/3cb17ad63483ffad69401940fb38462dd690eed69e301a51c2bcc6a80be455cb/analysis/
https://virustotal.com/en/file/1cda94c9bf4c3e01395cab41d51f83f1773677a727d306a44f8005d95655c897/analysis/
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4203
Location: USA
Reply with quote
Virus Total is pretty good. I think you can believe them. They scan with about 60 AVs now. Note the comment about the file being harmless--they don't do that for every file even if there are no detections.

If you are really extra concerned about malware infections, run a real-time AV and an antimalware program. There are lots of real-time AVs--some of them are free. The free versions of Malwarebytes antimalware and Zemana antimalware are good but they do not scan in real-time for free. Pick one of them (I like Zemana but it has some growing pains) and do a daily on-demand scan with it. Keep ClamWin as a backup scanner--updated hourly with daily scheduled scans of memory, user\appdata, system 32, sysWOW64, and windows\temp. That will give you good protection.

Regards,
View user's profileSend private message
davebit


Joined: 18 Jan 2016
Posts: 23
Location: America
Reply with quote
GuitarBob wrote:
Virus Total is pretty good. I think you can believe them. They scan with about 60 AVs now. Note the comment about the file being harmless--they don't do that for every file even if there are no detections.

If you are really extra concerned about malware infections, run a real-time AV and an antimalware program. There are lots of real-time AVs--some of them are free. The free versions of Malwarebytes antimalware and Zemana antimalware are good but they do not scan in real-time for free. Pick one of them (I like Zemana but it has some growing pains) and do a daily on-demand scan with it. Keep ClamWin as a backup scanner--updated hourly with daily scheduled scans of memory, user\appdata, system 32, sysWOW64, and windows\temp. That will give you good protection.


The lines in question came from a ClamWin scan (notice they show FOUND at the end of them).

You recommend running a real-time AV/AM program, but mention Malwarebytes and Zemana then mention they don't do real-time... so I don't know which ones you actually recommend for real-time scanning.

I already have ClamWin run weekly, I don't think it's worth the daily drive grind as I don't use the laptop every day.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4203
Location: USA
Reply with quote
I mentioned MBAM and Zemana free versions because they are good after-the-fact cleaners (in case you didn't want to use real-time), and they are free. I have paid licenses for lots of real-time AVs, but I use Forticlient on my tablet and Windows Defender on my desktop. I keep MBAM, Zemana, Microsoft Safety Scanner, and Kaspersky TDSS Cleaner on USB.

Regards,
View user's profileSend private message
davebit


Joined: 18 Jan 2016
Posts: 23
Location: America
Reply with quote
GuitarBob wrote:
I mentioned MBAM and Zemana free versions because they are good after-the-fact cleaners (in case you didn't want to use real-time), and they are free. I have paid licenses for lots of real-time AVs, but I use Forticlient on my tablet and Windows Defender on my desktop. I keep MBAM, Zemana, Microsoft Safety Scanner, and Kaspersky TDSS Cleaner on USB.

Regards,


OK, thanks Bob, I'll try those.
View user's profileSend private message
davebit


Joined: 18 Jan 2016
Posts: 23
Location: America
Reply with quote
GuitarBob wrote:
I mentioned MBAM and Zemana free versions because they are good after-the-fact cleaners (in case you didn't want to use real-time), and they are free. I have paid licenses for lots of real-time AVs, but I use Forticlient on my tablet and Windows Defender on my desktop. I keep MBAM, Zemana, Microsoft Safety Scanner, and Kaspersky TDSS Cleaner on USB.


Wait isn't a Microsoft Safety Scanner scan effectively the same thing as a Microsoft Security Essentials scan?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4203
Location: USA
Reply with quote
It is very similar to MS Windows Defender/Security Essentials, but I have seen my Windows Defender miss some PUPS ( potentially unwanted programs) that were detected in a subsequent MSERT (Saftey Scanner) scan. I'm sure they will both catch the real bad malware. There can be a difference difference between a real-time scan and an on-demand scan. A real-time scanner has to react quicker than an on-demand scanner, which might be able to employ more resources in detection.

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 561
Location: **UNKNOWN**
Reply with quote
Sorry if this comes late, but you can actually delete the entire C:/AMD folder, as there is anything important there. It is only a backup copy of the setup files.
View user's profileSend private message
davebit


Joined: 18 Jan 2016
Posts: 23
Location: America
Reply with quote
Is there some way to figure out why ClamWin thinks Win.Trojan.Agent-5309166-0 is in these AMD files or what this actual "Trojan" is? I'm having a hard time getting any specific or pertinent info, my searches for it seem to just give useless or generic or hard-to-understand info.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4203
Location: USA
Reply with quote
That would be hard to determine. The Clam AV signatures used by ClamWin consist of various types: file hashes, bits of code (strings), and bytecode or other "heuristics". You would have to get the Clam AV people to tell you what they used. Most likely, the signatures detecting your files consist of strings/code that can be used by either malware and goodware, and Clam AV did not have any relevant goodware on the false positive "farm" that it uses to check its signatures before they are published.

I really wouldn't worry about this. Just upload the files to Clam AV and tell them about the false positive(s). You can whitelist the files yourself (if interested) in ClamWin, but that will not do anyone but you any good--it's better to tell Clam AV about the false positives.

Let us know if there's anything else we can do to help with this. Otherwise, I think we've covered it enough.

Thanks for using ClamWin!

Regards,
View user's profileSend private message
AMD Radeon Crimson ReLive ccc-slim Trojan?
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic