ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
ClamWin caught two viruses, then stopped
rem49


Joined: 17 Jan 2017
Posts: 1
Reply with quote
ClamWin has done this twice. Caught two viruses and then stops after a while. Does not complete. Ity has been sitting on this last file for six hours now:

Loading virus signature database, please wait... done
C:\Program Files (x86)\Citrix\GoToAssist Corporate\1165\archive\GoToAssist_Corporate_Customer.exe: Win.Adware.Browsefox-42691 FOUND
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe: Win.Worm.Chir-2600 FOUND
C:\Program Files (x86)\TurboTax\Home & Business 2014\Forms\1040_14\dhtmlhelp\taxhelp.xml: [ 4%]

How to make it complete the scan?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4388
Location: USA
Reply with quote
How long have you been using ClamWin before this started happening? Was ClamWin working okay for a while before this started happening?

Does ClamWin quarantine any virus file before this happens?

Make sure that you use a real-time antivirus program besides ClamWin. ClamWin is an on-demand scanner--it does not detect any viruses before you scan with it, and a virus can be active on your computer before a ClamWin scan. ClamWin is a "second opinion" scanner.

Regards,
View user's profileSend private message
davebit


Joined: 18 Jan 2016
Posts: 31
Location: America
Reply with quote
Found this thread through a Google search... I'm getting the same result for Dell SupportAssist:

C:\Program Files\Dell\SupportAssistAgent\DellConnect\GoToAssist_Corporate_Customer.exe: Win.Adware.Browsefox-42691 FOUND

Apparently it injects ads into webpages on my browser, though I don't know that I've ever noticed: https://www.bleepingcomputer.com/virus-removal/family/adware-browsefox/

I'm not sure what "42691" means though, it seems to only point back to ClamAV... can someone explain?


Last edited by davebit on Mon Apr 23, 2018 7:25 pm; edited 1 time in total
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4388
Location: USA
Reply with quote
Is this file detected by ClamWin during a normal scan or during a memory scan?

If you have had the Dell file/program on your computer for some time and have not noticed any problems, I wouldn't worry about it. Just whitelist (exclude) the file in ClamWin as C:\Program Files\Dell\SupportAssistAgent\DellConnect\GoToAssist_Corporate_Customer.exe and it shouldn't be detected any more. If the file bothers you, submit it to Virus Total. If Clam Av is the only AV detecting it, Virus Total will send a copy of the file to Clam AV so they can correct the signature. It might hurry things along if you also send the file to Clam Av via their Contact page.

I don't know what that message means. Perhaps someone (or a ClamWin developer) will join in here and enlighten us. The file designation is rather large--maybe ClamWin is trying to tell you this.

Let us know if you have any questions about this.

Regards,
View user's profileSend private message
davebit


Joined: 18 Jan 2016
Posts: 31
Location: America
Reply with quote
GuitarBob wrote:
Is this file detected by ClamWin during a normal scan or during a memory scan?


Normal scan I think... was a scheduled one every Sunday morning.

GuitarBob wrote:
If you have had the Dell file/program on your computer for some time and have not noticed any problems, I wouldn't worry about it. Just whitelist (exclude) the file in ClamWin as C:\Program Files\Dell\SupportAssistAgent\DellConnect\GoToAssist_Corporate_Customer.exe and it shouldn't be detected any more. If the file bothers you, submit it to Virus Total. If Clam Av is the only AV detecting it, Virus Total will send a copy of the file to Clam AV so they can correct the signature. It might hurry things along if you also send the file to Clam Av via their Contact page.


I don't know if it's a good or bad file though... I can't tell if ClamWin has detected something malicious or what. VirusTotal says 0/67, green for ClamAV through CAT-QuickHeal.

GuitarBob wrote:
I don't know what that message means. Perhaps someone (or a ClamWin developer) will join in here and enlighten us. The file designation is rather large--maybe ClamWin is trying to tell you this.

Let us know if you have any questions about this.

Regards,


Do the developers have a public detection list of types of viruses (like Win.Adware.Browsefox-42691)? A lot of times the numbers appended at the end of the detection only leads back to other people asking about it with ClamWin/AV. It would be nice to have a list of detections and numbers online like Microsoft has with their own scanner.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4388
Location: USA
Reply with quote
I don't know of any public list that Clam AV provides for its detections. If a file is only detected by Clam AV on Virus Total, it is most likely a false positive. Clam also does not detect many infected files on Virus Total. Virus Total normally gives notice to Clam AV when it is the only AV detecting a file so they can correct their signature; however, Clam AV does not always correct a signature. Remember that Clam AV is only a scanner for Linux email servers. Clam AV may sometimes ignore a false positive on a file that is not likely to appear on Linux email servers. Also, the amount of time that Cisco employees can spend on Clam AV signatures is limited, since Clam Av is not a revenue-producing project for Cisco. You can whitelist/exclude a file from ClamWin scans via the Tools/Preferences, Filters, Exclude Matching Filenames menu items.

I suggest that you use the whitelist/exclude option for any file which ClamWin has been falsely detecting for longer than a couple of weeks. You can also exclude unreasonably large files from ClamWin scans via the Tools/Preferences/Limits menu items or files that are not malware which ClamWin seems unable to process. The ClamWin default file limit is too large, and I recommend you set it to 30 MB. I have all my limits set to 30--files, archives, and subarchives. Some users/experts will not like the, but Most malware is found in files that are less than 1 MB in size. Besides, if you use a real-time AV scanner as primary scanner(as you should). the other AV will protect you in case there is malware in extremely large files. Finally, it might be helpful to know that most malware will be found in the Windows System32, SysWOW64, and %Appdata% folders.

This is about all the advice I can give. I hope it is helpful.

Regards,
View user's profileSend private message
ClamWin caught two viruses, then stopped
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic