ClamWin Free Antivirus :: View topic

Posted: Thu Jul 08, 2021 3:39 am

Scan Started Wed Jul 07 13:46:38 2021

[b] I scanned my drive on the above date using Clamwin 0.103.2.1 and got the following message:

C:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmorDevUI.exe: Win.Ransomware.Encoder-9846353-0 FOUND
Unloading program C:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmorDevUI.exe from memory
WARNING: Unable to unload process from memory
C:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmorDevUI.exe: Removed.

Will OSArmor mess up my machine?

OSArmor was recommended to me to use as a shield. I didn't know that it is ransomware. All I'm trying to do is stop most unwanted software and viruses before they can enter my computer and I figure that running regular scans will get rid of what's left.

Posted: Thu Jul 08, 2021 5:01 am

No Virus Thanks is probably not malware. I have used it myself and I think it is a good program that provides some additional protection to a user.

ClamWin detection depends upon the scanning engine and virus signatures provided by the Clam AV program for Linux email servers. The ClamWin developers prepare a Windows port from the Clam AV Linux code to come up with ClamWin. Unfortunately, the Clam AV virus database is not nearly enough if you are a regular Windows user. The Clam AV signatures are also not quite as good as most of the signatures from other Windows AVs. It gives more false detections (false positives) due to this. Clam AV is free from Cisco, who doesn't devote much time/effort to it because it is free.

I am pretty sure this is a false positive. You can upload any file to Virus Total on the web and scan it with 60 AVs, including Clam AV.
If several of the large AVs say something is infected, you can usually believe it.

Thanks for using ClamWin!

Regards,