In fact, all the programs which I've been using for years were detected and subsequently quarantined. I've had to use Internet Explorer to re-download Opera and Firefox, while some other programs I'll have to make do without for now. However, the current checks seem a little...too stringent to me if they detect widely-known safe programs like the above.

I have a question too. When I performed the scan I used 'move to quarantine folder' as well as 'unload infected programs from computer memory'. Apparently (I'm no computer expert) this caused my computer to 'forget' where Opera was installed, which is why when I redownloaded it all my favourites and history and everything were still there. Is there an easy way to undo this? I sure don't want to go searching for them all again...

Thanks.

this sound very very strange. Clamwin/clamav have never falsely recognised clean Firefox or Opera as a virus. It is possible that you indeed have a virus which attaches tro firefox or opera. Could you paste some scan reports where it detects them?

I scanned my computer again yesterday with no results (no viruses)...but I'm sure the last time I did so, Clamwin detected just about everything on my computer that connects to the Internet except Internet Explorer and Clamwin itself. I can post the scan log, but it's very long indeed and I can't seem to attach it. This is an excerpt:

C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe: Worm.Gavir.A FOUND
C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.unins000.exe.002'
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe: Worm.Gavir.A FOUND
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.SpybotSD.exe'

I noticed the info you gave was all related to Spybot S&D--how long have you used it? Are you using the real-time monitor (I forget what it's called)? I just did a search on the virus database at ClamAV and couldn't find anything on a "Worm.Gavir.A." I dropped Spybot for the free version of Lavasoft's Ad-Aware SE because it seemed somewhat "quirky" with that RT monitor.

What happens when you do a rightclick from Explorer on Fire Fox, Opera or any other program you are having trouble with-(disable ClamWin's quarantine first)? Is this consistent with your full scans?

Regards,

I've been using Spybot Search and Destroy for a few months without problems (but I am using a real-time monitor, or whatever it's called. I recall seeing something of similar name). I also use Lavasoft's Ad Aware and it was also reported:

C:\Program Files (x86)\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe: Worm.Gavir.A FOUND
C:\Program Files (x86)\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.Ad-Aware.exe'

As well as Firefox:

C:\Program Files (x86)\Mozilla Firefox\uninstall\uninstall.exe: Worm.Gavir.A FOUND
C:\Program Files (x86)\Mozilla Firefox\uninstall\uninstall.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.uninstall.exe'
C:\Program Files (x86)\Mozilla Firefox\firefox.exe: Worm.Gavir.A FOUND
C:\Program Files (x86)\Mozilla Firefox\firefox.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.firefox.exe'

And Opera:

C:\Program Files (x86)\Opera\Opera.exe: Worm.Gavir.A FOUND
C:\Program Files (x86)\Opera\Opera.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.Opera.exe'

And Adobe Acrobat Reader:

C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\AcroRd32.exe: Worm.Gavir.A FOUND
C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\AcroRd32.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.AcroRd32.exe'

It's all Worm.Gavir.A, which I've no idea what it is unfortunately.

What do you mean do a rightclick from Explorer? I've since reinstalled all the above programs so I'm not sure if it's still possible. When Clamwin quarantined them all I did use left-click, which would say something like "cannot find Opera.dll" (but all the favourites and cookies are still there; I discovered that at once when I reinstalled Opera).

Thanks.

please oprn clamwin, go to help/about and then paste here the version information:
Mine is:
Version 0.88.6
ClamAV 0.88.6/2263
Virus DB version: main:41, daily 2263

also check if you have the following registry key (signo fo Worm.Gavir.A presence):
HKEY_LOCAL_MACHINE\Software\DownloadWWW

The day before I scanned it, it was version 0.88.5, which detected many programs (but not all) that connected to the internet (all of a sudden; the months before there were no problems). Then I updated it to 0.88.6, which then detected them all.

Version 0.88.6
ClamAV 0.88.6
Virus DB version: main 41, daily 2258

EDIT: How do I check that? Sorry, but I'm really quite clueless

Apparently, back in 2004 Sophos found a Windows worm that it called W32/Gavir-A. The worm downloaded a file from a remote location in the background on an infected computer. The downloaded file contained two trojans: Troj/BeastDo-R and Troj/Delf-GZ. The worm was probably around before you upgraded ClamWin to 0.88.6, but it looks like that version of ClamWin started finding it. I searched the ClamAV signature database again for the Gavir name without any luck. I'm sure 0other antivirus vendors have the worm in their databases. Perhaps you could get some help/instructions at other Websites--such as Kaspersky, McAfee, etc.

That's about all the help I can provide. Good luck.

Regards,