ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
*Warning* for everyone
chaos31


Joined: 20 Dec 2006
Posts: 11
Location: Minnesota, USA
Reply with quote
Well someone in my house accidently installed a activeX popup file from web and it was nasty virus...within 10 min I had 20 new programso n desktop, IE/FF was going insane with 5 new toolbars and million pop ups, and every 5 seconds in my tray and program was poping up a balloon saying "Trojan found, click here to install great virus removal software".

hahaha....so I did a system restore and ran virusscan and it still found ito n here but was not affecting me anymore.

This virus was called: MediaobjectSetup.595.exe | Be very careful with this one.

Also I ran virus scan from 2 AM till 10:45 AM...found 9 infected files since last scan but my question is it did not completely finish but I'm almost certain it got the main parts of pc, should I just run a complete scan tonight when I have time?

Thanks and look out for this Smile
David
View user's profileSend private message
Toxteth O'Grady


Joined: 24 Dec 2006
Posts: 10
Reply with quote
So, this "infection" occurred while browsing? Once again proof that you can't do without an on-access scanner. On-demand is just not enough for situations like these.

It would have been interesting to see the result of a virus scan before that system restore. Just to see the number of infected items and whether ClamWin would have able to get rid of the infection altogether.
Anyway, glad you got things under control again. Cool That's the main thing.


And again I'm amazed by the time it takes to do a full system scan win this AV. Over 8 hours is just ridiculous.
I have only installed it a few days ago and have no experience with it myself, but from what I read in this forum these scans can take many hours.
Is the ClamAV engine that slow or do you guys all have huge hard drives filled with illegal p2p material? Wink
But seriously, does someone know, is ClamAV really that slow?
View user's profileSend private message
Trojan MediaobjectSetup.595.exe and Scan Time
GuitarBob


Joined: 09 Jul 2006
Posts: 4292
Location: USA
Reply with quote
Yes, it does seem that malware is getting harder to get rid of once you get it--another sign that they it is done for money now instead of notoriety. If you do a System Restore while malware is on your computer, the Restore point will include the malware--so watch that too.

The free AntiVir Personal Edition Classic antivirus program from Avira (Germany) is a good compliment to ClamWin. Let it take care of resident scanning, and it will also give you a second opinion on ClamWin scanned files.

Scan time for ClamWin depends upon your operating system, the number of files, and what else is running alongside the scan. Some help on scan time:

1)Filter ClamWin to scan only for "dangerous file extensions." Google for that topic to find them.
2) Break up a total scan into smaller components and schedule each component separately.
3)Exit other CPU-intensive programs that are running alongside ClamWin.
4)Support ClamWin so the team will be able to work on scan optimization at some point.

Regards,
View user's profileSend private message
MediaobjectSetup.595.exe
GuitarBob


Joined: 09 Jul 2006
Posts: 4292
Location: USA
Reply with quote
I did a search for that name in the ClamAV signature database and didn't find anything. I also searched for it on Google and two more search engines without any luck. How did you get that name? Sounds like you got some adware.

Regards,
View user's profileSend private message
drgoa.r


Joined: 20 Nov 2006
Posts: 66
Location: Bulgaria
Reply with quote
OT:
Quote:
1)Filter ClamWin to scan only for "dangerous file extensions."...

THIS for sure will increase dramatically scan speed. Tested with my setup here.
In one of my HDDs I have more than 200GB of Reason Refills (compressed closed file format, files contains only WAVs and etc. non-dangerous objects).
Clamscan tryes to uncompress them, making temporary files, etc...
Scanning of those 200GBs can take weeks. When I excluded them from the scan - it finishes in 30 minutes.
So, exclude such files, audios, movies, image files of DVDs (when you know what is on them already).
View user's profileSend private message
sherpya


Joined: 22 Mar 2006
Posts: 894
Location: Italy
Reply with quote
@drgoa.r
I'm working on a per filetype based exclusion (not fileext Razz) , next release should have it (if I get enough testings)
View user's profileSend private message
File Type Exclusion
GuitarBob


Joined: 09 Jul 2006
Posts: 4292
Location: USA
Reply with quote
Sounds good. BTW, what do you think about speeding up scans by inserting a "cookie" in each directory for the date last scanned by ClamWin? Future scans could check file date(s) against the cookie to see if any files have been changed, and bypass scanning them if the file date hasn't changed. A "smart" virus might change the dates, but this would be a good option to use for "intelligent" scanning when ClamWin goes resident. Hopefully the cookie dates would be more reliable then if the resident scanner caught any changes by a virus.

Regards,
View user's profileSend private message
drgoa.r


Joined: 20 Nov 2006
Posts: 66
Location: Bulgaria
Reply with quote
@sherpya
it is always good to hear that you are working on something...
good luck:)
and you have my sword! (for testing purposes only!)
Razz
View user's profileSend private message
sherpya


Joined: 22 Mar 2006
Posts: 894
Location: Italy
Reply with quote
@GuitarBob
we cannot rely on file/dir modification, for this reason we'll have a checksum based cache in the v1

@drgoa.r
I'll post info and files on beta forum when I'll back (2-3 jan)
you already are in the beta testing group?
View user's profileSend private message
V 1.0 Checksums
GuitarBob


Joined: 09 Jul 2006
Posts: 4292
Location: USA
Reply with quote
Sounds like V 1.0 is going to be a very competitive AV software! I'm sure we're all looking forward to it.

Enjoy your time off.

Regards,
View user's profileSend private message
chaos31


Joined: 20 Dec 2006
Posts: 11
Location: Minnesota, USA
Reply with quote
Oh ya sorry I didnt re-read this.

I got it from a active x download...I was trying watch a movie trailer...I don't even remember which one. So says you most have the latest so and so and to get it download it through active x...sadly I hadn't slept in 2 days so I was not being very careful so I clicked the thing in toolbar and lcicked download active x. The trailer thne played but then I noticed some new toolbar that could not be removed, new programs slowly appearingo n the desktop and the little balloon poping up in toolbar telling me to click here for great virus protection to get rid of the trojan. Usually I'm smarter than this lol.

ALSO is left some nasty spyware I found out yesterday, ran my weekly spyware check and it did leave the 1 spyware that brings that balloon up in toolbar telling you to lcick here cause you have a trojan...so I'm assuming it had some pretty fun spyware in it also lol...

David
View user's profileSend private message
sherpya


Joined: 22 Mar 2006
Posts: 894
Location: Italy
Reply with quote
you shouldn't use at all internet explorer Very Happy use Firefox, download autoruns from sysinternals website
and check hide microsoft entries in the options menu
then you can see/remove bho startup entries, services etc
http://www.microsoft.com/technet/sysinternals/utilities/autoruns.mspx http://www.microsoft.com/technet/sysinternals/utilities/autoruns.mspx
View user's profileSend private message
*Warning* for everyone
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic