ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Trojan.Crypt-5 and SMALL-152
Cobra427


Joined: 22 Jan 2006
Posts: 4
Reply with quote
hi

from the report below you can see I have 4 infected files with 2 Not Moved.
What does the 2 Not Moved mean -- is it because that 2 were earlier in the quarantine folder?
Does moving into the quarantine folder actually stop a trojan working? Rolling Eyes

Also
I've read the thread on SMALL-152 earlier and understand it might not be a problem...but a scan last night also turned up Crypt-5 in addition... do you think this is a similar issue?


Finally do you think I can delete the infected files such as :\System Volume Information\_restoreB37680B2-BA0A-4E5D-BF30-83E44C588624\RP95\A0010284.exe since I'm not using Restore ....?

thanks

Scan started: Sun Jan 22 00:45:44 2006

File excluded 'C:\Documents and Settings\All Users\.clamwin\quarantine\phonepile.exe'
File excluded 'C:\Documents and Settings\All Users\.clamwin\quarantine\Rem6F.exe'
ERROR: Can't open file C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
ERROR: Can't open file C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
ERROR: Can't open file C:\Documents and Settings\LocalService\NTUSER.DAT
ERROR: Can't open file C:\Documents and Settings\LocalService\ntuser.dat.LOG
ERROR: Can't open file C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
ERROR: Can't open file C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
ERROR: Can't open file C:\Documents and Settings\NetworkService\NTUSER.DAT
ERROR: Can't open file C:\Documents and Settings\NetworkService\ntuser.dat.LOG
ERROR: Can't open file C:\Documents and Settings\Saz\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
ERROR: Can't open file C:\Documents and Settings\Saz\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
ERROR: Can't open file C:\Documents and Settings\Saz\NTUSER.DAT
ERROR: Can't open file C:\Documents and Settings\Saz\ntuser.dat.LOG

C:\System Volume Information\_restoreB37680B2-BA0A-4E5D-BF30-83E44C588624\RP95\A0010284.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\\A0010284.exe'

C:\System Volume Information\_restoreB37680B2-BA0A-4E5D-BF30-83E44C588624\RP96\A0010348.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\\A0010348.exe'

ERROR: Can't open file C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
ERROR: Can't open file C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
ERROR: Can't open file C:\WINDOWS\SYSTEM32\CONFIG\SAM
ERROR: Can't open file C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
ERROR: Can't open file C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
ERROR: Can't open file C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
ERROR: Can't open file C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
ERROR: Can't open file C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
ERROR: Can't open file C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
ERROR: Can't open file C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG

C:\Documents and Settings\All Users\.clamwin\quarantine\phonepile.exe: Trojan.Crypt-5 FOUND

C:\Documents and Settings\All Users\.clamwin\quarantine\Rem6F.exe: Trojan.Crypt-5 FOUND

C:\System Volume Information\_restoreB37680B2-BA0A-4E5D-BF30-83E44C588624\RP95\A0010284.exe: Trojan.Small-152 FOUND

C:\System Volume Information\_restoreB37680B2-BA0A-4E5D-BF30-83E44C588624\RP96\A0010348.exe: Trojan.Small-152 FOUND

-- summary --

Known viruses: 42499

Scanned directories: 6263

Scanned files: 106445

Infected files: 4


Not moved: 2

Data scanned: 15648.05 MB

I/O buffer size: 131072 bytes

Time: 7928.170 sec (132 m 8 s)

-------------------

Completed

-------------------
View user's profileSend private message
Re: Trojan.Crypt-5 and SMALL-152
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1751
Reply with quote
Cobra427 wrote:

from the report below you can see I have 4 infected files with 2 Not Moved.
What does the 2 Not Moved mean -- is it because that 2 were earlier in the quarantine folder?

Yes, not moved because already in the quarantine

Quote:

Does moving into the quarantine folder actually stop a trojan working? Rolling Eyes


It should.

Quote:

Finally do you think I can delete the infected files such as :\System Volume Information\_restoreB37680B2-BA0A-4E5D-BF30-83E44C588624\RP95\A0010284.exe since I'm not using Restore ....?


yes
View user's profileSend private message
Cobra427


Joined: 22 Jan 2006
Posts: 4
Reply with quote
hi

thnx

I shift-deleted all the quarantined files I ran clamwin 0.88 just now and also ran that... the SMALL-152 doesn't appear ;o)

the Torjan.Crypt-5 still popped up again tho...

C:\System Volume Information\_restoreB37680B2-BA0A-4E5D-BF30-83E44C588624\RP157\A0028124.exe: Trojan.Crypt-5 FOUND
C:\System Volume Information\_restoreB37680B2-BA0A-4E5D-BF30-83E44C588624\RP157\A0028125.exe: Trojan.Crypt-5 FOUND

mmm... any ideas anyone...
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1751
Reply with quote
Cobra427 wrote:
hi
the Torjan.Crypt-5 still popped up again tho...

C:\System Volume Information\_restoreB37680B2-BA0A-4E5D-BF30-83E44C588624\RP157\A0028124.exe: Trojan.Crypt-5 FOUND
C:\System Volume Information\_restoreB37680B2-BA0A-4E5D-BF30-83E44C588624\RP157\A0028125.exe: Trojan.Crypt-5 FOUND

mmm... any ideas anyone...


I guess it may be a false positive, can you scan one of those files on http://www.virustotal.com and see what other scanners report?
You may need to change security permissions temporarily on C:\System Volume Information to be able to get there.
View user's profileSend private message
Trojan.Crypt-5 and SMALL-152
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic