ClamWin reports:

C:\Program Files\PositScience\2_0\Neuroscience\Tools\Posit DXDiag.exe: Trojan.DNSChanger-3887 FOUND

Is this a actual virus or is it merely a signature mis-match?

Posit Science is a program from http://www.positscience.com/

The Zone Alarm anti-virus does not pick this up as a virus so I suspect it is a false positive; however, I'd like to make sure as the computer it is found on is having troubles printing.

Thanks,

Allen

Hello,
In doubt pls upload the file to http://www.virustotal.com/, this is free servise that submit files to multiple (about 36 if I remember well) AV's tools.

If fewer (or no other AV besides ClamWin) detect the file as suspicios, then it is likley to be a false positive. In case notify ClamAV team by using the form @ http://cgi.clamav.net/sendvirus.cgi and ticking the relevant field concerning false positives. Generally Clam team is fixing the issue in few days, therefore make a scan after such period (of course, Virus DB have to be updated firstly); notification of malware should not appear anymore.

By doing this, you will help Clam (and ClamWin as well) to have better efficiency.

Regards,
Antonio

Information about "DNSChanger-3887"
This trojan got into my computer and hasn't done a great deal of harm to the machine...but it's really irritating to not be able to connect to the internet.
It lodged itself into the protected files of the "D" drive...<d>...and has proven itself to be invisible to a long list of anti-spyware, virus and other malware scanners, including Microsoft Live One Care, (the first 90 days are free, loaded: Sept 6, 2008) and Mcafee's Internet Suite, which I paid for.
HijackThis led me to the Trend Micro website and forum. They have a lead to the dismantling of this trojan from a previous issue: "TROJ_DNSCHAN.SUB"
The new version doesn't use redirect, it simply changes: "DhcpNameServer", "NameServer", and "CLSID of network adaptor", among others I don't know where. Scans cannot see it. I have disabled restore on D, deleted it, erased it, formatted it, all through access in safe mode. The machine has been formatted and restored from the original emachines restore disc. Scanned by everyone. It still blocks access to the internet.
I have had several small successes: By creating a new connection I was able to connect long enough to down load a few updates, but it only worked once and every attempt has failed in seconds. Reformatting the system (destructive) allowed a difficult connection long enough to download and install One Care.

Persistent: "DNSChanger-3887"

My computer needs help.

Dr. Web's CureIt does as good a job as any antivirus in cleaning a computer. It's available free at http://www.freedrweb.com/ on the web. You don't install it--just put it on your desktop and run it. It will do an Express scan. If it finds something, let it clean it, and then manually select to do a full scan.

Norman also has a capable Malware Cleaner (use in Safe Mode) at http://www.norman.com/Virus/Virus_removal_tools/24789/en-us on the web.

For viruses older than a month or so and variants thereof, I've had some luck with Microsoft's Malicious Software Removal Tool, which is the file MRT.exe in the in Windows XP system32 directory. The current version should be dated August.

You might want to check out Clamwin's Antimalware Resources page, available from the main ClamWin page. It lists some pretty good resources, including free experienced online malware removal resources and manual disinfection information sources.

Good luck. Please let us know here in the ClamWin forum how you're doing--it might help someone else.

Regards,