 |
 | "joke.fakeinfect.exe" a threat? |  |
|
Kyuzo
|
|
Please forgive me if I have posted in the incorrect area. I tried the search function and found no answers to my question, and so I thought I might ask here:
Until a few days ago I used Malwarebytes as a on-demand spyware scanner. I also have Spyware Terminator with integrated ClamWin as my primary active antispyware scanner/HIPS protection. After a recent update of the ClamWin database, ST/Clam began detecting a file called "joke.fakeinfect.exe" in Malwarebytes. From the limited information I have gleaned from other websites, I am not the only person who has had this result. Is "joke.fakeinfect.exe" an actual threat? Malwarebytes says the ST/Clam scan is getting a false positive. ST's people also think it's false positive, but I thought I'd ask the ClamWin people as their program is detecting this file. You comments are greatly appreciated. Thank you, Kyuzo. |
|||||||||||
|
|||||||||||||
 |
| |
|
Theoracle117
|
|
You posted in the correct area
It is probably a false positive. you can check by uploading the file to virustotal.com If very few antiviruses recognize it as a virus (one or two) then it may be a false positive I also use malwarebytes, and the mbam-dor.exe is detected by clamwin. It is a false positive, that was reported long ago but it is detected through behavior, what the file does. That file generates a random .sys file in the drivers directory, so this file is used for uninstallation. It is a false positive, That i am sure of. Hope it helps |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
Clam Antivirus provides the scanning engine and the signature database used by ClamWin. You should upload any viruses not found by ClamWin and any files that may be False Positives to Clam AV at http://cgi.clamav.net/sendvirus.cgi which is their submission page on the Web. Be sure to include all the information that is requested. In the case of a False Positive, be sure to check the False Positive block. Provide an explanation in the Description area.
Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
Kyuzo
|
|
Thank you both. You have put my mind at ease. I have checked this file with my separate AV program and the AV does not notice this particular file. Again, thank you both.
Theoracle, you are EXACTLY correct in your post. That file, mbam-dor.exe, seems to be where this file resides. Thank you for your post as I feel that my ClamWin progran is at least agreeing with yours. My thanks to you both, Regards, Kyuzo. |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
Until Clam AV fixes a false positive, you can exclude it from your ClamWin directory scans by inserting the filename (filename.extension) in Preferences, Filters, Exclude Matching Filenames. ClamWin will still spot it if you do a scan on the one file by itself. Of course, you need to make sure it is really a false positive before you exclude it.
This is only a temporary solution, however. It will not get fixed until/unless you notify Clam AV about the false positive. When you can do a ClamWin scan on the file by itself without getting an infection message, they have fixed it, and you can remove it from your filters. Regards, |
|||||||||||
|
|||||||||||||
|
 | "joke.fakeinfect.exe" a threat? | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.