 |
 | dwwin.exe |  |
|
clammegges
|
|
Hello,
I made a clamwin scan, and found a virus. I made also a online scan, no virus, but clamwin does detect. What does it mean? is it a real thread? it seems that it is not active, i can remove it without problems. thank you. that's the result: C:\i386\DRW\DWWIN.EXE: Trojan.Downloader-24725 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 216821 Engine version: 0.92 Scanned directories: 0 Scanned files: 1 Skipped non-executable files: 0 Infected files: 1 online scan, no results, but clamwin: Jottis Malwarescan 2.99-TRANSITION_TO_3.00-R1 Datei, die hochgeladen und gescannt werden soll: Dienst Datei: DWWIN.EXE Auslastung: 0% 100% Status: VIELLEICHT INFIZIERT/MALWARE (Anmerkung: diese Datei wurde bereits vorher gescannt. Die Scanergebnisse werden daher nicht in der Datenbank gespeichert.) Entdeckte Packprogramme: - Bit9 rapportiert: No threat detected (more info) A-Squared Keine Viren gefunden AntiVir Keine Viren gefunden ArcaVir Keine Viren gefunden Avast Keine Viren gefunden AVG Antivirus Keine Viren gefunden BitDefender Keine Viren gefunden ClamAV Trojan.Downloader-24725 gefunden CPsecure Keine Viren gefunden Dr.Web Keine Viren gefunden F-Prot Antivirus Keine Viren gefunden F-Secure Anti-Virus Keine Viren gefunden Fortinet Keine Viren gefunden Ikarus Keine Viren gefunden Kaspersky Anti-Virus Keine Viren gefunden NOD32 Keine Viren gefunden Norman Virus Control Keine Viren gefunden Panda Antivirus Keine Viren gefunden Rising Antivirus Keine Viren gefunden Sophos Antivirus Keine Viren gefunden VirusBuster Keine Viren gefunden VBA32 Keine Viren gefunden |
|||||||||||
|
|||||||||||||
 |
| Re: dwwin.exe | |
|
b0ne
|
|
I can not find "Trojan.Downloader-24725" in the most recently updated definitions. I believe it is a false detection. Update your definitions and see if the file is detected again. |
|||||||||||||
|
|||||||||||||||
|
| |
|
GuitarBob
|
|
I had a similar notice yesterday after my normal scan. The file in question is related to Microsoft's automatic Windows downloads and evidently is similar to some trojan. No other scanners on Jotti recognized it, so I informed Clam about it and uploaded a copy of the file. It's definitely a false positive. Until Clam "fixes" it, I've configured my Clamwin Preferences to Filter out the matching filename. The filename isn't case sensitive in filters.
Regards, |
|||||||||||
|
|||||||||||||
|
| same after update | |
|
clammegges
|
|
thanx for the first replies.
my definitions are up to date. same problem. It's the first time today that clamwin detects this "trojan". I've looked on the net and found dwwin.exe normally has to be in the windows\system32-folder. This one I found is in the \i386 folder but has the same modification date like mysystem files. is it normal? another question: how is it possible to upload the file for clamwin so that they can check if this is also an error and for developpement, i didn't find it..? thanks again |
|||||||||||
|
|||||||||||||
|
| |
|
clammegges
|
|
I forgot. I removed the file and put it safely in another folder extern. system has no problems...
|
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
You can upload ClamWin false positive files and suspected malware files that it can't detect to ClamAv at http://cgi.clamav.net/sendvirus.cgi on the Web.
If you just want to verify that a file is infected, ClamAV can't help, so upload it to Jotti at http://virusscan.jotti.org/ on the Web. You will have to be patient sometimes--the virus writers also upload stuff there to see which of the 20 or so Jotti scanners detect their "product." Regards, |
|||||||||||
|
|||||||||||||
|
 | dwwin.exe | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.