ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
False Positive: Cleanup.exe reported as Win.Worm.Chir-199
kd5


Joined: 19 Sep 2013
Posts: 1
Location: Ohio, USA
Reply with quote
Steven Gould's Ceanup! has been a legitimate application for many years for cleaning up junk files. ClamWin's latest scan reports cleanup.exe as being Win.Worm.Chir-199, which is a false positive. File submission to Jotti and Virus Total show that out of all the scans completed on said file, only ClamWin and Ikarus suspect it as being a worm (Ikarus reports it as being Win32.SuspectCrc). All other scans show this file as clean.

Scan report:


Scan Started Thu Sep 19 15:29:05 2013

-------------------------------------------------------------------------------



WARNING: Can't open file C:\pagefile.sys: Permission denied

WARNING: Can't open file C:\WINNT\security\tmp.edb: Permission denied

WARNING: Can't open file C:\WINNT\system32\config\default: Permission denied

WARNING: Can't open file C:\WINNT\system32\config\SAM: Permission denied

WARNING: Can't open file C:\WINNT\system32\config\SECURITY: Permission denied

WARNING: Can't open file C:\WINNT\system32\config\software: Permission denied

WARNING: Can't open file C:\WINNT\system32\config\system: Permission denied

WARNING: Can't open file C:\WINNT\system32\config\SYSTEM.ALT: Permission denied



C:\Program Files\CleanUp!\Cleanup.exe: Win.Worm.Chir-199 FOUND

----------- SCAN SUMMARY -----------

Known viruses: 2773219

Engine version: 0.97.8

Scanned directories: 4092

Scanned files: 25520

Infected files: 1



Data scanned: 4332.25 MB

Data read: 4378.53 MB (ratio 0.99:1)

Time: 7325.043 sec (122 m 5 s)



--------------------------------------

Completed

--------------------------------------


As I said before, Cleanup! is a legitimate application which should not be flagged as being a worm.

Thank you for handling this as expediently as possible.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4362
Location: USA
Reply with quote
ClamWin uses the scan engine and signature database provided by Clam AV. Please submit false positive detections and undetected viruses to Clam AV at their web site. Choose the Report option, and then choose either the option to report a false positive or undetected virus. It may take a few days, so if a false positive is involved, you can whitelist the file in ClamWin and restore it from quarantine via the ClamWin recover utility (start, ClamWin, then choose the recovery program).

Thanks for using ClamWin.

Regards,
View user's profileSend private message
False Positive: Cleanup.exe reported as Win.Worm.Chir-199
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic