ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
trojan found but not quarentined or deleted
d1995


Joined: 28 Sep 2016
Posts: 2
Reply with quote
C:\Windows\Installer\8abd674.msi: Win.Trojan.Agent-1696537 FOUND

Trojan by found by ClamWinbut but NOT quarantined or deleted. (I tried both options)/

Win 8.1. ClamWin up-to-date. Windows Defender also present and active.
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 561
Location: **UNKNOWN**
Reply with quote
I recommend submitting that file to virustotal and make sure it is not a false positive. You can do that here: https://virustotal.com If it is, please submit the file with the virustotal report here: http://www.clamav.net/contact
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4191
Location: USA
Reply with quote
Windows Defender with ClamWin as backup scanner is a good choice. Unfortunately, with any AV there is a window of opportunity for malware for a short time after it is released, until the AV sigmakers develop a signature for it. When you submit an infected file to Virus Total, a sample of the file s sent to the AVs that do not detect it. So Virus Total plays an important part in detection.

Regards,
View user's profileSend private message
d1995


Joined: 28 Sep 2016
Posts: 2
Reply with quote
ROCKNROLLKID wrote:
I recommend submitting that file to virustotal and make sure it is not a false positive. You can do that here: https://virustotal.com If it is, please submit the file with the virustotal report here: http://www.clamav.net/contact


Thanks to both board users who replied. The latest update of ClamWin database excludes this file. So no more worries.
View user's profileSend private message
martinjennifer


Joined: 19 Jul 2016
Posts: 5
Location: India
Reply with quote
You can try to install some free trial antivirus software which might sought of this issue.

You can choose the one you like.
View user's profileSend private message
ClamWin found 2 trojans but not copied into quarantine
Jezinek


Joined: 17 Mar 2017
Posts: 2
Location: Rockies
Reply with quote
Hi guys;

The settings are on 'move to quarantine' - CW did so on my 1 TB Toshiba EHD & the partition D: in the tower. However, my oldest EHD Maxtor 500 GB has 2 nasty trojans according to CW & it left them there after a 2nd scan. Now what? Are these false positives? How can I get rid of them? Would it be safe to move both infected files inside the folders onto a Flash stick?

E:\Program Files\ACE Mega CoDecS Pack\Media Player Classic\binkw32.dll: Win.Trojan.Ramnit-6003 FOUND
E:\Program Files\comcasttb\CIDGlobalLight.exe: Win.Trojan.Agent-792462 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 6030452
Engine version: 0.99.1
Scanned directories: 3783
Scanned files: 40301
Infected files: 2
Not copied: 2
Data scanned: 46687.48 MB
Data read: 96625.27 MB (ratio 0.48:1)
Time: 8568.971 sec (142 m 48 s)

I am stunned that the Comcast folder is infected! Luckily, I've never used the ACE player. Use WMP, Nero Suite & VLC.


MWB-Pro, Avast (found lots of VBV.JPG on the 3rd 1TB EHD backup before using CW), AVG, Webroot, RogueKiller, MS malware removal tool didn't find any of these 6 bad bugs. The February MSMRT raised a red flag when it claimed at the end of 12 h scan to have found 6 bugs but after completion, said nothing found. Only ClamWin found the infections for which I am very grateful. The Toshiba is my 2nd backup w/ 750 GB of pix/music & the Trojan was the 'autorun' kind. I've lost 2 PCs in the past due to hacking & infection despite HW/SW protections.

After the CW scans, I carefully cleaned the Registry w/ RK & CCleaner. The PC (Win7 Pro-SP1) boots OK & faster now, however, how do I get the 2 bugs from the EHD into a sandbox/quarantine since no other AV-SW finds them & CW won't move them out? Looks like a Catch 22...

Any actionable help/tips are appreciated.

Thanks,

Rob Jezinek
https://postimg.org/image/vxwoy7l5t/
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4191
Location: USA
Reply with quote
If ClamWin is the only AV to detect an infected file, it is probably a false positive. Virus Total is the ultimate tool to detect a file. I like to see at least 2 of these AVs detect something before I believe it: Avira, Bitdefender, Eset (Nod 32), Kaspersky, or Sophos.

Malwaerbyes Free and Zemana Antimalware Free are very good malware cleaners. Try one or both of them.

Regards,
View user's profileSend private message
Jezinek


Joined: 17 Mar 2017
Posts: 2
Location: Rockies
Reply with quote
GuitarBob;

Thanks for the quick reply. I have Malwarebytes-Pro; it didn't find anything. Will try Avira (a programmer buddy recommended) & Zemana & the VT & report back.
BTW, do you play guitar? I do.

Nighty-night...

Rob Jezinek
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4191
Location: USA
Reply with quote
If Malwarebytes didn't find anything, I think the file is clean, but you might try Zemana just to be sure.

Yes--been playing guitar more years than I care to admit--blues/country/rock.

Regards,
View user's profileSend private message
trojan found but not quarentined or deleted
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic