ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
I scanned my Windows partition using ClamAV and found this
james159951


Joined: 07 Mar 2017
Posts: 5
Reply with quote
/media/james/A24425074424E031/Dell/Drivers/0T0GT/Vista/RtkNGUI.exe: Win.Worm.Runouce-381 FOUND

I pretty sure this is a false positive, but I want to be sure before doing anything. Could anybody help me?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4129
Location: USA
Reply with quote
Upload the file to Virus Total at https://www.virustotal.com/ on the web. Virus Total will scan it in a couple of minutes with 50+ antivirus programs, including the Clam AV scan engine used by ClamWin. If only 1 or 2 other AVs besides Clam AV say it is infected, it is most likely a false positive. I like to see at least 2 of these AVs detect a file as infected before I believe it: Avira, Bitdefender, Eset (Nod32), Kaspersky, and Sophos. They all use their own scan engine and have a wide user base which includes lots of businesses, which tend to use the better AVs.

Virus Total will send a copy of false positive files to the AVs that falsely detect it so they can correct their virus signatures. but you might speed up things a bit if you also submit it to Clam AV at http://www.clamav.net/reports/fp on the web. It may take Clam AV a week or so to correct their signature because no one works on Clam AV full-time--they have other duties for Cisco (the owner of Clam AV now). You could whitelist the file in ClamWin's tools if you want to.

Thanks for using ClamWin!

Regards,
View user's profileSend private message
james159951


Joined: 07 Mar 2017
Posts: 5
Reply with quote
Yep, it's a false positive. But my friend's computer that I'm scanning now probably is infected. I just posted about it.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4129
Location: USA
Reply with quote
ClamWin can not prevent an infected file from getting on your computer because it does not scan in real-time. It is an on-demand scanner that scans when you tell it to-either with a manual or scheduled scans. You/friend should use ClamWin as a backup to a real-time scanner.

Zemana Antimalware free or Malwarebytes free are pretty good at cleaning up after infections. Keep one of them around in case something gets by ClamWin/other security software.

Thanks for using ClamWin!

Regards,
View user's profileSend private message
I scanned my Windows partition using ClamAV and found this
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic