ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
To take care of infections
norman


Joined: 16 Dec 2006
Posts: 2
Reply with quote
I full scanned with clamwin I've got 5 infections
What do I do about them? I don't see any place
to delete them or put them into immunization.

Scan started: Thu Dec 14 19:26:22 2006

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\ccng94cf.default\Cache\0AFB9CCFd01: HTML.Phishing.Gold FOUND
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\ccng94cf.default\Cache\7C769299d01: HTML.Phishing.Auction-272 FOUND
C:\WINDOWS\notepad.exe: Trojan.SdBot-4031 FOUND
C:\WINDOWS\ServicePackFiles\i386\notepad.exe: Trojan.SdBot-4031 FOUND
C:\WINDOWS\system32\notepad.exe: Trojan.SdBot-4031 FOUND

-- summary --
Known viruses: 82041
Engine version: 0.88.7
Scanned directories: 4991
Scanned files: 84622
Infected files: 5
Data scanned: 14997.80 MB
Time: 13919.766 sec (231 m 59 s)

Norman
View user's profileSend private message
budtse


Joined: 14 Jan 2006
Posts: 372
Location: Belgium
Reply with quote
Hi,
The infection of NOTEPAD.EXE is a false positive. Update your virus database, this should be fixed by now.

The other infection report phishing html pages. They won't do any harm directly, they just try to convince you to give personal data which could be misused (something you should always be suspicious about). I'm not sure clamwin will remove/quarantine these kind of infections though.

To check what clamwin does with infected files, please open the clamwin preferences and check the General tab. There you can choose between "Report only", "Remove" and "Quarantine". We advice you to use quarantine as in the case of a false positive (like the notepad.exe notification), you can restore the file if needed.

regards,
budtse
View user's profileSend private message
auomatically qyarantine
norman


Joined: 16 Dec 2006
Posts: 2
Reply with quote
Budtse'
Thanks for the useful infoemation
I guess clamwin does it automatically when you check
quarantine. norman
View user's profileSend private message
Traversal


Joined: 14 Dec 2006
Posts: 9
Location: China
Reply with quote
Thanks,budtse.
But can you tell me the reason of the false positive?
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1751
Reply with quote
the reason is simple: every day there are new signatures (byte sequences of data) added to the virus database by ClamAV team. Sometimes it happens that not only a virus but also a legitimate file has the same byte sequence and is reported as a false positive. If that happens the signature is modofoed to exclude legitimate files.
View user's profileSend private message
To take care of infections
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic