Greetings,

I'm running W2K and used to play Doom II on my old Win98 box. For whatever reason, it would not launch properly on my W2K machine. I found a program (see the link) that will run Doom II in a native Win32 environment so I downloaded it. As is customary, I isolated this file in a download/scan directory and scanned the installer file with AVG and Avira AntiVir. No Problems, so I installed it.

Then I ran my weekly Clamwin update and overnight scan which brought back the following:

C:\0-Installer Programs Part III\JDoom Win32 Doom II Launcher\deng-inst-1.8.6.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\\deng-inst-1.8.6.exe'

C:\0-Installer Programs Part III\JDoom Win32 Doom II Launcher\deng-inst-1.8.6.exe: Trojan.Downloader.Delf-268 FOUND
-- summary --
Known viruses: 54291
Engine version: 0.88
Scanned directories: 5978
Scanned files: 47810
Infected files: 1
Data scanned: 12797.38 MB
Time: 8816.642 sec (146 m 56 s)

I was rather surprised at this because none of my other AV programs recognized it.

I immediately re-ran the other two AV programs and again, nothing found. Funny thing is, wouldn't the executable file drop its payload into the registry if it was a legitimate trojan?

Is this maybe a false positive? I'm completely anal when it comes to security on my system and would appreciate any feedback you guys have to offer.

Thanks, and here's the link to the original executable file:

https://prdownloads.sourceforge.net/deng/deng-inst-1.8.6.exe?download

Oh yea, two other things:

a) I realize that this link points to the Sourceforge.net open-source repository. I further realize that this does not necessarily mean it's immune to spyware or other nasties (although you'd think it would be).

b) I did upgrade my Clamwin installation to 0.88.2.3 and ran it again with the same results.

please read this FAQ:
https://www.clamwin.com/content/view/40/27/

another scanner can be found here if you want to go crazy and scan more lol

https://virusscan.jotti.org/