I got some infected files here: but m not sure which ones to remove/quarantine...any help from anyone would be highly appreciated..just guide me towards the suspicious ones...thanks

-------------------------------


C:\NVIDIA\WinVista\179.48\IS\Display\PhysX_9.09.0010_SystemSoftware.exe: Trojan.FakeAV-282 FOUND
C:\Program Files\Activision\Modern Warfare 2\Redist\vcredist_x86.exe: Trojan.FakeAV-280 FOUND
C:\Program Files\ClamWin\bin\Microsoft.VC80.CRT\msvcm80.dll: Trojan.IRC-3 FOUND
C:\Program Files\ClamWin\bin\Microsoft.VC80.CRT\msvcp80.dll: Trojan.FakeAV-281 FOUND
C:\Program Files\ClamWin\bin\Microsoft.VC80.CRT\msvcr80.dll: Trojan.FakeAV-282 FOUND
C:\Program Files\Common Files\Windows Live\.cache\12ab6bf01c98c34\crt.msi: Trojan.FakeAV-280 FOUND
C:\Program Files\Common Files\Windows Live\.cache\wlc55EE.tmp: Trojan.FakeAV-280 FOUND
C:\Program Files\Common Files\Windows Live\.cache\wlc845E.tmp: Trojan.FakeAV-280 FOUND
C:\Program Files\Common Files\Wise Installation Wizard\WIS8AAB4176A747493AA42CB63CFADFD8E3_9_09_0010.MSI: Trojan.FakeAV-282 FOUND
C:\Program Files\Common Files\Wise Installation Wizard\WISD56B0E274A3E46C9B5C1D93D580C099C_8_10_29.MSI: Trojan.FakeAV-282 FOUND
C:\Program Files\Common Files\Wise Installation Wizard\WISE4D153288C89484BB9AAF5BE9EA6D01C_8_10_17.MSI: Trojan.FakeAV-282 FOUND
C:\Program Files\DAEMON Tools Lite\Microsoft.VC80.CRT.manifest: Trojan.FakeAV-280 FOUND
C:\Program Files\DAEMON Tools Lite\msvcp80.dll: Trojan.FakeAV-281 FOUND
C:\Program Files\DAEMON Tools Lite\msvcr80.dll: Trojan.FakeAV-282 FOUND
C:\Program Files\ManyCam 2.4\Microsoft.VC80.CRT.manifest: Trojan.FakeAV-280 FOUND
C:\Program Files\ManyCam 2.4\msvcp80.dll: Trojan.FakeAV-281 FOUND
C:\Program Files\ManyCam 2.4\msvcr80.dll: Trojan.FakeAV-282 FOUND
C:\Program Files\Volition Inc\Red Faction Guerrilla\VCRedist\vcredist_x86.exe: Trojan.FakeAV-280 FOUND
C:\Program Files\Volition Inc\rfg_launcher_1Crack.exe: Trojan.Downloader-77805 FOUND
C:\ProgramData\Apple\Installer Cache\Apple Mobile Device Support 2.4.1.7\AppleMobileDeviceSupport.msi: Trojan.FakeAV-280 FOUND
C:\ProgramData\Apple\Installer Cache\Apple Mobile Device Support 2.5.1.3\AppleMobileDeviceSupport.msi: Trojan.FakeAV-280 FOUND
C:\ProgramData\Apple Computer\Installer Cache\Safari 4.30.19.1\Safari.msi: Trojan.FakeAV-280 FOUND
C:\Users\saladx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\6dc8e2db-5c73c2be: Exploit.JS-7 FOUND
C:\Users\saladx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\29ab6a83-50c1c5c3: Exploit.JS-7 FOUND
C:\Users\saladx\Documents\Downloads\march4\UPS_invoice _Nr5789.zip: Suspect.Bredozip-zippwd-5 FOUND
C:\Users\saladx\Downloads\daemon4303-lite.exe: Trojan.FakeAV-280 FOUND
C:\Users\saladx\Downloads\DivXInstaller.exe: Trojan.Agent-140058 FOUND
C:\Users\saladx\Downloads\PhysX_9.09.0010_SystemSoftware.exe: Trojan.FakeAV-282 FOUND
C:\Users\All Users\Apple\Installer Cache\Apple Mobile Device Support 2.4.1.7\AppleMobileDeviceSupport.msi: Trojan.FakeAV-280 FOUND
C:\Users\All Users\Apple\Installer Cache\Apple Mobile Device Support 2.5.1.3\AppleMobileDeviceSupport.msi: Trojan.FakeAV-280 FOUND
C:\Users\All Users\Apple Computer\Installer Cache\Safari 4.30.19.1\Safari.msi: Trojan.FakeAV-280 FOUND
C:\Windows\winsxs\Manifests\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.manifest: Trojan.FakeAV-280 FOUND
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\msvcm80.dll: Trojan.IRC-3 FOUND
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\msvcp80.dll: Trojan.FakeAV-281 FOUND
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\msvcr80.dll: Trojan.FakeAV-282 FOUND

I believe those are all false positives. I know the Fake AVs are, and I think they have been fixed at Clam by now. When you get a bunch of detections for the same virus, it is often a sign of a false positive.

Always keep your ClamWin infected files option set to Report Only. Be sure to verify any infections in files in the Windows directories with Jotti or VirusTotal before you Quarantine or Delete any files from there.

Regards,

thx alot for the reply, if these are all false + then no need of deletion/quarantine, now shall i just use jotti to confirm this?...and is the clamwin aware of all these false+ reports? as it cud seriously harm the system.

Try a re-scan with ClamWin (infected file options set to Report Only) to see if the false positives have been corrected. If they have been corrected now, you will probably not see very many infections remaining. It may be likely that anything remaining is a real infection, but verify with Jotti or VirusTotal before you do anything. You do not have to verify every file--just one of each "infection." I am not aware of any Javascript false positives right now, but there could be some.

Regards,

I see this person had the same thing happen as me, so I will post in this topic instead of starting a new one. I scanned last night (Feb 12 2010) and got this surprising report:

C:\Documents and Settings\All Users\Application Data\Apple\Installer Cache\Apple Mobile Device Support 1.1.4.7\AppleMobileDeviceSupport.msi: Trojan.FakeAV-281 FOUND
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ONMVEBAJ\AppleMobileDeviceSupport[1].msi: Trojan.FakeAV-281 FOUND
C:\Program Files\ClamWin\bin\Microsoft.VC80.CRT\msvcm80.dll: Trojan.IRC-3 FOUND
C:\Program Files\ClamWin\bin\Microsoft.VC80.CRT\msvcp80.dll: Trojan.FakeAV-281 FOUND
C:\Program Files\ClamWin\bin\Microsoft.VC80.CRT\msvcr80.dll: Trojan.FakeAV-282 FOUND
C:\Program Files\Dell Computer\Dell Image Expert\system\register.exe: Trojan.Spy.Banker-6328 FOUND
C:\Program Files\Mozilla Firefox\plugins\Microsoft.VC80.CRT\msvcm80.dll: Trojan.IRC-3 FOUND
C:\Program Files\Mozilla Firefox\plugins\Microsoft.VC80.CRT\msvcp80.dll: Trojan.FakeAV-281 FOUND
C:\Program Files\Mozilla Firefox\plugins\Microsoft.VC80.CRT\msvcr80.dll: Trojan.FakeAV-282 FOUND
C:\System Volume Information\_restore4C64E8AF-F2CF-431D-8183-D12CF3F8050F\RP1218\A0231664.msi: Trojan.IRC-3 FOUND
C:\WINDOWS\Downloaded Installations\47901334-11E6-4835-B212-62030BD8AB37\EditScript MT.msi: Trojan.FakeAV-282 FOUND
C:\WINDOWS\Installer\26c7594a.msp: Trojan.IRC-3 FOUND
C:\WINDOWS\SoftwareDistribution\Download\d2c1d0c034c68640cf949db8e0b3df1a\o12convsp1-en-us.cab: Trojan.IRC-3 FOUND
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll: Trojan.IRC-3 FOUND
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll: Trojan.FakeAV-281 FOUND
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll: Trojan.FakeAV-282 FOUND

The last time I scanned was a little less than a week ago.

Any help is as always greatly appreciated. This is a lot of files and I have to work today so the soonest I can re-scan or check them all on jotti would be this evening.

~~~ yours in Chaos, Scarlett

well as bob said , all fakeAV are false+ , so dont worry about them, rest of the files need re-scan , but b4 u do so , update clamwin database. i did the window files re-scan after updating clamwin, and i got a clean report.

Thank you!