 |
 | need help dealing with viruses |  |
|
rschum
|
|
All of the sudden ClamWin has detected 8 infections. What should I do now? Is there paid support available?
Here is part of my log: C:\Program Files\ClamWin\bin\Microsoft.VC80.CRT\msvcm80.dll: Trojan.IRC-3 FOUND C:\Program Files\ClamWin\bin\Microsoft.VC80.CRT\msvcp80.dll: Trojan.FakeAV-281 FOUND C:\Program Files\ClamWin\bin\Microsoft.VC80.CRT\msvcr80.dll: Trojan.FakeAV-282 FOUND C:\Program Files\Parallels\Install\080722.15\vcredist_x86.exe: Trojan.FakeAV-280 FOUND C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.manifest: Trojan.FakeAV-280 FOUND C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll: Trojan.IRC-3 FOUND C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll: Trojan.FakeAV-281 FOUND C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll: Trojan.FakeAV-282 FOUND |
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
Those are all false positives, which I believe have been taken care of at Clam. When you get several detections of the same malware, it is often a false positive. Also, malware doesn't usually come in bunches--that would make it too visible, and the virus writers don't want that.
Keep ClamWin set to Report Only. You should especially verify any infections in the Windows directories with Jotti or VirusTotal on the web before you Delete or Quarantine. I prefer Jotti. It only has 20 AVs there to VirusTotal's 40 AVs, but the AVs on Jotti are better quality. With 40 AVs in all, I think VirusTotal's overall detection has become a bit "watered down," although it does include the Big AVs--McAfee, Microsoft, Symantec, and Trend Micro. Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
rschum
|
|
You are right. When I ran these files through https://www.virustotal.com/ nothing was detected. Then I noticed I did not get any virus warning even when I ran clamwin in the quarantine folder.
However, I did notice something strange which makes it difficult for me to put the files back... In the quarantine folder there were a number of files of different dates and different sizes but all with the same name! If all the files have the same name (how is this possible??) how do I know which one to move back out of quarantine? I have since set ClamWin to report only! Thanks so much for your help. By the way, would you happen to have the link to Jotti? |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
Jotti can be found at https://virusscan.jotti.org/en on the web.
Some Windows systems files can be found in several places on XP and older computers, so I wouldn't worry too much there. I'm glad you set ClamWin to Report Only for infected files. If you get several detections of the same virus, it is likely a false positive--most viruses try to be stealthy, so you won't see it very many places. Regards, |
|||||||||||
|
|||||||||||||
|
 | need help dealing with viruses | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.