Something has changed and now ClamWin will not start on my WinXP system. I have uninstalled and reinstalled the software.

My problems started a few days ago. I usually leave my system on for weeks on end and rarely shutdown or reboot. Last week I shutdown because I was going to be away for a few days. When I tried to turn it on today it would not boot up. The system would POST, then start to boot WinXP, and then start to POST again and repeat the process.

I was not able to boot in safe mode, but was able to boot with the last known good configuration. Once I rebooted, I used msconfig to disable a new startup item (dimdim). Other than that, no changes. Now it will reboot successfully, although it keeps warning that msconfig has changed the startup (maybe it is still using the last known good config). But now, ClamWin does not show up in the task bar. I opened up a cmd window and chdir'ed to the \Program Files\ClamWin\bin folder, and tried typing in ClamWin and ClamTray. The processes momentarily showed up in the task manager, but disappeared within a second. I can not find any log file info that shows what is going on. As I mentioned, I uninstalled and reinstalled the software from a fresh download, but the problem remains the same. When I try starting ClamWin it will not start.

Any suggestions? I would really like to run a scan because I am suspicious about the booting up problem (I am paranoid that one of the reasons my machine would not boot up is that it could be rooted).

Try scans with Microsoft Security Essentials and Malwarebytes' Antimalware. Both are free and are about as good as you can get for AV/Antimalware. Then try an online scan from Nod32. If you are rooted, it may be the TDSS/Alluron thinge--Kaspersky has a free up-to-date tool for it, and you will recall that there were some problems with the last Microsoft patch on XPs when they were infected by the TDSS rootkit. As a last resort, get the F-Secure Linux rescue boot CD--download and burn to CD as an ISO file. Then update with a USB and do a scan. It scans under Linux, so Windows viruses can't hide.

Good luck.

Regards,

I ran MB Antimalware tool, and it detected and deleted a rootkiit, Trojan.Sasfix, Trojan.Witkinat, Backdoor.Bot, etc.

I'm not sure where all of these came from, and when I got them. Perhaps it only activated with the reboot.

Now that I have deleted this ClamWin will now start up and run again. Interesting that ClamWin was disabled just when I really needed it.

Now that I have positively identified an infection, what else should I do? Are Antimalware and ClamWin enough? Should I run one of the off-line tools (like a Linux boot disk)? What else on my LAN might have gotten infected?

I am glad you were able to "fix" things. It sounded to me like you had some malware. I didn't know you were using ClamWin on a LAN. It's too bad you could not have given the Clam people a sample of the malware so they could get signatures for it. It may still be in Malwarebytes' quarantine, but it's best left there or deleted (better yet).

There is some very efficient malware around. If it is new, most AVs cannot detect it--they need to have samples from which to prepare signatures for their databases. That's why we need to send our AV provider any undetected malware and keep our AVs updated. The virus writers have "services" where they upload their malware to see which AVs can detect it. They then change it a little to escape detection. Most likely, the stuff you got was fairly new. Also, when an undetected virus gets on a computer, it frequently enables others to infect it also.

ClamWin is an on-demand scanner (not real-time) and is best used as a backup to a more powerful antivirus--especially if you have a network or surf the web a lot. Home users could use Clamwin with the free Clam Sentinel front end and the free Threatfire behavior blocker for good protection. Malwarebytes is sometimes better at finding embedded malware than at preventing it. Microsoft's free Security Essentials is a good standalone AV, but Alwill's free Avast provides more complete protection, including a web filter. if you have anything other than a home network with just a couple of computers, however, you should use a commercial antivirus suite for complete protection on all computers. The commercial version of either of the two AVs mentioned above will provide good, business-class protection.

Regards,