 |
 | False Positives? |  |
|
kenact
|
|
Hi all, this is my first post here.
I am running ClamWIN on a server running WSUS. A scan yesterday produced the following result: C:\WSUS\WsusContent\6E\D4DDFB2723835E96DFB70975317237AF9D51AD6E.CAB: W32.Virut.Gen.D-159 FOUND C:\WSUS\WsusContent\6E\D4DDFB2723835E96DFB70975317237AF9D51AD6E.CAB: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\D4DDFB2723835E96DFB70975317237AF9D51AD6E.CAB.infected' C:\WSUS\WsusContent\7F\1B380133AF898CF956D8B39992761EAC3F86137F.CAB: W32.Virut.Gen.D-159 FOUND C:\WSUS\WsusContent\7F\1B380133AF898CF956D8B39992761EAC3F86137F.CAB: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\1B380133AF898CF956D8B39992761EAC3F86137F.CAB.infected' These are cabinet files downloaded last month from Microsoft through the Windows Software Update Service. Both cab's have a VBE6.msp Windows Installer file in them. Because of the obtuse method MS uses to distribute their updates, I have no idea how to find out what these updates are and find the associated MD5 hash. Any suggestions? Thanks, Ken |
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
ClamWin sometimes gives a false positive after the Windows update--especially on the Virut malware, as Virut must use some similar install code. Perhaps you could check the Microsoft description/information about he updates to some info.
If the files were not changed since the Windows update, a false positive is very likely. Regards, |
|||||||||||
|
|||||||||||||
|
 | False Positives? | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.