I figure these are probably false positives--the files are dated 05/14/2010, which is when the DSL service was started. However, this is an old computer and was full of malware, etc., when I started using it. I just want to make sure. Thanks!

C:\Documents and Settings\D**\Local Settings\Application Data\Xenocode\Sandbox\Qwest High-Speed Internet\7.1.0.0\2009.12.08T01.59\Native\STUBEXE\8.0.1135\@PROGRAMFILES@\Internet Explorer\iexplore.exe: Trojan.Poison-1461 FOUND
C:\Documents and Settings\D**\Local Settings\Application Data\Xenocode\Sandbox\Qwest High-Speed Internet\7.1.0.0\2009.12.08T01.59\Native\STUBEXE\8.0.1135\@SYSTEM@\ipconfig.exe: Trojan.Poison-1462 FOUND
C:\Documents and Settings\D**\Local Settings\Application Data\Xenocode\Sandbox\Qwest High-Speed Internet\7.1.0.0\2009.12.08T01.59\Native\STUBEXE\8.0.1135\@SYSTEM@\msiexec.exe: Trojan.Poison-1462 FOUND
C:\Documents and Settings\D**\Local Settings\Application Data\Xenocode\Sandbox\Qwest High-Speed Internet\7.1.0.0\2009.12.08T01.59\Native\STUBEXE\8.0.1135\@SYSTEM@\PING.EXE: Trojan.Poison-1462 FOUND

~~~ yours in Chaos, Scarlett

They are very likely to be false positives. When you get the same detection for several files, that is often the sign of a false positive. Just to be sure, however, you can upload one of the files to an online scanning service. I like to use VirusTotal at https://www.virustotal.com/ on the web. If more than a couple of AVs, besides Clam AV) find an infection, it is probably for real. If they don't, then you should upload one of the files to Clam AV at https://www.clamav.net/lang/en/sendvirus/ on the web. Clam furnishes the scan engine and signature database used by ClamWin, and they will update their signature for the false positive. When you get to the upload page, be sure to check that it is a false positive, and tell them the exact name of the false detection in the comments section.

Regards,

Thank you!

I am embarrassed that I put a lot of trust into ClamWin. I had setup quarantine and delete on my windows 2008 server and it wiped some of my PHP and mysql files causing my site to crash. Now, I am really embarrassed that I just told you I have php and mysql on windows. LOL.. Nevertheless, I have several reports of other files being Trojans when they are not. It is really hard for me to trust the alerts from ClamWin if I need to upload every file that it thinks is a trojan. Is this due to a definition file? I was so loving ClanWin up until I started receiving false notifications and losing critical files.

I have not lost all trust from ClamWin, but I think the false Trojan alerts need to be correct before it can regain my trust. (10 hours wasted fixing my own stuff)

For example file: \WINDOWS\ServicePackFiles\i386\oemig50.exe: Trojan.Agent-170645 FOUND

I uploaded to virustotal.com and not a trojan.

Computers are only as good as the person/people that are programming them.

I once had Winlogon wiped out by a ClamWin false positive myself. Since then I leave the infected files option to Report Only.

When you have several detections of the same malware, it is frequently a false positive--most viruses are not that visible.

Regards,