Hello, computer novice here.
I recently did a scan with Clamwin and it showed a bunch of infected files. However, a good number appeared inside the quarantine folder. Some said 'not moved/copied since already in quarantine'- but others appeared to be new infections in the quarantine folder that were not listed in previous scans. Why does the scan show files already in quarantine to begin with and do new and existing (copied) infected files in the quarantine folder pose a threat to my computer?

Also the quarantine feature seemed to work for only about half the infected files. Why is this and what are my options for the rest of them?

Finally, I tried to uninstall certain programs (instant messenger/aol) that most of the trojans appeared to be coming from. But while doing so, I got a message from another antispyware program that there were changes being to the Windows security area in the registry. I blocked these attempts (not sure if they fully uninstalled) but didn't know what to make of it. This hasn't occurred previously but I now notice a similar thing happens when I try to remove other programs. ??

Thanks in advance for the assistance.

If you do a complete scan of your computer, and ClamWin scans the quarantine folder, I suggest you exclude the quarantine folder from ClamWin scans. Go to configuration, filters, on the left side, click on the square to go to a new item, and insert C:\ProgramData\.clamwin\quarantine and then save it (this is on Vista--check the general configuration folder to find the location of quarantine on your computer).

Some AVs disable or mangle infected files when they quarantine them, but when ClamWin quarantines a file, it just inserts "infected" or something like that as the file extension. Such a file cannot be run, but if you delete the "infected," it certainly can be run to do its damage. If you are sure a file is infected and not a false positive, just delete it from quarantine. Some ClamWin users prefer to use Report Only instead of quarantine so they can check to make sure an "infection" is not a false positive before it is quarantined.

If ClamWin finds some infected files that it cannot quarantine ClamWin (and Clam AV which furnishes the engine/signatures to ClamWin) would certainly like to see those files.

Re: the uninstall problem, it sounds like you have some kind of infection. I suggest you run a scan with an AV/security product that can clean infections. I suggest you download the free version of Malwarebytes available at https://www.malwarebytes.org/index.php on the web. Keep the defaults and run a Quick Scan with it. If it does not find anything, get into Windows Safe Mode (F8 upon bootup until you see the Safe Mode screen) and do a Quick Scan there. If that doesn't find anything, try the free Bitdefender online scan at https://www.bitdefender.com/scanner/online/free.html on the web. If that doesn't find anything, try the free Blacklight Antirootkit program at https://www.f-secure.com/en_EMEA/security/tools/blacklight/ on the web--just download it to your desktop and run. Blacklight is very safe, but investigate any prgrams it finds before you tell it to rename/delete them.

If you still have not found any infections, you are probably okay. As a last resort, you might try the free F-Secure Linux book/rescue CD at https://www.f-secure.com/en_EMEA/security/tools/rescue-cd/ on the web. Read about it well before you use it, and make sure you save it as an ISO file to your CD.

Regards,

Sir, thank you for the prompt reply.

Clamwin is still scanning the quarantine folder where it seems most of the infections lie, even though I did edit the filter to avoid that folder. I noticed all of the other paths listed in the 'exclude filename' option were just file extensions e.g. *dbx , so maybe I did something wrong.

I believe clamwin is not quarantining some of the infected files from the way they are listed in the report because it just lists them at the bottom without stating that any action was taken.

I tried the Malwarebytes program which did not find anything. Neither did the blacklight program. However, the bitdefender did (oddly, I think different ones than clamwin detected) It looked to be disinfecting them but when the scan was complete, it said my computer was still infected (?)

Not sure what to pursue form here but I do think there is still some kind of problem on the computer, especially with the adobe acrobat reader as it keeps trying to install an update without any prompting.

I send you any of the above log reports if you would like.

Thanks again.

The logs will not do much good. The Clamwin forums are not really devoted to malware cleaning.

I trust Bitdefender--it is a good AV, so if it says you are infected, you probably are. Blacklight cannot find some of the new rootkits. Besides, if malware is on your machine and hidden by a rootkit, it is probably going to be hard to find.

Try a Malwarebytes quick scan from Windows Safe Mode (F8 continuously upon bootup until Safe Mode is entered). If nothing is found, I suggest the F-Secure boot/rescue CD at https://www.f-secure.com/en_EMEA/security/tools/rescue-cd/ on the web. Download it and burn it to a CD as an ISO file--from a "clean" computer, if possible (if not, don't worry). Then make sure you have a physical internet connection (not wireless) on the computer. Insert the CD and restart. Run the CD and just accept the defaults. Choose to update the signature definitiions before scanning. Send me a PM with the results.

Regards,

That malwarebytes scan was clean. However, about the f-secure suggestion- due to where my computer is located, I cannot get a physical internet connection. I don't know if you still feel it is worth going through that whole process.

The other weird thing is I can't uninstall some of the programs I think are infected because they're not listed on the 'add-remove programs' list even though they are on the desktop and/or toolbar.

Anyway, I'll keep trying different things. Thanks again.

@ stdnt4ver .... your´re not too hapy with the outcome, right ? Send me a PM if I can be of help.
Cheers
Mania

PM is presently disabled on the ClamWin forums to prevent spam. It is going to be hard to clean your computer without an internet connection. Most AV/cleaning tools you use will need to be updated for the current sigantures. Try this: download Dr. Web's free CureIt program from an internet-connected computer and put it on a CD. It will include current signatures. then transfer it to your computer and use it within a couple of days. You can run it from CD or copy it to your desktop--it does not need to be installed. Try to delete the desktop programs you do not see installed in Windows programs and that you do not want by right-clicking on them.

Let us know how it goes here.

Regards,