 |
 | False Positive |  |
|
trumpy81
|
|
GDay All,
I have been using Clamwin for quite some time, but recently I have been receiving possible false positives and a number of permission denied responses at scan time. C:\Program Files\NoteTab Pro 6\NotePro.exe is reported as a virus, but only when it is running in the background (It is loaded at boot time). A manual scan of the file on disk reports NO Virus present. Another file which I believe to be a false positive is C:\Program Files\FileZilla FTP Client\uninstall.exe. A manual scan of this file DOES report a virus although I seriously doubt that it is infected. I have scanned both files using Microsoft Security Essentials and both passed with no virus detected. The question is, what should I do about these issues? Here is my log for the latest scan of C:\. Scan Started Thu Oct 07 06:30:00 2010 ------------------------------------------------------------------------------- *** Scanning Programs in Computer Memory *** *** Memory Scan: using ToolHelp *** C:\Users\ADMINI~1\AppData\Local\Temp\clamav-2e8d89b338ceb0c4ded2487b09227476.00001598.clamtmp: Trojan.Mybot-10790 FOUND Unloading program C:\Program Files\NoteTab Pro 6\NotePro.exe from memory *** Scanned 60 processes - 902 modules *** *** Computer Memory Scan Completed *** WARNING: Can't open file \\?\C:\hiberfil.sys: Permission denied WARNING: Can't open file \\?\C:\pagefile.sys: Permission denied C:\Program Files\FileZilla FTP Client\uninstall.exe: Trojan.Dropper-26461 FOUND WARNING: Can't open file \\?\C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3dfcdd2eab9ee9a93809a8f759151e2f_ec99d85f-739b-4379-9f7d-791dae6a6311: Permission denied WARNING: Can't open file \\?\C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8d5d954707afef026e992f07c3684f7c_ec99d85f-739b-4379-9f7d-791dae6a6311: Permission denied WARNING: Can't open file \\?\C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\90d42e36a5b2a7ca80810fd1bd3bb123_ec99d85f-739b-4379-9f7d-791dae6a6311: Permission denied WARNING: Can't open file \\?\C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\98f3273d3fb622b0a69789ef79f8d5e7_ec99d85f-739b-4379-9f7d-791dae6a6311: Permission denied WARNING: Can't open file \\?\C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae0f604616bf1f5ebe3c72b993692634_ec99d85f-739b-4379-9f7d-791dae6a6311: Permission denied WARNING: Can't open file \\?\C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cec7e19f66854e104182c3c0f983e3a8_ec99d85f-739b-4379-9f7d-791dae6a6311: Permission denied WARNING: Can't open file \\?\C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc5dcf6b1c63db87fefc695c95c8a903_ec99d85f-739b-4379-9f7d-791dae6a6311: Permission denied WARNING: Can't open file \\?\C:\ProgramData\Microsoft\Microsoft Antimalware\MpScanCache-1.bin: Permission denied WARNING: Can't open file \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb: Permission denied WARNING: Can't open file \\?\C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Permission denied WARNING: Can't open file \\?\C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Permission denied WARNING: Can't open file \\?\C:\Users\Administrator\AppData\Local\Microsoft\Windows Live Contacts\{7c30927a-7f47-40c8-9337-301d833b91ed}\DBStore\contacts.edb: Permission denied WARNING: Can't open file \\?\C:\Users\Administrator\AppData\Local\Microsoft\Windows Live Contacts\{7c30927a-7f47-40c8-9337-301d833b91ed}\DBStore\tempedb.edb: Permission denied WARNING: Can't open file \\?\C:\Users\Administrator\AppData\Local\Microsoft\Windows Live Contacts\{c62658df-2945-425a-b955-1c6a245c15b9}\DBStore\contacts.edb: Permission denied WARNING: Can't open file \\?\C:\Users\Administrator\AppData\Local\Microsoft\Windows Live Contacts\{c62658df-2945-425a-b955-1c6a245c15b9}\DBStore\tempedb.edb: Permission denied WARNING: Can't open file \\?\C:\Users\Administrator\ntuser.dat.LOG1: Permission denied WARNING: Can't open file \\?\C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3dfcdd2eab9ee9a93809a8f759151e2f_ec99d85f-739b-4379-9f7d-791dae6a6311: Permission denied WARNING: Can't open file \\?\C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8d5d954707afef026e992f07c3684f7c_ec99d85f-739b-4379-9f7d-791dae6a6311: Permission denied WARNING: Can't open file \\?\C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\90d42e36a5b2a7ca80810fd1bd3bb123_ec99d85f-739b-4379-9f7d-791dae6a6311: Permission denied WARNING: Can't open file \\?\C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\98f3273d3fb622b0a69789ef79f8d5e7_ec99d85f-739b-4379-9f7d-791dae6a6311: Permission denied WARNING: Can't open file \\?\C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ae0f604616bf1f5ebe3c72b993692634_ec99d85f-739b-4379-9f7d-791dae6a6311: Permission denied WARNING: Can't open file \\?\C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cec7e19f66854e104182c3c0f983e3a8_ec99d85f-739b-4379-9f7d-791dae6a6311: Permission denied WARNING: Can't open file \\?\C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fc5dcf6b1c63db87fefc695c95c8a903_ec99d85f-739b-4379-9f7d-791dae6a6311: Permission denied WARNING: Can't open file \\?\C:\Users\All Users\Microsoft\Microsoft Antimalware\MpScanCache-1.bin: Permission denied WARNING: Can't open file \\?\C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb: Permission denied WARNING: Can't open file \\?\C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb: Permission denied WARNING: Can't open file \\?\C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1: Permission denied WARNING: Can't open file \\?\C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\config\default: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\config\DEFAULT.LOG1: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\config\RegBack\DEFAULT: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\config\RegBack\SAM: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\config\RegBack\SECURITY: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\config\RegBack\SOFTWARE: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\config\RegBack\SYSTEM: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\config\sam: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\config\SAM.LOG1: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\config\security: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\config\SECURITY.LOG1: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\config\software: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\config\SOFTWARE.LOG1: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\config\system: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\config\SYSTEM.LOG1: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{20abe20b-bd0d-11df-b074-001485902f97}.TM.blf: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{20abe20b-bd0d-11df-b074-001485902f97}.TMContainer00000000000000000001.regtrans-ms: Permission denied WARNING: Can't open file \\?\C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{20abe20b-bd0d-11df-b074-001485902f97}.TMContainer00000000000000000002.regtrans-ms: Permission denied ----------- SCAN SUMMARY ----------- Known viruses: 838366 Engine version: 0.96.2 Scanned directories: 51569 Scanned files: 324442 Infected files: 2 Data scanned: 39649.77 MB Data read: 68594.18 MB (ratio 0.58:1) Time: 7030.089 sec (117 m 10 s) System = Windows 7 32Bit Professional |
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
Microsot Security Essentials is usually correct, as it has a very low false positive rate. Scan your entire computer with it if you have not already done so, as that seems like a lot of files that cannot be opened. Nevertheless you can see that many sometimes.
Since Clam AV furnishes the signatures and scanning engine for ClamWin, false positives should be reported to Clam AV at https://www.clamav.net/lang/en/sendvirus/ on the web. When you get to the upload page, be sure to indicate it is a false positive, and give the name of the falsely-detected virus in the Comments section of the upload form. If you have multiple detections for the same virus, just send one file. Regards, |
|||||||||||
|
|||||||||||||
|
 | False Positive | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.