Short history --

1. I recently had a trojan virus that disabled my computer and worked with a professional to clean my hard drive and reload the operating system.
2. Once the operating system was reloaded, I installed Ad-Aware free and have been using.
3. I know I needed more protection than just Ad-Aware and just installed ClamWin on 8-30-11.
4. Please see summary of CLaimWin report below.
5. I have had ClamWin quarantine these files.
6. I have searched the internet and ClamWin forum to see if there was any information. I cannot find any info. Or I may not be looking in the right places.
7. At the moment, it does not appear to be affecting my computer.
8. My operating systems is Windows XP Pro.

REPORT:
C:\WINDOWS\dell\nvraid\nvata.sys: Trojan.Rootkit-3034 FOUND
C:\WINDOWS\dell\nvraid\NvAtaBus.sys: Trojan.Rootkit-3034 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 1028610
Engine version: 0.97.2
Scanned directories: 6174
Scanned files: 67695
Infected files: 2

Thank you.

Upload each file (one-at-a-time) to Jotti at https://virusscan.jotti.org/en on the web or Virus Total at https://www.virustotal.com/ on the web. Either one will scan a file with multiple AVs, including Clam AV, which furnishes the scan engine/signatures for ClamWin. If several other AVs spot an infection, it is probably a real detection and not a false positive one. I like to see two of these AVs verify an infection: AntiVir, Bitdefender, Kaspersky, Nod32, or Sophos.

If it turns out to be infected, just delete it from ClamWin quarantine or from its original folder if not quarantined. If it is a false positive, just run the ClamWin Quarantine Browser program to restore it. You should submit all false positive files and infected but not detected files to Clam AV at https://www.clamav.net/lang/en/sendvirus/ on the web. If a false positive, be sure to change the submission form type to false positive--don't leave it as virus.

If you are still unsure of a file after a Jotti/Virus Total scan, make note of the MD5 hash, paint it, and do a Google search on the hash to see if you can find out anything else about the file.

Anubis at https://anubis.iseclab.org/ on the web will actually run a file for you in their sandbox, and they will give you a report with the results. The report will even include their ratings--by severity. It's very good.

Regards,

I did as you suggested for Jotti & Virus Total. The scans from Jotti and Virus Total for each file only turned up Clam AV spotting it as an as an infection. Based on this, I am comfortable that this is a false positive. I will run the ClamWin Quarantine Browser program to restore it. And, I will will submit the false postive files to Clam AV.

Thanks for your help and the good information.

One more thing, I hope. This is either a blonde or a senior moment. Where do I find the ClamWin Quarantine Browser program to restore the quarantined files. I have ClamWin Version 0.97.2.

Go to Start, All Programs, Find ClamWin and click on it to open up all its associated programs, and you should see the Quarantine Browser program. It's fairly easy to use. Let us know if you have any problems.

Until Clam AV fixes the false positive, you might want to exclude the false positive program(s) from ClamWin scans for a few days. Go to Configure ClamWin (Preferences), Filters. On the left side, click the box (new item) to go to the end of the list, then copy/insert the program name to exclude. The format is: filename.extension (like clamwin.exe). Click OK when finished.

Regards,

Thanks again. I am gong to chalk it up to a senior moment! I have restored the files and excluded them from the scan. And I have reported the files to Clam AV as false positives.