GuitarBob
Joined: 09 Jul 2006 |
Posts: 9 |
Location: USA |
|
 |
Posted: Sat Aug 04, 2012 4:40 am |
|
 |
 |
 |
 |
I suspect they are false positive detections--where ClamWin falsely detects an infection. Most malware is stealthy, and you do not usually have multiple incidences of files infected by them (an exception is a file-infecting virus, but this appears to be a trojan). The way to be sure is to upload the files (one at a time) to either the Jotti or Virus Total scanning services. Either one will scan your file for you with multiple AVs, including our Clam AV scan engine. If multiple AVs see an infection, it probably is real and not a false positive. I always like to see 2 of these 5 AVs verify an infection: AntiVir, Bitdefender, Kaspersky, Nod32, and Sophos.
If it is a false positive, upload the file to Clam AV via the Submit A File link on their web site. They will correct their signature within a few days. Keep the files in the ClamWin quarantine folder until they are no longer detected as infected (scan them in the quarantine folder every day or so). You could restore them from quarantine via the ClamWin Quarantine Browser program, but you would have to whitelist them in the Configure, Filters, Exclude Matching Filenames option.
Regards,
|