MD5 77f71bf6970ea10b4cc9aa1d45654aa0
SHA1 be6c74a13de7febf6524649ea06c8915faaf4a33
SHA256 00083bf8fc0b964870c1546c4468b7aff3ac449083ef77fd26b7028ea09d307a
File size 1.5 MB ( 1542656 bytes )
File type Win32 EXE
Version 6.00.2900.5512
Original name EXPLORER.EXE
Internal name explorer
File version 6.00.2900.5512 (xpsp.080413-2105)
LanguageCodePortuguese (Brazilian)

https://www.virustotal.com/pt/file/00083bf8fc0b964870c1546c4468b7aff3ac449083ef77fd26b7028ea09d307a/analysis/1376930416/

is a false positive locking system when removing the "explorer.exe" to quarantine in windows xp.

regardz

Marcelo

It's a false positive, https://lurker.clamav.net/message/20130629.121831.81d64cc1.en.html
You should update your database, it has already been removed.

That looks like on old false positive. Let me suggest that you set ClamWin to automatically update its virus database hourly if you are on the world wide web a lot. Also, make sure you always use the latest version of ClamWin, which is currently version .97.8. You can miss some new detections and/or have some extra false positives if you are not using the latest version.

Thanks for using ClamWin.

Regards,

is possible to make the clamwin restore himself this file (based on the same md5) quarantine folder for Windows again? I'm with some systems in different places (geographically over 200kms) and many of them are not carrying the desktop by this problem. I'm having to go into each one to solve this problem.?
I spotted this problem this morning on a system with 0.97.8 now detected during the afternoon the same problem on systems with 0.97.6 and 0.97.3 with the other.
-----------------------------------------------------------------------------------
pete in the post, he also is using 0.97.8
ClamAV 0.97.8/17435/Sat Jun 29 06:39:26 2013
and accuses Win.Trojan.Bamital-1558

I am using 0.97.8 (version: 17694, sigs: 1614500, f-level: 63, builder: guitar)
and accuses Win.Trojan.Bamital-1559
-----------------------------------------------------------------------------------
already did submit the site clamav .. is it enough?
-----------------------------------------------------------------------------------
Otherwise it is impossible to make an auto-updater for clamwin?
I'm in Brazil, and when there is a need to update, a window appears with the option "download" that leads to the sourceforge site, the window and the site are in English, making it difficult for users who do not know the language.
What is the difficulty in an auto-updater?
I wish I could help translating "Portuguese-BR" as could be helping?

thanks for everything, and thank you for helping to keep clamwin.
hugs.

Marcelo

From what you say, Marcel, this must be a current false positive that has not yet been fixed. Clam AV currently has about 100 false positives that need to be worked on.

The only way to currently restore a false positive is to use the ClamWin Quarantine Browser to restore the false positive file on each machine. Before doing that, you must exclude the file from scanning on each machine via Configure, Filters, Exclude Matching File names. If you are good with batch/script files, you could probably write a batch file to do this.

It is usually enough to report the false positive to Clam AV for correction. It may take some time for them to correct it--no one works on Clam AV signatures full-time, but it should be corrected within 5 to 7 days. If that is too long, you will have to exclude the file from scanning as mentioned above.

The ClamWin developers have not written an auto-updater. Perhaps that is something they could do in the future. Again, it could probably be done with a batch/script file, but it could also be an option in the GUI menu.

Thank you for using ClamWin.

Regards,

I have pointed this false positive out to Clam AV sigmaking. They should do something about it soon.

Regards,

I already straightened with a batch.
I'll see if working in a batch for an auto-update basic.
thank you for everything and
Thank you for supporting the clamwin.
hugs.

PD: I dream of a day with removing registry keys and adware or bloatwares similar to "adware cleaner" of bleeping
he! DealPly, iminent, ask, funmoods and all that junk ...
PD2: How can I help support the translation into Portuguese?

hugs hugs and more hugs!

Marcelo

To help with a translation, visit this contact page at: https://www.clamwin.com/component/option,com_contact/task,view/contact_id,1/Itemid,64/ and leave a message. Tell them you would like to help with a Portuguese translation of ClamWin.

Some AVs do not detect adware--especially if it has a valid digital signature. If you suspect a file not detected by ClamWin is adware, scan it online with Jotti or Virus Total. Dr. Web and Nod 32 are very good at detecting adware.

You might be interested in Clam Sentinel, which has a Portuguese translation. Clam Sentinel is free, open source software just like ClamWin. It lets you use ClamWin in a real-time scanning mode, and it also has its own heuristic scanner that detects malware for which there is no ClamWin signature. You must install ClamWin before installing Clam Sentinel. The Clam Sentinel site is at on the world wide web.

Regards,