 |
 | Is this perhaps a false detection? |  |
|
Marc W2
|
|
On my second windows 2000 machine (I have got two) I get this message:
C:\WINNT\$NtServicePackUninstall$\ndis.sys: Win.Trojan.Agent-272207 FOUND C:\WINNT\$NtServicePackUninstall$\tcpip.sys: Win.Trojan.Virtumonde-259 FOUND If I look up Virtumonde, according to the documentation, it should produce fake virus detected messages, directing me to site where I should buy anti virus. Nevertheless I do not have this problem. Could this be a so called false negative? What should I do? I have deleted those files. I am presently running a full system scan again. |
|||||||||||
|
|||||||||||||
 |
| |
|
Marc W2
|
|
I think I should say false positive not false negative right??
Anyway I mean there is a detection for a coincidental match of a bitcode pattern but actually no problem. |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
Yes, a false positive is when something is wrongly detected as a virus. A false negative detection is when something is not detected and it should be.
Anyway, your detections are probably false (Virtumonde doesn't seem to be that active now), but you should upload each one to either Jotti or Virus Total to be scanned by multiple AV programs, including the Clam AV scanning engine used by ClamWin. Look for at least a couple of detections by quality AVs for verification. I like to see at least a couple of these AVs detect something: Avira AntiVir, Bitdefender, Eset Nod32, Kaspersky, or Sophos. Avast, Fortinet, and Microsoft are also pretty good. Microsoft seldom gets a false positive. If a virus file is very new, it may not be detected by very many AVs until it has been around for a couple of days, so maybe a detection of only one of quality AV would be sufficient then. The AV service will tell you when they have last scanned a file. You should submit all false positive detections to Clam AV at https://www.clamav.net/lang/en/sendvirus/ on the web so they can change the signature. There is one link for false positive submissions and another link for undetected virus submission. Thank you for using ClamWin! Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
Marc W2
|
|
Thank you. I already removed the file, but the next time I will do what you suggested and improve the clamav definitions.
|
|||||||||||
|
|||||||||||||
|
 | Is this perhaps a false detection? | |
|
|||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.