ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
ClamWin Free Antivirus Forum Index » Virus Scanner
Reply to topic
False Positive?
Spearo


Joined: 05 Mar 2014
Posts: 0
Post Posted: Wed Mar 05, 2014 9:48 pm Reply with quote
Did a scan and it came up with two infections.
1. C:\Users\GeorgeS\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Indexed\LiveComm\
65acf1f4acf51483\120712-0049\Mail\1\20001f94_b6bd7a3f60443e.eml: HTML.Phishing.Bank-1113 FOUND

2. C:\Users\GeorgeS\AppData\Roaming\0V1L2Z2Z1T1I1L1T\OpenOffice Packages\uninstaller.exe: Win.Adware.Installcore-259 FOUND

Are these false positives or something I should delete?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 9
Location: USA
Post Posted: Wed Mar 05, 2014 10:29 pm Reply with quote
If the file has been on your computer for some time without any change and it is suddenly detected by ClamWin, it is probably a false positive from a new signature. Also, viruses are most frequently found in the users folder or the Windows system32 folder (Windows system64 WOW folder on Windows 64 bit machines).

The best way to verify a false positive, however, is to upload the file to either the Jotti or Virus Total online scanning services. Either one will scan your file with multiple antivirus programs, including the Clam AV scan engine that ClamWin uses. If a couple of other AVs besides Clam AV detect an infection, it is probably not a false positive. False positives should be reported to Clam AV at https://www.clamav.net/lang/en/ on their web site. Select the submit a file link, and choose the option to report a false positive. There is another option to report an undetected virus-infected file.

Thank you for using ClamWin.

Regards,
View user's profileSend private message
Spearo


Joined: 05 Mar 2014
Posts: 0
Post Posted: Wed Mar 05, 2014 11:05 pm Reply with quote
Submitted "1" to Total virus and they (except ClamWin) found nothing. Have submitted it as a False Pos.
Submitted "2" to Jotti and it was picked up 4 times. Will leave this on for now.
Thanks for your help.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 9
Location: USA
Post Posted: Wed Mar 05, 2014 11:53 pm Reply with quote
Yes - #2 was in the users folder and ClamWin detects it as adware, so it looks like a righteous detection--set it up as an exclusion for ClamWin in Filters, exclude matching filenames if you want to keep it . Some AVs are starting to ignore adware now, but some adware is so intrusive that it can't be ignored. I suppose adware is okay if you installed it for a reason (maybe a toolbar that accompanied a desired download), and you are aware of it.

Regards,
View user's profileSend private message
False Positive?
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
 		All times are GMT  
Page 1 of 1  
  
  
ClamWin Free Antivirus Forum Index » Virus Scanner
 Reply to topic