Hello, I did a quick search of the forums for 'yumi' and found nothing.

I wonder, are both of these false positives? I'm mainly concerned about this Yumi Multiboot USB tool. Not that I had any ads or popups, I did not but it seems to have made 2 USB Flash drives Write Protected and Wintec offers no tool to fix this.

The NirSoft mspass.exe may not be a trojan either - Yumi may be adware, malware, or a virus?

I also had another Trojan.Dropper identified by Malewarebytes, which was a usb repair tool I downloaded for Alcor USB Flash chips hoping to repair the USB thumb drives. No dice. It seems all I get these days out of any Virus scanner is false positives. I believe the source for Yumi is online, but that doesn't mean the binary is safe.

Yumi site: https://www.pendrivelinux.com/yumi-multiboot-usb-creator/

C:\$Recycle.Bin\S-1-5-21-961823594-2365310717-1736971943-1000\$R9GKSTH.exe: Win.Adware.Domaiq-135 FOUND
C:\NirLauncher\NirSoft\mspass.exe: Win.Trojan.Agent-557729 FOUND
C:\Users\me\Downloads\YUMI-2.0.0.6.exe: Win.Adware.Domaiq-135 FOUND
———– SCAN SUMMARY ———–
Known viruses: 3569787
Engine version: 0.98.4.1
Scanned directories: 26435
Scanned files: 139970
Infected files: 3

Data scanned: 19673.89 MB
Data read: 30586.13 MB (ratio 0.64:1)
Time: 6436.669 sec (107 m 16 s)

————————————–
Completed
————————————–

You can verify if files detected by ClamWin are false positives by uploading them to the Virus Total online scanning service, where they will scan the file with over 50 AVs, including the Clam AV scan engine used by ClamWin. I like to see at least 2 of these AVs verify an infection: AntiVir, Bitdefender, Nod32, Kaspersky, and Sophos. The Clam AV scan engine probably has more false positives than most AVs, and it will not detect some viruses until they have been around a while because it has no real heuristics to speak of--just signatures.

If the detection is a false positive, upload it to Clam AV so they can correct their signature--all Clam AV and ClamWin users will benefit. Whitelist the file for a week or two in ClamWin's preferences until Clam AV corrects their signature.

Re: Malwarebytes, I trust it. It is primarily a behavior blocker with static heuristics, but their sigmakers are very good at getting signatures for high profile new viruses. If they detect something, it is probably correct. They are a bit aggressive than most AVs with their potentially unwanted programs/applications however.

Thank you for using ClamWin!

Regards,

Done, nothing but green checkmarks on Virus Total.

Strange, their ClamAV shows a green checkmark too. Something isn't working right with this ClamWin.

mspass.exe is fine . From the NirSoft website:



I've used several of their tools over the years.

Make sure that you have updated ClamWin before you scan--perhaps the online scanning service has a more recent update. Also make sure that you are using the latest version of ClamWin (it looks like you are). One last thing--you may have ClamWin configured to detect potentially unwanted applications (PUA) and the online service may not. I quit detecting PUA some time ago--they are not real viruses, and I would rather worry about the real ones.

With that said, I have recently seen a few times where my copy of ClamWin detected something (not a PUA) and an online scanner with Clam AV did not. In a case like that, I would say that perhaps the Clam AV Linux code has some capability that the ClamWin code ported over to Windows does not--or perhaps you have more recent signature updates than the online service has.


Regards,

Thanks GuitarBob, I will ck it out tomorrow and install clamav it on my Linux partition.

Hello daveydoom. It has been sometime since I seen you post here. Glad to see you are back and active on the forums again, hopefully.

Also, welcome to ClamWin forums mrgoodbytes.

Hello RRK. Glad to see you made it to WI. I'm still trying to find an IM client--maybe today.

Regards,

Is Pidgin not working for you? The only 2 IMs I use is Pidgin and Steam.

I haven't used IM in well over a year now, and the problem is that the IMs now seem to have gotten too intrusive--I don't want to allow them access to any of my information. Also, you have to already have an IM account somewhere else on most of them--they don't seem to be able to do any communication on their own account.

Regards,

Pidgin is good. It's open-source, like ClamWin. I don't think they log information about users, though. You can use OTR https://otr.cypherpunks.ca/ and enable it in chat to prevent chat logging and makes your chat encrypted to prevent ease droppers. Also, I use Peerblock, a open-source, firewall-like, for Windows users. It is designed to block communication from programs that gather information, much like you were saying about data collecting.

Hello to you as well RRK My posting will be sporadic as usual. I have far too much going on in real life these days so my online presence has been greatly diminished for quite some time now. I don't see it changing any time soon either.