I am a novice when it comes to this so please reply in terms I might understand but when I scan I keep getting viruses showing. The first scan showed 4 worms but it was set to just notify me. I changed the settings to quarantine and ran another scan. It still showed the 4 worms found as expected. I ran a third scan overnight and this morning the report indicated 6 viruses found. I downloaded ClamWin because MalwareBytes had found and quarantined 300+ Trojans. After the last finding of 6 viruses this morning I ran MalwareBytes for a thorough scan and came up with nothing. I ran the on line BitDefender after diabling my Trend Micro Security Titanium Real time scanner (which obviously is not picking up or preventing these worms) and also came up clean. I would assume that the viruses are being quarantined but when I try to find the log files at C:\ProgramData\.clamwin\log\ClamScanLog.txt I cannot find anything. I am running Windows 8.0 and when I do a search of files it cannot find anything. I don't even see ProgramData listed when I look on my C drive. Help?

What is your operating system? Windows 8 hides some folders, including program data, by default. To change this, go to the Control Panel, Folder Options, and check Show Hidden Files Folders and Drives, Apply, and Okay. If you are running another OS, check this out anyway.

Malwarebytes is much better than ClamWin at detection. As stated on the main web page, ClamWin is best used as a backup scanner. Even Malwarebytes does not detect all malware, however. If you have not enabled the Malwarebytes scan for rootkits option, do so and rescan with it. If nothing is found, you are probably clean. Just to be sure, if you are not using Windows 8, get into Safe Mode (hit F8 repeatedly upon bootup) which prevents some viruses from activating, and do another scan with Malwarebytes and ClamWin. You have to jump through hoops to enter Safe Mode if you have Windows 8. You can read up on it on the web.

Thanks for using ClamWin!

Regards,

Thank you GuitarBob. It apparently was a hidden file and now that I can find it and opened it on Windows 8.0 it shows the quarantined infections. How do I keep WinClam from scanning that file and reporting those quarantined viruses again as that is apparently what is happening?

Thanks in advance.

You can exclude files or folders from ClamWin scans by configuring the filters. You can right click on the ClamWin icon in the system tray, select configure, filters. On the left side of the screen that shows Exclude Matching Filenames, click on the second icon (square or new item). This opens up the insertion function for items to exclude. You can exclude files by typing the filename.extension (example: clamwin.exe). You can exclude folders by typing c:\folder\subfolder-if any\ (example: c:\programs\clamwin\bin\* - this will exclude all files in that folder or you can name a filename.extension from the folder to exclude). After inserting one item, if you have another, go to the second icon (square or new item) again and repeat for the new item(s). When you are through, click OK. This process is similar on the other side if you ever want to use a custom set of extensions to scan--ClamWin will scan all extensions otherwise.

Regards,

I will do that. I really appreciate the help. Thanks again.

Just to be sure...would I type the following in order to exclude the quarantined folder--c:\programdata\clamwin?...without the question mark or would I need to place a .exe or some other extension after it? I really am a novice at this. Thanks.

Type C:\ProgramData\.clamwin\quarantine\*

There is a period preceding clamwin, (that's the way the developers set it up) and the star indicates all files are to be excluded. You could just go to that folder, right click your mouse after the location name and select to copy the address--that way you will not have to type anything except the star.

Regards,

Once again, thank you very much. The last scan I ran (without excluding anything) picked up and quarantined one additional virus but did not report anything that was in the quarantine folder so it looks like it is ignoring the previously quarantined items on its own. I have written to Trend Micro as I have their Maximum Security program installed and it neither prevented nor detected the infections. Not too good for a relatively pricey annual program. I think that setting ClamWin to do a nightly scan is going to be my best bet.

You have to watch those ClamWin false positives--it is more apt to have one than many other AVs. Our scan engine provided by Clam AV was originally designed for Linux email servers--not for use on a Windows system. Trend Micro can have a false positive one now and then too.

You can verify files by uploading them to the online Virus Total scanner. If several other files besides ClamWin say a file is infected, it probably is. I like to see at least 2 of these AVs detect something: Avira AntiVir, Bitdefender, Eset Nod32, Kaspersky, or Sophos.

Regards,

An online BitDefender Quick scan did not detect several viruses that ClamWin subsequently did and quarantined. False positives? Certainly the 340+ Trojans that MalwareBytes caught and quarantined should have been caught by Trend Micro. Don't you think?

Avast Anti-virus is good. If it detects a virus, it most likely is a virus then, as well, and it rarely ever has false positives.

If you do happen to run across a false positive, the best thing to do is upload to virustotal here: https://www.virustotal.com/ then upload the virustotal report and the false positive file to the ClamAV false positive support here: https://www.clamav.net/contact.html It may take them sometime to have a fix for it.

OK will keep that in mind and do it when appropriate. Thanks.

I ran each of the quarantined files (there were 4 separate ones with 2 being repeated on multiple scans) through "virus total" (https://www.virustotal.com/) and they came up with no virus from any of the other programs. I submitted each of them to https://www.clamav.net/contact.html and now will see what happens but since it was coming up with a supposedly infected file on every scan, which really worried me, I feel better now after those results of probable false positives. Your help and support is much appreciated.

Thank you for using ClamWin. It is a good second opinion scanner, and I am certain that users can get help easier/quicker here on the ClamWin forums than they could get from most commercial AV software. The ClamWin developers are always around if needed. We look forward to future improvements in ClamWin to provide more functions/protection to our users.

Regards,