Yesterday I deleted all the quarantine items from the quarantine box and then I discovered that the ClamWin Virus Check didn't work anymore. I tried to reset the quarantine box to an earlier recovery point, but it didn't help. Also I have tried to fix it by downloading WinClam again, overwriting the existing version on my pc, but didn't fix it either. I am afraid certain essential tools are removed from pc. Any advice?

ClamWin will usually not quarantine important Microsoft files--it has some protection against doing that.

Can you use the Windows System Restore to go back to a time prior to the quarantine?

Can you run the QRecover.exe file in the C:\Program Files (x86)\ClamWin\bin folder to restore the files from quarantine?

Regards,

Hi Bob, Thanks very much for your reaction. Yes, I did all of that, but problem is still there. I don't know if it can be helpful but what I did notice when resetting the quarantine folder recovery to an earlier date, is that there were six small text files, named: "3.4.2._32239.exe.infected.000.infected.000.infected.000.infected..... etc.(000.infected. 15x!) that didn't want to go with the reset because 'the name of the file was to long for the system to handle' as a pop-up notice showed. I had to skip them. But maybe this is not very essential information because in the resetted quarantine folder there are lots of this 3.4.2._32239.exe.infected.000.infected.000.infected.000.infected..... files to find. Only the ones with the longest name didn't make it to the resetted quarantine folder. What now?

I forgot to ad that the scanner gives the impression to work ( green arrows going down at the leftside ), but there is nothing coming up in the screen..

System Restore will not affect files in ClamWin's quarantine folder. Did you try to use the QRecover program in the ClamWin\bin folder? How many files are in quarantine? You want to see if they really are infected, so upload a few of them to Virus Total to see what the Virus Total AVs say about them. If they are detected by several AVs at Virus Total, you can delete them. Files that are wrongly detected by ClamWin are false positively detected, and you should "whitelist" them in ClamWin's Tools , Preferences, Filters, Exclude matching filenames (whitelist just the filename and extension). The whitelisted items will keep ClamWin from wrongly detecting them again. Then you can manually move them back to their location per the accompanying text file placed in quarantine with the file.

I suggest that you get a copy of free Malwarebytes Antimalware and do a full scan with it to make sure your computer is clean. Keep it around for regular use. Also, after all this is fixed, use a real-time AV along with ClamWin. You need real-time protection to keep Viruses off your computer. ClamWin only works after they get on your computer and you do a scan with it.

Regards,

Thanks for the reply Bob. I did do the QRecovery, but a lot of the files couldn't be put back in the quarantine, because 'the file wasn't detectable on the system', as the system told me. I checked at your advice the existing files in the quaratine folder at Virus Total. The most part of it are 1 kb text files. But also there are some bigger files, all Adobe and Acrobat, and when tested with VT they appeared all to be clean to my surprise. These Adobe and Acrobat files date all from 2013 so not sure if that possibly could have caused the existing problem with the Clamwin scanner?! But I will put them back following the path in the text, at least if you think that would be ok thing to do and there is no risk of messing up Acrobat..?

Yes, if Virus Total cleared the files in quarantine (except for being detected by the Clam AV scan engine used by ClamWin), put them back in their original folder. You can either whitelist each file, or if they are all in one or two folders, whitelist the folder (C:\folder\*). If Clam AV falsely detected them on Virus Total, they will send the files to Clam AV so Clam can correct its false signature. If the files were from only one or two folders, you should upload one or two of the files to Clam AV--it might get Clam AV to hurry up with a correction. It might take Clam AV some time to correct their signature(s).

I want you to be properly protected on the web, so remember what I said about using a real-time AV, and keep ClamWin as a "second opinion" scanner. Windows Defender is a decent AV (it's free) for Windows 8 and 10.

Regards,

Thanks a lot for your help Bob. I solved eventually the problem by deleting ClamWin totally and install it again. Now it is working properly again. Just one remark: there are some files detected by the CW scanner with apparently a Trojan in it. When put through the VT scan however only CW is stating this, all the 50 or so others not. How come?

Glad you got it fixed. A reinstall can sometimes solve a lot of problems. Evidently the virus signature prepared by Clam AV falsely detects a virus in the file--a "false positive." Clam AV will usually correct false positives because Virus Total notifies AVs when they are the only one of 50+ AVs to detect a file. To speed things up, you might try to upload the file at https://www.clamav.net/contact on the web. Select the "Report A False Positive" option.

Thanks for using ClamWin!

Regards,