Not sure what this is, why it's returning FOUND for Trojans, or whether I should try to remove them or how exactly:

(edited from Notepad++)
Search "FOUND" (21 hits in 1 file)
Line 3: Line 15: C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\de-de\WinPE-WDS-Tools_de-de.cab: Win.Trojan.Agent-6163993-0 FOUND
Line 4: Line 17: C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\sv-se\lp.cab: Win.Trojan.Agent-5596042-0 FOUND
Line 5: Line 19: C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\sv-se\WinPE-SRT_sv-se.cab: Win.Trojan.Agent-5592516-0 FOUND
Line 6: Line 21: C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\WinPE_OCs\de-de\WinPE-WDS-Tools_de-de.cab: Win.Trojan.Agent-6163993-0 FOUND
Line 7: Line 23: C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\WinPE_OCs\sv-se\WinPE-SRT_sv-se.cab: Win.Trojan.Agent-5592516-0 FOUND
Line 10: Line 1565: C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\de-de\WinPE-WDS-Tools_de-de.cab: Win.Trojan.Agent-6163993-0 FOUND
Line 11: Line 1567: C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\sv-se\lp.cab: Win.Trojan.Agent-5596042-0 FOUND
Line 12: Line 1569: C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\sv-se\WinPE-SRT_sv-se.cab: Win.Trojan.Agent-5592516-0 FOUND
Line 13: Line 1571: C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\WinPE_OCs\de-de\WinPE-WDS-Tools_de-de.cab: Win.Trojan.Agent-6163993-0 FOUND
Line 14: Line 1573: C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\WinPE_OCs\sv-se\WinPE-SRT_sv-se.cab: Win.Trojan.Agent-5592516-0 FOUND
Line 17: Line 3115: C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\de-de\WinPE-WDS-Tools_de-de.cab: Win.Trojan.Agent-6163993-0 FOUND
Line 18: Line 3117: C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\sv-se\lp.cab: Win.Trojan.Agent-5596042-0 FOUND
Line 19: Line 3119: C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\sv-se\WinPE-SRT_sv-se.cab: Win.Trojan.Agent-5592516-0 FOUND
Line 20: Line 3121: C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\WinPE_OCs\de-de\WinPE-WDS-Tools_de-de.cab: Win.Trojan.Agent-6163993-0 FOUND
Line 21: Line 3123: C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\WinPE_OCs\sv-se\WinPE-SRT_sv-se.cab: Win.Trojan.Agent-5592516-0 FOUND
Line 24: Line 4698: C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\de-de\WinPE-WDS-Tools_de-de.cab: Win.Trojan.Agent-6163993-0 FOUND
Line 25: Line 4700: C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\sv-se\lp.cab: Win.Trojan.Agent-5596042-0 FOUND
Line 26: Line 4702: C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\sv-se\WinPE-SRT_sv-se.cab: Win.Trojan.Agent-5592516-0 FOUND
Line 27: Line 4704: C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\WinPE_OCs\de-de\WinPE-WDS-Tools_de-de.cab: Win.Trojan.Agent-6163993-0 FOUND
Line 28: Line 4706: C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\WinPE_OCs\sv-se\WinPE-SRT_sv-se.cab: Win.Trojan.Agent-5592516-0 FOUND

If you have more than a couple of detections for the same virus, it is very likely to be a false positive detection. Did ClamWin quarantine or remove the file(s) involved? ClamWin has some protection for false positive detections of important Windows files. If you still have the files, I suggest that you upload a couple of them (one at a time) to Virus Total and see what the 60 or so AVs there see a virus in them. If Clam AV (ClamWin uses the Clam AV scan engine/virus signatures) is the only AV detecting them, Virus Total will send the files to Clam AV so they can correct their false signatures. This might take a while though. You may be able to speed it up a little if you send the same files to Clam AV at https://www.clamav.net/contact on the web. Be sure to select the False Positive report option.

If the false detection(s) is a problem for you, you can exclude/whitelist the files (or their folder) in ClamWin's Tools, Preferences, Filters, Exclude Matching Fillenames option. Check the ClamWin Help, Manual menu.
Thanks for using ClamWin!

Regards,

I have submitted some of these false positives to ClamAV at least twice in the last few months. I have given up on ClamAV fixing them and have just excluded the entire folder. Notice the date on one of my VirusTotal submissions: https://www.virustotal.com/#/file/be9009c54c478b87277a8d4d5b019821d8b017f86ab48b0e5cea4f02a76bb011/detection

Regards,

Thanks for the info, Lipper. I don't know what's wrong at Clam AV now. They are supposed to get a feed from Virus Total when they have a false positive to aid in correction, but they appear not to have anyone working on Clam AV at any time now. I see that they have not even updated their blog about their problem with updates from several weeks ago.

All we can do with ClamWin is exclude/whitelist the file/folder for false positives and check the file with Virus Total every week or so to see when/if Clam AV corrects their signature. I hope every ClamWin user who can is using a real-time AV for primary protection with ClamWin as backup only. I have stopped my scheduled scanning due to false positives.

Regards,

Greetings Bob, and thank you for your comments. Yes, it is a mystery why ClamAV hasn't yet addressed these false positives. In order to rule out a difference in scan engines between .99.1 and .99.2, I scanned my Win 7 partition from Linux with ClamAV .99.2 installed. There was no difference in detection.

Regards,

Clam AV has apparently started fixing these FPs. Scanning with DB 24147, I now only have two remaining FPs in the (Win 7) Windows Kits folder which are:

WinPE-SRT_sv-se.cab (amd64 folder)
https://www.virustotal.com/en/file/4798e5212f9fa950e9190d12fb4029fb47962ce77a83371745f20556886ded41/analysis/1513818034/

WinPE-SRT_sv-se.cab (x86 folder)
https://www.virustotal.com/en/file/17d7dff2f77230f06c46ccfdf1238b1b03da30aff112eae6e5bad895187f6918/analysis/1513817964/

If not corrected in one week, I will resubmit these last items.

Lipper

It might take Clam AV much longer to correct the remaining FPs, Lipper. I think they will get to it eventually--that folder is pretty important.

Merry XMAS to you!

Regards,

Yes, you may be right. Thank you for the holiday greeting, and the same to you and yours.

As ever,
Lipper