 |
 | Trojan.Small-152 |  |
|
BK
|
|
A scan detected a virus Trojan.Small.152 on my computer. I searched a number of AV sites for a removal tool but could not find one. I then deleted the file from the Clanwin Quarantine folder. A further scan showed that two files with the same virus - my computer seems to have automatically restored the file.
I then re-started my computer in safe mode and tried deleting the files. But my system automaticallyrestored them again. What can I do? I tried scanning with both Symantec and Mcaffee and neither detected a virus. Any advise would be much appreciated. Breda |
|||||||||||
|
|||||||||||||
 |
| |
|
alch
Site Admin
|
|
paste the report please where clamwin finds these files.
|
|||||||||||
|
|||||||||||||
|
| Trojan.Small-152 | |
|
BK
|
|
This is the report. I have searched everywhere and can't find a removal tool.
What should I do? Breda C:\Documents and Settings\All Users\.clamwin\quarantine\A0035015.EXE: Trojan.Small-152 FOUND C:\Documents and Settings\All Users\.clamwin\quarantine\A0035016.EXE: Trojan.Small-152 FOUND -- summary -- Known viruses: 42123 Engine version: 0.88 Scanned directories: 3054 Scanned files: 71630 Infected files: 2 Not moved: 2 Data scanned: 9872.45 MB Time: 4143.886 sec (69 m 3 s) -------------------------------------- Scan started: Fri Jan 13 20:45:57 2006 C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP234\A0035246.EXE: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\\A0035246.EXE' C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP234\A0035247.EXE: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\\A0035247.EXE' ERROR: Can't open file C:\windows\system32\config\default ERROR: Can't open file C:\windows\system32\config\sam ERROR: Can't open file C:\windows\system32\config\security ERROR: Can't open file C:\windows\system32\config\software ERROR: Can't open file C:\windows\system32\config\system C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP234\A0035246.EXE: Trojan.Small-152 FOUND C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP234\A0035247.EXE: Trojan.Small-152 FOUND -- summary -- Known viruses: 42123 Engine version: 0.88 Scanned directories: 3054 Scanned files: 71915 Infected files: 2 Data scanned: 9881.33 MB Time: 7290.653 sec (121 m 30 s) -------------------------------------- |
|||||||||||
|
|||||||||||||
|
| |
|
alch
Site Admin
|
|
does it always finf infected files in this folder only:
C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP234 |
|||||||||||
|
|||||||||||||
|
| |
|
BK
|
|
This is the first virus that's been detected on my computer.
It was also found in this folder. I have not deleted from the Quarantine folders since so it has just remained there. It first showed up late last week. C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP231\A0034975.EXE: Trojan.Small-152 FOUND C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP231\A0034975.EXE: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\\A0034975.EXE' -------------------------------------- |
|||||||||||
|
|||||||||||||
|
| |
|
alch
Site Admin
|
|
does clamwin find the virus in
C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP231\A0034975.EXE: every time you scan? |
|||||||||||
|
|||||||||||||
|
| |
|
BK
|
|
Yes - it finds the virus in the same place every time I delete it from the Clamwin Quarantine folder. I have not deleted it from the Quarantine folder since Saturday and the virus has remained there and does not show up in the system volume information\_restore file.
This is the latest Scan report: Scan started: Mon Jan 16 10:41:26 2006 File excluded 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0035304.EXE' File excluded 'C:\Documents and Settings\All Users\.clamwin\quarantine\A0035305.EXE' ERROR: Can't open file C:\windows\system32\CatRoot2\tmp.edb ERROR: Can't open file C:\windows\system32\config\default ERROR: Can't open file C:\windows\system32\config\sam ERROR: Can't open file C:\windows\system32\config\security ERROR: Can't open file C:\windows\system32\config\software ERROR: Can't open file C:\windows\system32\config\system C:\Documents and Settings\All Users\.clamwin\quarantine\A0035304.EXE: Trojan.Small-152 FOUND C:\Documents and Settings\All Users\.clamwin\quarantine\A0035305.EXE: Trojan.Small-152 FOUND -- summary -- Known viruses: 42487 Engine version: 0.88 Scanned directories: 3033 Scanned files: 58236 Infected files: 2 Not moved: 2 Data scanned: 9640.45 MB Time: 6853.959 sec (114 m 13 s) |
|||||||||||
|
|||||||||||||
|
| |
|
BK
|
|
I tried scanning the infected file with Virustotal and it showed that just Clamwin shows it as a virus. See report below. Again any insights or advice is appreciated. Should I just ignore this or is it really a virus?
This is a report processed by VirusTotal on 01/16/2006 at 18:09:55 (CET) after scanning the file "A0035304.EXE" file. Antivirus Version Update Result AntiVir 6.33.0.77 01.16.2006 no virus found Avast 4.6.695.0 01.16.2006 no virus found AVG 718 01.16.2006 no virus found Avira 6.33.0.77 01.16.2006 no virus found BitDefender 7.2 01.16.2006 no virus found CAT-QuickHeal 8.00 01.16.2006 no virus found ClamAV devel-20051123 01.15.2006 Trojan.Small-152 DrWeb 4.33 01.16.2006 no virus found eTrust-InoculateIT 23.71.50 01.16.2006 no virus found eTrust-Vet 12.4.2044 01.16.2006 no virus found Ewido 3.5 01.16.2006 no virus found Fortinet 2.54.0.0 01.15.2006 no virus found F-Prot 3.16c 01.16.2006 no virus found Ikarus 0.2.59.0 01.16.2006 no virus found Kaspersky 4.0.2.24 01.16.2006 no virus found McAfee 4675 01.16.2006 no virus found NOD32v2 1.1368 01.16.2006 no virus found Norman 5.70.10 01.16.2006 no virus found Panda 9.0.0.4 01.16.2006 no virus found Sophos 4.01.0 01.16.2006 no virus found Symantec 8.0 01.16.2006 no virus found TheHacker 5.9.2.074 01.14.2006 no virus found UNA 1.83 01.13.2006 no virus found VBA32 3.10.5 01.16.2006 no virus found VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En espa?ol -------------------------------------------------------------------------------- www.virustotal.com :: ©Hispasec Sistemas 2004,05 :: e-mail info@virustotal.com |
|||||||||||
|
|||||||||||||
|
| |
|
alch
Site Admin
|
|
I think you are right and it is a false positive. You may submit it to https://clamav.net/sendvirus.html
|
|||||||||||
|
|||||||||||||
|
 | Trojan.Small-152 | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.