 |
 | To take care of infections |  |
|
norman
|
|
I full scanned with clamwin I've got 5 infections
What do I do about them? I don't see any place to delete them or put them into immunization. Scan started: Thu Dec 14 19:26:22 2006 C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\ccng94cf.default\Cache\0AFB9CCFd01: HTML.Phishing.Gold FOUND C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\ccng94cf.default\Cache\7C769299d01: HTML.Phishing.Auction-272 FOUND C:\WINDOWS\notepad.exe: Trojan.SdBot-4031 FOUND C:\WINDOWS\ServicePackFiles\i386\notepad.exe: Trojan.SdBot-4031 FOUND C:\WINDOWS\system32\notepad.exe: Trojan.SdBot-4031 FOUND -- summary -- Known viruses: 82041 Engine version: 0.88.7 Scanned directories: 4991 Scanned files: 84622 Infected files: 5 Data scanned: 14997.80 MB Time: 13919.766 sec (231 m 59 s) Norman |
|||||||||||
|
|||||||||||||
 |
| |
|
budtse
|
|
Hi,
The infection of NOTEPAD.EXE is a false positive. Update your virus database, this should be fixed by now. The other infection report phishing html pages. They won't do any harm directly, they just try to convince you to give personal data which could be misused (something you should always be suspicious about). I'm not sure clamwin will remove/quarantine these kind of infections though. To check what clamwin does with infected files, please open the clamwin preferences and check the General tab. There you can choose between "Report only", "Remove" and "Quarantine". We advice you to use quarantine as in the case of a false positive (like the notepad.exe notification), you can restore the file if needed. regards, budtse |
|||||||||||
|
|||||||||||||
|
| auomatically qyarantine | |
|
norman
|
|
Budtse'
Thanks for the useful infoemation I guess clamwin does it automatically when you check quarantine. norman |
|||||||||||
|
|||||||||||||
|
| |
|
Traversal
|
|
Thanks,budtse.
But can you tell me the reason of the false positive? |
|||||||||||
|
|||||||||||||
|
| |
|
alch
Site Admin
|
|
the reason is simple: every day there are new signatures (byte sequences of data) added to the virus database by ClamAV team. Sometimes it happens that not only a virus but also a legitimate file has the same byte sequence and is reported as a false positive. If that happens the signature is modofoed to exclude legitimate files.
|
|||||||||||
|
|||||||||||||
|
 | To take care of infections | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.