New user with a real puzzlement. I ran ClamWin three times and each time it ID'd the following Virus infected file:

C:\Documents and Settings\Default\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-22661f6-2cf1e2eb.zip: Trojan.Gummy.Bytverify FOUND

However, ClamWin does not infact quarantine the file as it should in the file as I have set up the preferences - here is where it should be dumped:


C:\WINDOWS\All Users\.clamwin\quarantine

I have run three times and each time ClamWin identifies the same virus but I cannot find where it has been isoliated so I can delete. What's up with that. I am not the sharpist knife in the drawer, but not the dullest either. Can anyone help?

According to a Clam database search at their Web site, this is malware. It seems to have beeen added 2-25-05. The sample was obtained from the Jotti on-line virus submission site, and Bitdefender may have been the first to spot it.

That's a couple of years old, however, and I'm wondering if it is a false positive. See if you can find the file on your machine at C:\Documents and Settings\Default\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-22661f6-2cf1e2eb.zip. What is the date of the file? If you have another antivirus program, scan the file with it. It appears to be an archive file related to Sun's Java software that is in your personal Docs & Settings folder, so it probably isn't really needed now.

If you find the file, before deleting it, try to upload it to VirusTotal at https://www.virustotal.com/en/virustotalf.html and have them scan it. See what the other antivirus products say about it. If ClamWin is the only one finding malware, then it's probably a false positive. If it is false, I would send a copy of it to ClamAV and tell them so they can do something about it. The Clam virus submission site is at https://cgi.clamav.net/sendvirus.cgi.

Regards,

you have three options when you find a virus, by default it's report only, you can change in options
if you want to quarantine or remove, I suggest quarantine since some times it spots a false positive

Sherpya:

He said that he had set ClamWin preferences to quarantine but that ClamWin did not do so. If this is true (and I guess we have no reason to doubt it), is there any reason that ClamWin would not/could not move something into quarantine?

Regards,

GuitarBob was correct and his solution was the route that I took. However, it would appear that things with ClamWin are NOT all good. The program repeatedly showed a virus, but would not isolate it in the designated "Q" file. In fact, each time I ran the program (5 times) it came up with a varity of problems that were in fact no to be found. I finally uninstalled the program, ran a registary fixer, defraged my machine and put ClamWin back on and ran it for a sixth time. It found nothing. So, my asumption is that ALL hits were false positive findings and as such, I have added AVG back on my machine and will only run ClamWin when I hear or read that a new nasty virus is running the web. Then I will boot Clam (naturally after closing Grisoft) and download the updates and run the program. It is a good second check, but as the primary virus tool it fails on two accounts..first it does not run in real time like the Grisoft AVG program and by my experience the ClamWin program is too much trouble for the benefits that it provides by using it as the sole solution for virus screening. A complete scan takes too damn long only to have given this user numerous flase positive results. I spent way too much time chasing my tail. But since I use my machine for my free-lance work, I figure that I can never be too careful in making sure my machine is virus free.

Thanks to all who took the time to address my problem. You are a good group of folks and I applaud your efforts to help a fellow user. What a thoughtful group of folks you truly all are!

djnsfca