Clamwin says this file:

C:\System Volume Information\_restoreDAAD8284-5896-4B40-A753-8454BDC2E5A5\RP570\A0101347.exe:

is infected with a Trojan virus. I was given the option to save the scan file, but I don't see how I can quarantine
or delete the infected file. What am I supposed to do exactly?

To set up to move infected files to quarantine, right Click on the ClamWin icon in your system tray. Select Configure ClamWin (preferences). Select General preferences. Under Infected Files select Move to Quarantine Folder. Select OK, and re-scan. The file will then be moved to quarantine when the scan is finished. You can actually move the file to quarantine yourself via Windows Explorer. ClamWin will not delete a file for you, so you'll have to navigate to the quarantine folder ( in Windows XP it's
C:\Documents and Settings\All Users\.clamwin\quarantine) and delete it. Presently, I prefer to have ClamWin just notify me instead of quarantining a file. I go to the file on my hard drive and check it out as explained below.

Before you delete, you might want to verify that it is a real virus and not a false positive. You can upload a file for a free virus scan on the Web at https://www.virustotal.com/en/indexf.html. VirusTotal will check it for you with about 30 antivirus scanners and give you a report. If you do this a lot, VT has a downloadable script you can use to automate the process. If a couple of other scanners find the file has a virus, it's probably the real thing, and you can delete it. If it turns out to be a false positive, you should send the file to ClamAV at https://cgi.clamav.net/sendvirus.cgi and tell them so they can change their signatures.

Regards,

It appears that this file might have something to do with the Windows System Restore function, and you might not be able to move it, but I think you should be able to upload it to VirusTotal for checking. If you are unable to do so, turn System Restore off and then rescan with ClamWin. If the scan is okay, turn System Restore back on and set another restore point. Any virus(es) there will be deleted when you turn System Restore off. Some malware can hide in System Restore.

Regards,

hi Bob, thanx for providing the link.
i also think i found a false positive of clamwin but dun know how to submit it.
i just submit it right after reading ur post.
thanx.

P.S:
clamWin really need to improve the ease of use for user.
the submission form only can be found at clamAV website whereas clamwin website dun haf.
i see another post also haf 1 mem cant find where to submit file so its not my own problem.

Well, since ClamAV really takes care of the engine and signatures, the ClamWin developers stay out of the loop with regard to submission of malware. They don't have to worry about anything but improving the Windows product. There has been some mention about a ClamWin virus lab, but that's far in the future, if at all. Keeping track of signatures/submissions takes quite an effort, and the ClamWin project is very small.

ClamAV is really doing a good job updating the signature database. They miss something now and then, but they have developed an "incremental update" process. Their response time is very good, and they are adding about 3,000 signatures per month. That's about as good as any of the commercial antivirus companies. None of them can get every malware signature, so it's up to us to help.

Clam has regular signature updates for malware sent to them them from VirusTotal and Jotti. If you send unknown malware samples to one of them--especially VirusTotal, Clam will get a copy. I think that's probably the best/fastest way right now.

Regards,