| HarryStottle
 
 
 
			| Joined: 14 Feb 2008 |  | Posts: 0 |  | Location: UK |    |  | 
	
		|  Posted: Tue Feb 19, 2008 10:42 pm |  |  |  |  
		|  |  |  have just installed Clam on a BartPE Startup disk and randomly tested it on a laptop I've only just set up. 
 Well impressed. But also worried. It claims to have found - in the pagefile.sys no less - a virus with the name vgen.1055.0 which I've never heard of and nor has anyone else on the web - including the major antivirus vendors none of whom have it in their online libraries. There are half a dozen sites listing it amongst a list of worms, but nothing explaining or justifying that inclusion. No commentary is available anywhere. (at least not that I could find)
 
 So does anyone here have any clue what it may be?
 | 
	| 
 | 
	| GuitarBob
 
 
 
			| Joined: 09 Jul 2006 |  | Posts: 9 |  | Location: USA |    |  | 
	
		|  Posted: Wed Feb 20, 2008 1:01 am |  |  |  |  
		|  |  |  Was this by any chance a PUA detection?  If you have ClamWin's PUA detection turned on, the PUA signatures trigger on hacker tools, which are not necessarily viruses/malware, but they can be used for that purpose.  If not a PUA, then I suggest that you upload the file containing the "malware" to Jotti and see what over 20 other scanners say about it.  If any of them spot something, they will have a name you can cross reference.  If no other scanners spot it, then tell Clam it is a false positive at https://cgi.clamav.net/sendvirus.cgi on the Web.
 Regards,
 | 
	| 
 | 
	| sherpya
 
 
 
			| Joined: 22 Mar 2006 |  | Posts: 0 |  | Location: Italy |    |  | 
	
		|  Posted: Wed Feb 20, 2008 12:12 pm |  |  |  |  
		|  |  |  do not scan pagefile, remove it if you want, clamav may found a pattern signature that belongs to the one that loaded in memory when windows was running
you may found random viruses just because the pattern was loaded by a running av
 | 
	| 
 |