 |
 | explorer.exe? |  |
|
ohdriver
|
|
Of course when explorer.exe is quarantined my desktop icons disappear and I have to reboot. Why would AV detect this in the WINNT directory?
Scan Started Thu Mar 06 10:29:29 2008 ------------------------------------------------------------------------------- *** Scanning Programs in Computer Memory *** C:\WINNT\Explorer.EXE: Trojan.Patched-6 FOUND Unloading program C:\WINNT\Explorer.EXE from memory *** Scanned 20 processes - 307 modules *** *** Computer Memory Scan Completed *** ----------- SCAN SUMMARY ----------- Known viruses: 222414 Engine version: 0.92 Scanned directories: 0 Scanned files: 327 Skipped non-executable files: 0 Infected files: 1 Data scanned: 97.07 MB Time: 143.477 sec (2 m 23 s) |
|||||||||||
|
|||||||||||||
 |
| Re: explorer.exe? | |
|
b0ne
|
|
It seems to be becoming more and more evident that these "patched" signatures are causing a lot of false positives. |
|||||||||||||
|
|||||||||||||||
|
| Re: explorer.exe? | |
|
rodede
|
|
I have the same problem ... so, it' a false alarme? All the Explorer.EXE that i scan (~10 from differents computers, WindowsXp Professional) report the same error.
Online scan with differents antivirus not found this Trojan.Patch-6, only Clam reporting him Thank you for help, Dan |
|||||||||||
|
|||||||||||||
|
| |
|
bugme
Guest
|
|
Can it have something to do with IE7 pro v.2.1 i wonder?
|
|||||||||||
|
|||||||||||||
|
| |
|
sherpya
|
|
the fp signature should be removed now, please update te virus db
|
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
I just noticed the explorer.exe false positive and told Clam about it. I agree with bOne, and until Clam gets a better handle on those patches, I think ClamWin users should set scanning preferences to Notify instead of Quarantine/Remove--we don't want to lose an important system file to a false positive placed in Quarantine. Clam also needs to run their signatures through the Windows or System32 directories prior to release. I scan twice a day for stuff like that.
Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
ohdriver
|
|
thanks for the quick response!
...and good idea bob about why not to quarantine |
|||||||||||
|
|||||||||||||
|
| |
|
sherpya
|
|
yes for memory scan it's better to report only, also process unload may be disabled but except fp
it's a good idea to kill malware from memory |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
I believe your memory scan bypasses ClamWin's filters--just like a single scan of an individual file. It supposedly unloaded explorer.exe, but I didn't seem to have any problems. I excluded that file from scans for awhile. Looks like Clam fixed the signature now--I don't get a FP any more.
Regards, |
|||||||||||
|
|||||||||||||
|
| Re: explorer.exe? | |
|
Merkwurdigliebe
|
|
I think there is more to this than false positives. I posted a new topic on this instead of hijacking yours. BTW, if you hit CTRL-ALT-DELETE you can use task manager to start a new instance of explorer.exe and you don't have to reboot. |
|||||||||||||
|
|||||||||||||||
|
 | explorer.exe? | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.