When I searched the "infected" file with virustotal.com, only 5 of 32 programs found a threat. However, all five programs named it something different and none of the major ones (Symantec, McAfee, Kaspersky) found anything at all.

the summary from virustotal: https://www.virustotal.com/analisis/fa2959afa361b1a80ed61c357a9d1839 https://www.virustotal.com/analisis/fa2959afa361b1a80ed61c357a9d1839

My original scan with ClamWin showed this:

Scan Started Tue Mar 04 23:37:59 2008

-------------------------------------------------------------------------------



WARNING: Can't open file \\?\C:\Documents and Settings\hany\Local Settings\Temp\~DFD3B0.tmp, Permission denied

WARNING: Can't open file \\?\C:\hiberfil.sys, Permission denied

WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied

WARNING: Can't open file \\?\C:\WINDOWS\SoftwareDistribution\EventCache\EB1CD34D-09E1-4127-8905-90568E9A1409.bin, Permission denied



C:\WINDOWS\cfdemo.scr: Trojan.Dropper-1200 FOUND

----------- SCAN SUMMARY -----------

Known viruses: 221406

Engine version: 0.92

Scanned directories: 9799

Scanned files: 106695

Skipped non-executable files: 2302

Infected files: 1


--------------------------------------

If 5 different AV scanners find a virus/malware in a file, it is probably ( but not 100% certain) malware. The AV companies don't all use a common signature naming system (they should), so that's why they can have different names for the same infection. The .scr extension has been a popular one for malware writers to use/infect, and it looks kind of strange in the Windows directory.

I'm curious as to how long that file has been on your computer. According to my research, AVG antivirus found a similar virus back in May of 2007, so it's been around for a while. I would think it's old enough for most scanners to find it. Here's a link to the Google search I did https://www.google.com/search?hl=en&q=cfdemo.scr on the Web. Look especially at that 2nd listing. If that's the malware you have, it could be nasty.

If you have ClamWin set to Notify (not Quarantine or Remove), my suggestion is to do another Clamwin scan of the directory. If it still turns up, remove it. If you have quarantined the malware, remove it if all of the software programs that you use seem to be working okay and if your Windows functions (Control Panel, Task Manager, Security Center, Windows Folders access, etc.) seem to also be working okay. After removal, do another scan this time in Windows Safe Mode. if ClamWin doesn't find anything, you are probably okay. If it finds something again, it's a persistent little bugger, and you might need some removal help. See the helpful removal links below.

Experienced Malware Removal Assistance (Generally Free)
Alliance Of Security Analysis Professonals is a good starting point at https://asap.maddoktor2.com/
A-Squared (Emsisoft) (with initial self help) at https://forum.emsisoft.com/Default.aspx?g=topics&f=38
Castle Cops (with initial self help) at https://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
Malwareteks (same personnel as Emsisoft with initial self help) at https://www.malwareteks.com/forum.html
Spyware Warrior has free help and a list of rogue antispyware products to avoid at https://www.spywarewarrior.com/index.php

Regards,

the file that it's finding the infection in is a file that came with my Toshiba laptop and is related to Toshiba's ConfigFree program (even though i'm not sure what this program is supposed to do, exactly). But looking at the google results, Toshiba insists that it is a false reading. Apparently false readings on this particular file are common. Also I discovered that several of the other AV programs USED to pick up something on this file, but I guess they removed it from their databases after discovering it was a false positive?

Okay. Upload a copy of the file to Clam at https://cgi.clamav.net/sendvirus.cgi on the Web. Fill out the form (it doesn't take long), and tell them it is a false positive. You will be helping them (and ClamWin) out. They have recently been getting false positives on system files a bit more often than they used to.

Regards,