Hello.

My current install of Clamwin (0.93) is making the following noise: C:\Program Files\AutoRuns\autoruns.exe: W32.Etap-21 FOUND.

Not too much when one googles it.

Can anyone shed light on this?

Thanks,

Owen.

Here's some info I found on Sophos (using a Yahoo search):

W32/Etap is a highly complicated cross-platform metamorphic virus which infects
both Windows PE executables and Linux/UNIX ELF format executables.

W32/Etap is a highly complicated cross-platform metamorphic virus which infects
both Windows PE executables and Linux/UNIX ELF format executables.

The virus infects files in all folders and sub-folders on all visible network
drives, with the exception of folders more than 3 levels above the current
folder and folders beginning with the letter 'W' (thus avoiding the Windows
folder).

The virus infects 50% of executables that it finds and does not infect files
with names containing the letter 'V', or beginning with 'PA', 'F-', 'SC', 'DR'
or 'NO'.

When run on the 17th May, or during the months of June, September and December,
the virus may display a message box with the text 'Metaphor 1B By the Mental
Driller/29A'. When run on the 17th May, or during the months of June, September and December,
the virus may display a message box with the text 'Metaphor 1B By the Mental
Driller/29A'. When run on the 14th May and on Hebrew systems,
the virus displays a message box with the text 'Free Palestine!'.

Regards,

It is probably a false positive. Update your definitions and see if it is detected again.

Confirming this as a false positive. Clamscan found several files from Sysinternals (makers of autoruns) as infected with this virus (accesschk.exe, contig.exe, ect). I downloaded a brand new copy from Sysinternals and compared MD5's, they matched.

Updated definitions and scan no longer finds any virus in those files.