 |
 | excluding certain file during scanning |  |
|
shadowtroopers
|
|
Hi, just now clamwin detecting a virus on my pc. Here are the report:
Scan Started Tue May 27 19:37:39 2008 ------------------------------------------------------------------------------- *** Scanning Programs in Computer Memory *** Unloading program C:\Program Files\YTK Pro\YTK.exe from memory *** Scanned 25 processes - 357 modules *** *** Computer Memory Scan Completed *** C:\Program Files\YTK Pro\YTK.exe: PUA.Packed.Themida FOUND ----------- SCAN SUMMARY ----------- Known viruses: 299411 Engine version: 0.93 Scanned directories: 0 Scanned files: 382 Infected files: 1 Data scanned: 136.11 MB Time: 46.734 sec (0 m 46 s) -------------------------------------- Completed -------------------------------------- Since this file is needed in order to run this proggramme, how am i going to exclude it for the next scan. |
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
The PUA acts as a cheap heuristic. The PUAs are Potentially Unwanted Applications--like frequently-used malware packers (Themida is one) and other hacker tools. Many AVs use PUA designations now so that programs using runtime packers and such will not be allowed to run automatically unless the user is aware of it.
If you haven't used the program detected as PUA before, you should verify that the file is not really infected by uploading it to Jotti at https://virusscan.jotti.org/ for a free scan. If no more than a couple of other scanners besides Clams spot malware, it's probably a false positive. You can upload a copy of it to Clam at https://cgi.clamav.net/sendvirus.cgi and fill out the submission form--be sure to select the false positive radio button and explain things in the text box. Clam usually doesn't do anything about the PUA signature itself, but they can add your program to a "whitelist." After you tell Clam about it, what you can do is uncheck the memory scan in ClamWin's Scheduled Scan configurations (Sherpya is working on a way to filter out false positives from memory). You can also insert the program name (filename.ext) in ClamWin's Filters preferences on Exclude Matching Filenames side. Unless you hear from Clam sooner, give them a week or so to get it on the whitelist before you remove the program from Exclude and go back to scanning memory. Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
shadowtroopers
|
|
Thanks for the reply GuitarBob. Based on the creator of the programme, they claimed the same thing as what you describe. Thanks again.
|
|||||||||||
|
|||||||||||||
|
| |
|
alch
Site Admin
|
|
As a general rule you do not need to have "Detect potentially unwanted applications" check box selected in the advanced settings (it is not selected in the default configuration). The easiest solution to your problem is to untick that option
|
|||||||||||
|
|||||||||||||
|
 | excluding certain file during scanning | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.