Should clamwin have caught "Antivirus XP 2008"? One of my systems was compromised yesterday.

googling (and other sites confirm) I got:
https://www.bleepingcomputer.com/malware-removal/remove-antivirus-xp-2008

>>
Antivirus XP 2008 is a new rogue anti-spyware program that is advertised through Trojans and other malware. It is advertised in the form of fake security alerts and warnings on web sites that state you are infected with malware or are being attacked in some manner. When you click on these ads, it will automatically download the installer for Antivirus XP 2008 and install it on your machine. In some cases, this program is installed without any intervention at all from you.

Once installed, Antivirus XP 2008 will scan your computer and display a variety of security risks found on your computer that can only be removed if you purchase a license of the software. These risks, though, are all fake and are only being displayed to scare you into thinking you are infected and thus purchase their software. Another tactic that Antivirus XP 2008, and the accompanied malware, uses is to change your desktop background to be a message stating you are infected, popups and fake alerts stating your computer is being attacked, and a fake Internet Explorer page that states Google has found your computer to be infected. All of these are further scare tactics and should be ignored. These methods are all illustrated in the images below....<<<

Clam/ClamWin can only identify malware that is in its signature database. They rely upon users (of all types--business, personal, organizations, etc.) to submit files that contain malware that Clam does not yet identify. That's how it develops signatures to identify malware. When you found out that Clam did not recognize the malware, did you submit a copy of the malware to Clam at https://cgi.clamav.net/sendvirus.cgi on the Web?

I used to play the "blame game" myself and change antivirus programs whenever it did not identify a piece of malware. This is a trap, however, because no security product can identify every piece of malware out there--there's just too many viruses, and operating systems have too many holes. In the final analysis, we users also need to exercise caution in using our computers because our security product(s) are no more secure than we are in our actions.

Regards,

"I used to play the "blame game" myself"

nope, no blame here...just asking if this should have been caught by clamwin or if I need some other sort of cleaner

I am working on reconstructing the pc first. If I can find the corrupting file afterwards, I will send it to the powers that be.

Try these free tools (in the order given below) to help in cleaning (ClamWin's Antimalware page may also help):

Microsoft's Windows Defender (for antispyware but it will also spot some trojans)
Threat Expert Memory Scanner from Threatfire (let it delete what it finds)
F-Secure's Blacklight antirootkit (put on desktop/renames rootkits/you can then go to them and delete)
Microsoft's free Malicious Removal Tool (MRT-comes With Windows/in System32 directory)
Cure It from Dr. Web (put on desktop/it will cure what it can/quarantine what it can't cure)

Once you are clean, install the free version of Threatfire or WinPatrol alongside ClamWin.

Regards,

you can also try a few other free tools such as Spybot: Search and Destroy and Adaware 2007

I uploaded the suspected file to the powers that be.....hopefully its something that can be stopped with Clamwin in the future. I had to reformat to kill the damn thing. What a mess.

I'm going to try running Threatkill alongside, thanks for the advice.

There are some hard drive "snapshot" programs that can come in handy--such as Norton Ghost. You can use them to take a complete snapshot picture of your hard drive when it is clean and then restore it if needed. You don't even need Windows to access the restore function--just restore from a function key upon bootup. Dell has a version of Ghost, but it restores your hard drive back to the way it was when you bought the computer. Get one of these programs, take a clean snapshot once a month, and you'll never have to worry again.

Another option is to get a Virtual Machine computer program (VM) and do all your "dangerous" surfing/work within the virtual machine. Microsoft has one, but VMWare is the most popular one, and it has a built-in snapshot capability. MIcrosoft's is free, and VMWare has a free server console VM.

The Windows System Restore function only provides partial restore capability--it can't handle a complete hard drive.

Regards,

Spybot: Search and Destroy and Adaware 2007 worked for me.