I had this happen a few days ago and did a complete scan again last night, and 3 of the 5 same files are being identified as viruses--and I don't think they are!

C:\Program Files\MSECache\O2007Cnv\1033\O12Conv.cab: W32.Virut.Gen.D-163 FOUND
(This file has been on my computer since May of 2007; I don't think it's a virus)

C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\XL12CNV.EXE: W32.Virut.Gen.D-163 FOUND
(Same with this one.)

C:\WINDOWS\SoftwareDistribution\Download\d2c1d0c034c68640cf949db8e0b3df1a\o12convsp1-en-us.cab: W32.Virut.Gen.D-163 FOUND
(This one has been around since December of 2007.)

On Saturday's scan there were five such files identified as viruses. When I attempted to remove them, Windows gave me a warning that I was removing system files that might cause my comp to run badly or not at all, so I restored them.

I am assuming that these are false positive results.

Thanks for reading/replying to this topic.

~~~ Yours in Chaos, Scarlett

You can submit a copy of those files to Clam AV starting at https://www.clamav.net/sendvirus/ on the web. After reading this page, you can go to the actual submission page. There, be sure to indicate you think it is a false positive, tell them why you think so, and give the exact name of the virus. If there is a false positive, Clam will make sure your files are excluded from detectionl.

I always have trouble getting them to process large files, so please get back here to let us know whether or not you still get a detection after a couple of days. ClamWin has given Clam some of the larger files on behalf of users.

A common malware trick is to insert itself in the Windows directory or to infect a Windows file so that you will get a warning if you try to delete it. Clam has had lots of fase positives on the generic Virut malware lately.

In the meantime, be sure ClamWin is set to Report Only--don't use Quarantine or Remove for the infected files option.

Regards,

Yeah I did that. It does say that these are "virut" viruses. I am not ruling out that they are viruses, but their age indicates that they are probably not. Thanks for the help!

could you please upload those files somewhere? PM me for FTP server details if you need.

Here is a "virus" found from last night's scan, looks like the same type as above, on my comp since December, 2007:

C:\WINDOWS\SoftwareDistribution\Download\d2c1d0c034c68640cf949db8e0b3df1a\o12convsp1-en-us.cab: W32.Virut.Gen.D-163 FOUND

I did upload those files to clamwin's FTP. Until I hear otherwise, I will assume that these are false positives.

Thanks for reading.

thanks,

I think the previous files you uploaded are no longer detected

Thanks, you guys. I really appreciate the help!

Thank you, with your help these files are no longer detected as false positives for all clamav and clamwin users.

The following files were reported on a local machine:

C:\Windows\Installer\2bc8a93.msp: W32.Virut.Gen.D-163 Found
C:\Windows\Installer\6c4e2a.msp: W32.Virut.Gen.D-163 Found
C:\Windows\Installer\754db8cb.msp: W32.Virut.Gen.D-163 Found
C:\Windows\Installer\fc717a7.msp: W32.Virut.Gen.D-163 Found

They might also be false positives.

Here is the archive containing the MSP files:

https://sodpit.com/files/W32.Virut.Gen.D-163.7z

Thank you,

Darren

Thanks. These must be MS Office 12 updates

Can't download:
sodpit.com could not be found