Hello there,
I am using Clamwin on a Windows 2003 server where a folder on the E:\ drive is being shared with other PCs in our LAN. This shared folder keeps getting a "New Folder.exe" file which is identified by ClamWin as a worm. An excerpt of the virus scan report is below:

C:\WINDOWS\system32\ActiveScan\pskavs.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.pskavs.dll'

WARNING: Can't open file \\?\C:\WINDOWS\system32\dhcp\dhcp.mdb

WARNING: Can't open file \\?\C:\WINDOWS\system32\dhcp\tmp.edb

E:\RESUMES\New Folder.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.New Folder.exe'



C:\WINDOWS\system32\ActiveScan\pskavs.dll: Sirius.Annihilator.272 FOUND

E:\RESUMES\New Folder.exe: Worm.Sohanad-1 FOUND

However, everytime Clamwin removes this worm, it reappears within a few seconds. This does not look like it is too damaging a worm but I would like to get rid of it nonetheless to breathe easier. Can you help? Thank you.

you may try memory scan by adding --unload as additional advanced option but beware if the dll is injected in a system process rather then explorer it can reboot your system,
remember to select quarantine and not report only

I got it a couple of months ago. It seems to be ad/spyware. Turn off System Restore, and then run a couple of scans. Run a good spyware program. I got rid of it after I got the trial version of NOD32. I didn't have any problems after that.

Have you used Panda Antivirus lately? There seems to be some indication it may be harbor the little critter. I recall that I was fooling around with Panda before I got it. Here's some info: https://lurker.clamav.net/message/20050910.232634.30d8f357.en.html.

Regards,