 |
 | where the hell are my infected files?! |  |
|
annoyeduser
|
|
I just scanned my PC (which took 7 hours btw). My scan summary told me that I have (1) infected file, but no indication whatsoever as to which file that might be. The summary was preceded by about 100 "WARNING: can't open ..." messages but nothing indicating which file is supposedly infected. I have it set to 'Report Only'. Is this information hidden someplace secret? I mean, gee whiz, that just *might* be useful information.
|
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
If you have an infection that ClamWin spots and it is configured to Notify, after a scan, in the scan summary report, Clamwin will tell you about the infecton. The file remains where it was on your hard drive, and the summary report will tell inform you where it is. It will not remove the file to the ClamWin Quarantine folder--which is shown on the General Configuration tab (C:\Documents and Settings\All Users\.clamwin\quarantine on a Windows XP machine).
You will frequently see a file or two that can't be scanned, and this is usually okay. The Windows operating system locks certain files, and a file may be locked if it is running at the same time of the ClamWin scan. You will probably see these same files with each scan. You can upload a file to Jotti for an online scan at https://virusscan.jotti.org/ on the Web to see if any other antivirus programs find it infected. Re: speeding up scans: make sure you are using the latest stable version of ClamWin (currently .92). Select the Try To Scan Executable Files Only option under the Advanced Configuration options. Use Clamwin's Advanced Configuration options under Filters to Scan Only Matching Filenames and put in the 50 or so file extensions that are most likely to harbor malware. You can locate these extensions by searching on the Web for "dangerous file extensions." One source is at https://www.lancs.ac.uk/iss/a-virus/banned.htm on the Web. You insert these extensions under the Matching File Names with a *.: such as *.exe. Be sure to include office type file extensions: *.doc *.xls *.ppt *.rtf and *.pdf. There are some additional extensions if you use Office 2007 (.do** .xl** .ppt*). You might also include some of the popular compression file extensions: zip, rar, tar, 7z. By doing all this, it takes me about 45 minutes to scan my 160 gigabyte hard drive. If you are also also using a real-time virus scanner in addition to ClamWin, you are very safe in doing this. Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
annoyeduser
|
|
Here's my scan summary:
----------- SCAN SUMMARY ----------- Known viruses: 219641 Engine version: 0.92 Scanned directories: 37730 Scanned files: 365515 Skipped non-executable files: 2030 Infected files: 1 Data scanned: 59129.09 MB Time: 24845.734 sec (414 m 5 s) -------------------------------------- Completed -------------------------------------- Can YOU spot the location of the infected file? Me either. If it's supposed to be there then I guess it's a bug. |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
Just before the scan report summary begins, ClamWin should describe any infected files it finds. See my example below.
C:\Documents and Settings\All Users\Documents\Bob's VX Workspace\rootkit.txt: LDH.Malware.Behav25.File.Rootkit FOUND ----------- SCAN SUMMARY ----------- Known viruses: 221709 Engine version: 0.92 Scanned directories: 0 Scanned files: 1 Skipped non-executable files: 0 Infected files: 1 Data scanned: 0.00 MB Time: 5.921 sec (0 m 5 s) Unless something is terribly wrong, ClamWin will follow this procedure for any scan on any computer, so perhaps you didn't notice the description of the infection above the summary. If you still can't locate any infected file, I suggest you run another scan and when it's through, select to save a detailed copy (it will be placed in your ClamWin\bin directory) and you can then go there and see what's going on. You could break the scan up into smaller scans--first scan the Windows directory (the most likely place). If nothing is found, then scan another directory, and so on. Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
Antonio S.
|
|
Hello All,
I have been using ClamWin for a couple of years (since version 0.90, if I remeber well) and just found this piece of software great (always installed and worked without any problem). Good job guys and thanks for yr. constant work. Just a note about improving scans, if this can help. I have always scanned my hard drive (160 GB) setting preferences with the 'Try to scan executable file only' option; scanning time was about 120-140 mins. Now I have strictly followed Giutar Bob's indication about dangerous files extensions to be set on scanning preferences; have used list published on https://www.lancs.ac.uk/iss/a-virus/banned.htm and added only the other few extensions suggested below (office docs, mainly). Well. scanning time reduced dramatically and set @ 60 mins this time. Will keep these configuration for my Clamwin (sometimes running a scan with a resident AV); normally they won't conflict andI can confirm (as per my experience) that Clamwin can dedect as much as other AV can. Hope this helps. Regards  |
|||||||||||
|
|||||||||||||
|
 | where the hell are my infected files?! | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.