i just did my weekly virus scan and the message on the report was:

C:\Program Files\Microsoft Works\lnchtour.exe: Trojan.Downloader.Banload-4568 FOUND

How do I get rid of it and is it malicious?
thanks, davaodeb

You can upload a suspect file to VirusTotal at https://www.virustotal.com/ or to Jotti at https://virusscan.jotti.org/ on the web for a free scan with multiple antivirus programs (including Clam). If several of them find malware, it's probably a real infection. In that case, you can delete the file from ClamWin's quarantine folder (if you have configured ClamWin's General Preferences to Quarantine). If you have configured preferences to Report Only, go to the file in Windows Explorer (ClamWin's Scan Report gives the locatlion) and delete it there (right click, delete). Restore the file from a clean backup (which you have--right?). I prefer to Report Only--I had Windows lock up with me once when ClamWin gave a false positive on a system file.

Weekly scan? You probably need to scan more often if you surf the web a lot! If a scan takes too long for you, configure ClamWin's Filters to only scan for the most dangerous file types (about 50-60), which you can find by searching Google for "dangerous file extensions).

Regards,

Thanks so much for your info - I DID go to the site where several scanners look at the file - 2 of them labelled it as a trojan -so I feel that it's real. I DID change my clamwin preferences from Report Only to Quarantine and in 2 separate scans, it didn't quarantine it at all --

It's a WORKS file (where the trojan is showing up) --if I simply go into my programs and delete that file - will it really delete it or will it "hang on" there and continue to contaminate?

I have a geek I use - who told me to not get on the internet so I'm using another computer to check emails. He's going to look at it on Monday -
thanks for all your help -
davaodeb

If you delete a file using Windows Explorer, THAT file WILL be deleted. A few trojans now, however, come with other file(s) that will restore the trojan again after it's deleted. After finding/deleting malware, it's probably a good idea to:

Disable System Restore until you're clean--so you won't later restore the malware.
Perform a scan in Windows Safe Mode (Type F8 while loading Windows)--this prevents some malware from hiding.
Run an antirootkit check--F-Secure's Blacklight is good.--Google to verify a file is bad, however, before you let Blacklight rename/delete it.

Norman's Malware Cleaner is pretty good if you have an infection. It takes some time, however, and it leaves a log file on your desktop.

I also like to see four or more other AVs say a file is infected before I really believe it.

Regards,

Update: This is a pretty new piece of malware. See the writeup about it at SANS just this last hour--might help your geek. Looks like Clam/ClamWin are up-to-date!

https://isc.sans.org/

Regards,