I sure hate to be asking ClamWin the question "Are you sure?", but I have never seen so many "positives" caught in one scan. None were caught by either Avast or Avira just prior to scanning with Clamwin. I googled CuteWriter (just as I have when one of my more commercial scanners caught something), and found no virus or trojan horse profiles on this file, which may be part of the useful freeware (the sort which I thought to be long established and trusted) which I recently downloaded (CutePDF). A search of lnchtour was inconclusive, while I'm not concerned with losing the others on the log below.

On the upside, Clamwin seems to have dealt with the strange and nearly infinite nest of Application Data
folders under C:\Users\Dave, which other scanners gave up on (which I can't even verify the existence of because VISTA hides more from my Administrator "user" in the Computer view than from my "personal" profile, no matter what I do). As for BitZipper, I'm embarrassed that I ever touched it - I've since found more useful, unobnoxious tools for it's purported purpose.

I sure would appreciate comments from anyone with understanding of any of the above.



Scan Started Fri Jun 27 23:00:13 2008
-------------------------------------------------------------------------------
Banload.OWJ FOUND
C:\Program Files\Microsoft Works\lnchtour.exe: moved/scheduled to 'C:\.clamwin\quarantine\infected.lnchtour.exe'
C:\Users\Dave\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BitZipper502TrialSetupEn.1.2D0D17.efw: Trojan.Downloader-41859 FOUND
C:\Users\Dave\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\BitZipper502TrialSetupEn.1.2D0D17.efw: moved/scheduled to 'C:\.clamwin\quarantine\infected.BitZipper502TrialSetupEn.1.2D0D17.efw'
C:\Users\Dave\Desktop\BitZipper502TrialSetupEn.exe: Trojan.Downloader-41859 FOUND
C:\Users\Dave\Desktop\BitZipper502TrialSetupEn.exe: moved/scheduled to 'C:\.clamwin\quarantine\infected.BitZipper502TrialSetupEn.exe'
C:\Users\Dave\Desktop\CuteWriter(2).exe: Trojan.Downloader-41859 FOUND
C:\Users\Dave\Desktop\CuteWriter(2).exe: moved/scheduled to 'C:\.clamwin\quarantine\infected.CuteWriter(2).exe'
C:\Users\Dave\Desktop\CuteWriter.exe: Trojan.Downloader-41859 FOUND
C:\Users\Dave\Desktop\CuteWriter.exe: moved/scheduled to 'C:\.clamwin\quarantine\infected.CuteWriter.exe'
C:\Windows\Acer_Normal\Install_Flash_Player_9_AX_9.0.28.0.exe: Trojan.Downloader-42037 FOUND
C:\Windows\Acer_Normal\Install_Flash_Player_9_AX_9.0.28.0.exe: moved/scheduled to 'C:\.clamwin\quarantine\infected.Install_Flash_Player_9_AX_9.0.28.0.exe'

--------------------------------------
Completed
--------------------------------------

I believe these are all false positives. I had one in CuteWriter a week or so ago. If ClamWin spots the same virus name in several different files, it is probably a false positive. Nevertheless, you should still upload the file in question to Virus Total or Jotti for a scan with other AVs. If more than a couple of other AVs find a file is infected, it is probably a real infection.

For false positives, fill out Clam's submission page at https://cgi.clamav.net/sendvirus.cgi on the web. Upload the file to them, and be sure to tell them the name of the false positive "virus" and check the false positive block. Put a short explanation in the description area as to why it is a false positive.

Regards,