|
Rolin
| Joined: 21 Jul 2008 |
| Posts: 0 |
|
|
|
 Posted: Mon Jul 21, 2008 7:07 pm |
|
 |
 |
|
|
Hey all,
Could someone verify if ClamWin has a false positive [Trojan.Bifrose-4545 FOUND] on HAL.DLL ?
C:\Windows\System32\DriverStore\FileRepository\hal.inf_8bcee68b
C:\Windows\System32\hal.dll
The actual file files can be downloaded from here: https://rapidshare.com/files/131418044/hal.inf_8bcee68b.7z.html https://rapidshare.com/files/131418044/hal.inf_8bcee68b.7z.html
I scanned the said folder with AVAST & NOD32, and they did not detect any trojan / problemz...
OS is Vista 64 Ultimate
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Tue Jul 22, 2008 12:46 am |
|
|
|
|
|
You can verify whether or not a ClamWin detection is a false positive by uploading the file to the Jotti free scanning service at https://virusscan.jotti.org/ on the Web. Jotti will scan it for you with 20 antivirus programs, including Clam. If several other AVs besides Clam spot the file as infected, it is probably a real infection and not a false positive.
If there is a false positive, go to the Clam submission page at https://cgi.clamav.net/sendvirus.cgi on the Web. Fill out all the required information, and set up to send the file to them. Be sure to indicate that it is a false positive, tell them the EXACT name of the virus/malware that ClamWin says it has found, and put a brief explanation in the description block.
That's the only way you are going to change a false positive, and by doing so, you help Clam/ClamWin become a better antivirus.
Regards,
|
|
|
|
parkjonas
| Joined: 08 Sep 2019 |
| Posts: 0 |
| Location: USA |
|
|
| Posted: Sun Sep 08, 2019 5:25 am |
|
|
|
|
|
The hal.dll file can be easily restored from the original hal.dll file in the Windows XP installation CD. Although the process of recovering hal.dll from Windows XP CD is simple and less time-consuming, it must be done accurately for appropriate results.
Source: https://dll.repair/restore-hal-dll-from-the-windows-xp-cd/ https://dll.repair/restore-hal-dll-from-the-windows-xp-cd/
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Sun Sep 08, 2019 7:54 pm |
|
|
|
|
|
Any false positive file can be restored from ClamWin quarantine to its original location by running the QRecover.exe program from the C:\Program Files (x86)\ClamWin\bin folder. You need to be sure to exclude/whitelist the file from future ClamWin scans, however. It might take several weeks for Clam AV to correct their detection signature. You can remove the whitelisted item after it is corrected.
Regards,
|
|
|
