Hi everybody. I am fairly new to ClaimWin. Have ESET in the background and Clam as a secondary that I run every few days. For the first time it found something. End of report looks like this:

C:\Program Files\Google\Google Earth Pro\Crack.exe: Trojan.Pasta FOUND

C:\System Volume Information\_restoreDAAD8284-5896-4B40-A753-8454BDC2E5A5\RP317\A0098279.exe: Trojan.Pasta FOUND

----------- SCAN SUMMARY -----------

Known viruses: 678819

Engine version: 0.95.2

Scanned directories: 10685

Scanned files: 87224

Infected files: 2



Data scanned: 26072.85 MB

Data read: 23970.72 MB (ratio 1.09:1)

Time: 9870.152 sec (164 m 30 s)

--------------------------------------

Completed

--------------------------------------

It does not offer any action and I have no idea if it did something or just telling me that I have these two Trojan. How do I get rid of them? Please help. My husband used to deal with our laptops and I assumed that I program like this would deal with things it finds, and have no idea what to do.
Thanks
Erika

No problem with the malware in System Restore. Just turn system Restore off (Start, Control Panel, System) and it will be deleted. Then turn it back on. There's no harm at all in doing this.

ClamWin comes with a default for infected files to Report Only. Other options are Remove and Quarantine. HOWEVER, please leave the option to Report Only because if you Remove/Quarantine, you may lose access to your Windows operating system if a system file has a false positive detection. A false positive is when ClamWin thinks a file is infected but it is not--it is a false detection. This sometimes happens if a virus uses code that is similar to some "good" program.

What you can do is to upload a copy of a file (especially if it is a file in the Windows directory) to Jotti or VirusTotal on the web. Either service will scan the file against multiple antivirus programs, including Clam (the basis for ClamWin). If only a couple of other AVs say the file is infected, it is probably a false positive. If several other AVs see an infection, it is probably a real infection and you can remove it. I like to see a couple of these AV say it is infected before I believe it: NOD32, Kaspersky, Microsoft, McAfee, Symantec, Trend Micro.

You can remove an infected file manually by going to the directory where it is on your computer. You can also set ClamWin's infected file option TEMPORARILY to Remove or Quarantine and then scan the directory where the file is. Be sure to set the option back when you are finished.

If the detection is a false positive, upload the file to Clam starting at https://www.clamav.net/sendvirus/ on the web. Be sure to check the false positive block and tell them the name of the virus that is falsely detected.

Regards,