|
nexrak
| Joined: 06 Jan 2009 |
| Posts: 0 |
|
|
|
 Posted: Tue Jan 06, 2009 3:02 pm |
|
 |
 |
|
|
Happy new year everyone!
The problem is that there is no such file as C:\WINDOWS\System32\vdriver.exe so I can upload it to www.virustotal.com.What do I do?
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Tue Jan 06, 2009 3:42 pm |
|
|
|
|
|
It could be hidden from you but not from ClamWin (I've seen one or two like that). Check your Windows Folder Options-View to make sure it is set to show hidden files. If it's not set, then change it, and then run a Clamwin scan.
If that doesn't work, download F-Secure's free Blacklight antirootkit program and run it. If it finds a hidden file (it probably can't find real new ones), Google it first. If it is a "bad" file, have F-Secure rename it, and then you can see it after a reboot. Then you can go to the file on your hard drive and do what you want with it: either run a ClamWin scan with preferences set to quarantine, and it will be in your Clamwin quarantine folder or delete it or just delete the file on your hard drive.
Plan C: download and run Malwarebytes' Anti-Malware program. It can find/delete/quarantine lots of stuff other AVs can't see.
Regards,
|
|
|
|
nexrak
| Joined: 06 Jan 2009 |
| Posts: 0 |
|
|
|
| Posted: Tue Jan 06, 2009 7:48 pm |
|
|
|
|
|
THNX a lot!
|
|
|
|
nexrak
| Joined: 06 Jan 2009 |
| Posts: 0 |
|
|
|
| Posted: Wed Jan 07, 2009 11:42 am |
|
|
|
|
|
I sent it to quarantine and then uploaded it to www.virustotal.com .I got my report.But am I really protected with the trojan in quarantine?
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Wed Jan 07, 2009 2:31 pm |
|
|
|
|
|
Yes, you are protected from malware in quarantine. ClamWin adds an "infected" in front of the name to let you know it is infected. It will not run unless you chose to run it (no double-clicking, please), and no one in his right mind would run an infected file - unless he is a malware researcher (in which case he probably isn't in his right mind to begin with!). Quarantine is supposed to be used as a temporary place to put infected files, so you should periodically manually delete stuff in Quarantine folder unless you are starting a virus collection.
It is better to put a file in quarantine than to remove it because there have been instances of false positives in important Windows files that ClamWin deleted. Even if you put an important file in quarantine due to a false positive, you can lose access to the file (and to Windows if it is an important system file). That's why I chose to have ClamWin Report Only, and then when I am certain that the file is "bad," then I either Remove it or Quarantine it.
Regards,
|
|
|
|
nexrak
| Joined: 06 Jan 2009 |
| Posts: 0 |
|
|
|
| Posted: Thu Jan 08, 2009 1:14 pm |
|
|
|
|
|
Thanks for the advise.
|
|
|
