I started scanning last night after midnight and it was still going today in the afternoon. In the System Volume Information file it found four occurrences of Trojan.Agent-14235, two occurrences of Trojan.Agent-14246, two occurrences of Trojan.Agent-14247 and two occurrences of Trojan.Agent-14249. How do I get rid of them with ClamWin? Additionally: 1) the virus database updated during the run. Did the scanning take into consideration these new definitions? Also, 2) the virus scan hung for hours on a WORKS file. (Forgive me, but earlier today I posted this to the User Guide Forum by accident, thinking I was in this Forum.)

Hello,

First of all verify if what Clamwin has detected is a real threat. More or less all av's can catch the so called false positives, so it is advisable to verify a suspect file before removing it (especially it this is related to windows system files). Check the path of the suspect files of Clamwin scan report log and upload them on www.virustotal.com. This free service submits files to multiple scanning engines (around 30). If none or few than Clam found anything it is probably a false positive. In case notify the Clam team using the form @ https://cgi.clamav.net/sendvirus.cgi and ticking the block related to false positives. Issue will be fixed rapidly by the team and in further scans will not appear anymore.

If files appear to be real infections set clamwin preferences to Remove option and run the scan again. This shoudl getb rid of them. After that move back Clamwin preferences to Report only option (safer choice). I suggest to make a backup of important/private data prior to deleting suspect files for extra security.

For what concerns the DB I am quite sure the new virus sigs were not caught 'on the fly' during the scan. When the scan is started the engine starts with the available DB.
Strange that Clamwin is stuck so much time on a single file. My 160 GB HD drive is scanned in about 40 mins but I limited the scan to potential dangerous file type relying on files extensions (this can be done entering to file extensions setting the Filter tab on Preferences-make some googling on dangerous file extensions to cover a wide range of them, add the .ddl, .zip, .rar., .7z, .tar and most common MS Office files extensions).


Hope this helps,
Antonio

Thanks. I mistakingly posted to User Guides, where GuitarBob was helpful. I used Jotti to upload the files. Then, I read an article where I determined that the threat was real enough to get rid of. So, I did it manually in Safe Mode. I think I fixed the problem.