I started scanning last night after midnight and it was still going today in the afternoon. In the System Volume Information file it found four occurrences of Trojan.Agent-14235, two occurrences of Trojan.Agent-14246, two occurrences of Trojan.Agent-14247 and two occurrences of Trojan.Agent-14249. How do I get rid of them with ClamWin? Additionally: 1) the virus database updated during the run. Did the scanning take into consideration these new definitions? Also, 2) the virus scan hung for hours on a WORKS file.

You should probably verify an infection is real and not a false positive before you remove it. I do not even quarantine any infected files until I verify them. You can verify a file by uploading it to Jotti or Virustotal. Either service provides free AV scans with multiple AV programs, including Clam, and you can download a handy script from VirusTotal to automate the uploading process. If five or more AVs find an infection, it's probably a real infection. If less than that find an infection, it may very well be a false positive. If you have used/run the file previously without noticing any problems, and not many AVs spot anything, you should visit the Clam submission page, upload the file to them, and fill out the form, indicating that it is a false positive.

On the other hand, if the file is really infected, you can manually delete it from ClamWin's quarantine folder if you have your ClamWin detection option set to quarantine. If you have detection option set to Notify, you can go to the file on your computer with Windows Explorer and manually delete it or you can set detection options to Remove or Quarantine and do another scan to take care of the file. I do not automatically Quarantine--just in case there is a false positive in an important Windows system file.

You can speed up ClamWin's scan time by only scanning important directories and/or by configuring the Filters (right hand side of the screen) to only scan for file extensions most likely to contain viruses--there 50 to 60 such extensions. Do a search on the web for "dangerous file extensions" to identify them. Be sure to include Office-type files. such as .doc, .xls, .ppt., .rtf, and .pdf. The most important directories are: Windows, and Documents (the main user) in XP or User (the main user) in Vista.

A scan uses the signature database available to ClamWin when the scan starts and doesn't use any updates during the scan.

Re the works file: you might want to verify it's okay and, if so, exclude it from ClamWin's regular scans via the Filters preferences (left-hand side of the screen).

Regards,

GuitarBob

Thank you. Something is certainly slowing down this computer and I am suspicious of everything a scanning program turns up.

CureIt is a free cleaning tool from Dr. Web, which is one of the best AVs for cleaning your computer of infections. You can visit their web site and run CureIt online or download and run it on your computer when you want to. It is updated a couple of time per day (at least). They also have a good free Linux boot CD (download the program and burn it as an ISO file) to use when malware has really taken over a computer.

Regards,

GuitarBob

Thanks. I used Jotti to upload the files. After seeing another article on removal of that Trojan, I went into Safe Mode and did it manually.