ClamWin Free Antivirus :: View topic - W32.Virut.Gen.D-163 AND UAC

Posted: Fri Jun 26, 2009 5:04 pm

I see a lot of posts about false positives with W32.Virut.Gen.D-163, but also see replies that the ClamAV team is working on it that date back to 2006. So... is this STILL a false positive? Should I be concerned?

Also... should I be concerned with all the permission denied issues? Could this be a Vista UAC problem?

Scan Started Fri Jun 26 03:30:00 2009
-------------------------------------------------------------------------------

*** Scanning Programs in Computer Memory ***
---Please login as an Administrator to scan System processes loaded in computer memory---
*** Memory Scan: using ToolHelp ***

*** Scanned 17 processes - 311 modules ***
*** Computer Memory Scan Completed ***

C:\Boot\BCD: Permission denied
C:\hiberfil.sys: Permission denied
C:\pagefile.sys: Permission denied
C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.ilg: Permission denied
C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\setup.ilg: Permission denied
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_129eec02-89db-4b47-89ac-09e1070af9e4: Permission denied
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_129eec02-89db-4b47-89ac-09e1070af9e4: Permission denied
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_129eec02-89db-4b47-89ac-09e1070af9e4: Permission denied
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_129eec02-89db-4b47-89ac-09e1070af9e4: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\wmplog00.sqm: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DF5503.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DF550A.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DF5799.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DF57A0.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DF57D2.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DF57D9.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DF59AD.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DF59B5.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DF910E.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DF9134.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DF96DC.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DF96F2.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DF9736.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DF9838.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DF9CEC.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DF9D09.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DFE318.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DFE324.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DFE386.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DFE392.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DFE3C7.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DFE3D3.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DFE48C.tmp: Permission denied
C:\Users\JulPickle\AppData\Local\Temp\~DFE499.tmp: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\dbc2e.ht1: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\dbdam: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\dbdao: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\dbeam: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\dbeao: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\dbm: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\dbu2d.ht1: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\dbvm.cf1: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\dbvmh.ht1: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\fii.cf1: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\fiih.ht1: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\hp: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\hpt2i.ht1: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\rpm.cf1: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\rpm1m.cf1: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\rpm1mh.ht1: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\rpmh.ht1: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\safeweb\goog-black-enchashm.cf1: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\safeweb\goog-black-enchashmh.ht1: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\safeweb\goog-black-urlm.cf1: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\safeweb\goog-black-urlmh.ht1: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\safeweb\goog-malware-domainm.cf1: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\safeweb\goog-malware-domainmh.ht1: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\safeweb\goog-white-domainm.cf1: Permission denied
C:\Users\Melissa\AppData\Local\Google\Google Desktop\9b0706bca250\safeweb\goog-white-domainmh.ht1: Permission denied
C:\Users\Melissa\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Permission denied
C:\Users\Melissa\AppData\Local\Temp\~DF14AE.tmp: Permission denied
C:\Users\Melissa\AppData\Local\Temp\~DF271E.tmp: Permission denied
C:\Users\Melissa\AppData\Local\Temp\~DF2724.tmp: Permission denied
C:\Users\Melissa\AppData\Local\Temp\~DF2764.tmp: Permission denied
C:\Users\Melissa\AppData\Local\Temp\~DF276A.tmp: Permission denied
C:\Users\Melissa\AppData\Local\Temp\~DF277B.tmp: Permission denied
C:\Users\Melissa\AppData\Local\Temp\~DF2781.tmp: Permission denied
C:\Users\Melissa\AppData\Local\Temp\~DF7932.tmp: Permission denied
C:\Users\Melissa\AppData\Local\Temp\~DF8F29.tmp: Permission denied
C:\Users\Melissa\AppData\Local\Temp\~DF9626.tmp: Permission denied
C:\Users\Melissa\AppData\Local\Temp\~DFA21D.tmp: Permission denied
C:\Users\Melissa\AppData\Local\Temp\~DFA433.tmp: Permission denied
C:\Users\Melissa\AppData\Local\Temp\~DFB605.tmp: Permission denied
C:\Users\Melissa\AppData\Local\Temp\~DFBAAE.tmp: Permission denied
C:\Users\Melissa\AppData\Local\Temp\~DFBFC3.tmp: Permission denied
C:\Users\Melissa\AppData\Local\Temp\~DFDB37.tmp: Permission denied
C:\Users\Melissa\AppData\Roaming\Skype\lalabunney\dc.db: Permission denied
C:\Users\Melissa\AppData\Roaming\Skype\lalabunney\dc.db-journal: Permission denied
C:\Users\Melissa\AppData\Roaming\Skype\lalabunney\main.db: Permission denied
C:\Users\Melissa\AppData\Roaming\Skype\lalabunney\main.db-journal: Permission denied
C:\Users\Melissa\ntuser.dat.LOG1: Permission denied
C:\Users\Public\Documents\Newman-You'veGotAFriendInMe.mtd: Permission denied
C:\Users\Public\Documents\Wainwright-Hallelujah.mtd: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\dbc2e.ht1: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\dbdam: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\dbdao: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\dbeam: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\dbeao: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\dbm: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\dbu2d.ht1: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\dbvm.cf1: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\dbvmh.ht1: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\fii.cf1: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\fiih.ht1: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\hp: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\hpt2i.ht1: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\rpm.cf1: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\rpm1m.cf1: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\rpm1mh.ht1: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\rpmh.ht1: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\safeweb\goog-black-enchashm.cf1: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\safeweb\goog-black-enchashmh.ht1: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\safeweb\goog-black-urlm.cf1: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\safeweb\goog-black-urlmh.ht1: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\safeweb\goog-malware-domainm.cf1: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\safeweb\goog-malware-domainmh.ht1: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\safeweb\goog-white-domainm.cf1: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Google Desktop\bd0314a1ffef\safeweb\goog-white-domainmh.ht1: Permission denied
C:\Users\TheToeJoe\AppData\Local\Google\Toolbar History\counters: Permission denied
C:\Users\TheToeJoe\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Permission denied
C:\Users\TheToeJoe\AppData\Local\Microsoft\Windows Defender\FileTracker\{59A33A92-3732-43FE-89C3-DC2DDC02A8A7}: Permission denied
C:\Users\TheToeJoe\AppData\Roaming\Skype\thetoejoe\dc.db: Permission denied
C:\Users\TheToeJoe\AppData\Roaming\Skype\thetoejoe\dc.db-journal: Permission denied
C:\Users\TheToeJoe\AppData\Roaming\Skype\thetoejoe\etilqs_LmF6vSS502ZP5Zes0tyA: Permission denied
C:\Users\TheToeJoe\AppData\Roaming\Skype\thetoejoe\etilqs_xDRYXmVPbdqkLCRipNcc: Permission denied
C:\Users\TheToeJoe\AppData\Roaming\Skype\thetoejoe\main.db: Permission denied
C:\Users\TheToeJoe\AppData\Roaming\Skype\thetoejoe\main.db-journal: Permission denied
C:\Users\TheToeJoe\ntuser.dat.LOG1: Permission denied
C:\WINDOWS\Installer\29d7faa.msp: W32.Virut.Gen.D-163 FOUND
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config: Permission denied
C:\WINDOWS\Panther\UnattendGC\diagerr.xml: Permission denied
C:\WINDOWS\Panther\UnattendGC\diagwrn.xml: Permission denied
C:\WINDOWS\security\database\secedit.sdb: Permission denied
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0: Permission denied
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0: Permission denied
C:\WINDOWS\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb: Permission denied
C:\WINDOWS\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: Permission denied
C:\WINDOWS\System32\restore\MachineGuid.txt: Permission denied
C:\WINDOWS\System32\sysprep\Panther\diagerr.xml: Permission denied
C:\WINDOWS\System32\sysprep\Panther\diagwrn.xml: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\040270F850D5C3C91057DDDA2DA294D8.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\0DF617D6737A7561E732F853792261C3.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\1E2E58C73053C7775EB226DB5E739137.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\2A811E5CCC22CC9D7AE2B04EF0402688.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\2CE523184A801AA7361A7039E2D6B41D.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\2D57A7682ACD19214C258D31A06D008F.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\376786241A5443E41378D25CF812FCC1.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\4B471F64BAF831EC7945C820FD5A16E5.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\4CB32C0A77CD4D9B0C9618F73F786C32.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\5B5D21CF62E70BACF9D085E6AA6CE143.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\69554D930FCA40B0304B9A43A8036F2D.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\7851AF96EA828F912853F32DB0D96138.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\7BDE76979585395D59B5DA1D62E63C50.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\87AA2A001CE3E89926688B93E4DC2992.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\8C718B5AFD373885B68D2836088CAF9A.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\96ABB1671705F680578FE240427CBD4F.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\9A72EE7775E8021F75961342B8AFD1B4.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\9CD33F0956942860B50AA1B9330DEFAF.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\9E06E4FE97F0CBB8D659894823F805D7.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\A80FF2DC09487ECD60AFB147B262BDD7.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\AA6E0E396C238977CA909EFD82299737.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\AA742824DCADA846BA4B665D686DD5D6.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\D1A1B12A7DA3F9675C01397A26DBF4B3.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\D4C4BA54B6A8FA6211E60E2ADFF7426A.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\DE391013DA56ABA39FFF40A9ABDF052F.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\E9D8A460B2C986DD5FF19F299F4A27EC.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof: Permission denied
C:\WINDOWS\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof: Permission denied
C:\WINDOWS\System32\winevt\Logs\Application.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\DFS Replication.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\HardwareEvents.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Internet Explorer.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Key Management Service.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Media Center.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\ODiag.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\OSession.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Security.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\Setup.evtx: Permission denied
C:\WINDOWS\System32\winevt\Logs\System.evtx: Permission denied
C:\WINDOWS\Tasks\User_Feed_Synchronization-{400B6621-4EDD-4FEA-809D-D78AD0E1B507}.job: Permission denied
C:\WINDOWS\Tasks\User_Feed_Synchronization-{C1B935C6-095E-4FBB-8D95-3E65C75754E6}.job: Permission denied
C:\WINDOWS\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd: Permission denied
C:\WINDOWS\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16830_none_cf27e60e38f17483\dnary.xsd: Permission denied
C:\WINDOWS\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.21023_none_cfbf2bc5520477a3\dnary.xsd: Permission denied
C:\WINDOWS\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd: Permission denied
C:\WINDOWS\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18226_none_d11ef65c360a818d\dnary.xsd: Permission denied
C:\WINDOWS\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.22389_none_d16ab47d4f561502\dnary.xsd: Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 578692
Engine version: 0.95.2
Scanned directories: 27437
Scanned files: 170080
Infected files: 1
Data scanned: 56876.37 MB
Data read: 83961.43 MB (ratio 0.68:1)
Time: 8925.774 sec (148 m 45 s)

Posted: Sat Jun 27, 2009 12:35 am

Upload the file with the Virut to Jotti at https://virusscan.jotti.org/en on the web or to VirusTotal at https://www.virustotal.com/ on the web. Either service will scan your files (one at a time) for free with multiple antivirus programs, including Clam AV (which furnishes the engine and signatures for ClamWin). If several other AVs besides Clam ( I like to see at least 5 AVs in total) say the file is infected, it probably is, and you should delete the file on your machine and replace it if it is an important file.

If just a couple of AVs besides Clam say it is infected, it is probably a false positive detection by Clam/ClamWin, and you should tell Clam about it starting at https://www.clamav.net/sendvirus/ on the web. When you get to the upload page, before you upload, be sure to check the false positive block, tell them the exact name of the virus with the false positive, and make a comment about why you think it is a false positive (for instance, only 2 AVs on Jotti saw an infection, etc.). Clam will adjust the signature within a couple of days, and ClamlWin will also benefit.

The permission denied on temp files is sort of strange, but you sure do have a lot of all kinds of permissions denied. There are normally a couple of Windows systems files that are always in use and therefore have permission denied: hiberfile and pagefile. The others, I'm not familiar with.

Just for "insurance" purposes, I suggest you try a scan in Safe Mode and see if anything turns up. I would also download Malware Bytes' Antimalware program (MBAM) and do a regular quick scan with that--also do a scan with Dr. Web's Cureit (you don't have to install it--just put it on your desktop as is and run a quick scan. Both of these are free and are good AV cleaners. You can do a manual update with MBAM, but you have to download a new Cureit every couple of days, or just run it from the Dr. Web website.

Regards,