ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
ClamWin Free Antivirus Forum Index » Virus Scanner
Reply to topic
notepad.exe Sality false positive?
seh87


Joined: 28 Jun 2009
Posts: 0
Location: Bowling Green, KY
Post Posted: Sun Jun 28, 2009 9:32 pm Reply with quote
This has given me quite a scare, but now I am thinking it may be a false positive. Any help/insight would be greatly appreciated.

Below is my ClamWin Log for they day the virus was found, results from Jotti, and VirusTotal.

Thanks!
Sarah


ClamWin

Scan Started Fri Jun 26 10:00:00 2009
-------------------------------------------------------------------------------

*** Scanning Programs in Computer Memory ***
*** Memory Scan: using ToolHelp ***


*** Scanned 44 processes - 724 modules ***
*** Computer Memory Scan Completed ***

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\df26432a11bfae68a289322c376b1615_16379a58-2425-4edb-b610-5b4bdfa16f56: Permission denied
C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\earf3yh2.default\places.sqlite-journal: Permission denied
C:\Documents and Settings\HP_Owner\Local Settings\Temp\etilqs_n5Sq0YucpIBc9Ke9cayG: Permission denied
C:\Documents and Settings\HP_Owner\Local Settings\Temp\etilqs_Tx6bXDm6Kze2ANueQPiO: Permission denied
C:\Documents and Settings\HP_Owner\Local Settings\Temp\etilqs_ugtgu2qjmP4jznpQHD7m: Permission denied
C:\hiberfil.sys: Permission denied
C:\pagefile.sys: Permission denied
C:\WINDOWS\$NtServicePackUninstall$\notepad.exe: W32.Sality-43 FOUND
C:\WINDOWS\I386\NOTEPAD.EX_: W32.Sality-43 FOUND
C:\WINDOWS\notepad.exe: W32.Sality-43 FOUND
C:\WINDOWS\ServicePackFiles\i386\notepad.exe: W32.Sality-43 FOUND
C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\notepad.exe: W32.Sality-43 FOUND
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\notepad.exe: W32.Sality-43 FOUND
C:\WINDOWS\system32\config\default: Permission denied
C:\WINDOWS\system32\config\SAM: Permission denied
C:\WINDOWS\system32\config\SECURITY: Permission denied
C:\WINDOWS\system32\config\software: Permission denied
C:\WINDOWS\system32\config\system: Permission denied
C:\WINDOWS\system32\notepad.exe: W32.Sality-43 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 580501
Engine version: 0.95.2
Scanned directories: 27488
Scanned files: 265729
Infected files: 7
Data scanned: 55833.97 MB
Data read: 49260.22 MB (ratio 1.13:1)
Time: 24740.953 sec (412 m 20 s)


Jotti

Filename: notepad.exe
Status: Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Sun 28 Jun 2009 03:13:22 (CET)
Permalink: https://virusscan.jotti.org/en/scanresult/4ad7cf44af7271840612064776515e38db050e4d/0351d294bbfc3144d0f7697b9676164b3af066e8


VirusTotal

File notepad.exe received on 2009.06.28 21:03:31 (UTC)
Current status: finished
Result: 2/40 (5.00%)
Permalink: https://www.virustotal.com/analisis/865f34fe7ba81e9622ddbdfc511547d190367bbf3dad21ceb6da3eec621044f5-1246223011
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 9
Location: USA
Post Posted: Sun Jun 28, 2009 10:37 pm Reply with quote
Please do another scan. There was as Notepad false positive, but it has been fixed.

Regards,
View user's profileSend private message
seh87


Joined: 28 Jun 2009
Posts: 0
Location: Bowling Green, KY
Post Posted: Mon Jun 29, 2009 11:22 pm Reply with quote
Solved the problem.
Thanks so much.

-Sarah
View user's profileSend private message
notepad.exe Sality false positive?
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
 		All times are GMT  
Page 1 of 1  
  
  
ClamWin Free Antivirus Forum Index » Virus Scanner
 Reply to topic