 |
 | False Positive(s), possibly... |  |
|
Gray__Fox
|
|
Are the two in Red false positives. One is a download I got with Corel Paint Shop Pro Photo X2 extras.
And another is a file in a game that came in the Adventure Anniversary pack... How do you know if it's false positive, or if it's infected? Also... the first one, in green, it's in a temp folder... ummm, should I be suspicious of it and remove it? Last I knew temp files shouldn't be locked out. Scan Started Mon Jul 27 18:37:12 2009 ------------------------------------------------------------------------------- C:\Documents and Settings\Gray Fox\Local Settings\Temp\hsperfdata_Gray Fox\6040: Permission denied C:\pagefile.sys: Permission denied C:\WINDOWS.0\system32\CatRoot2\tmp.edb: Permission denied C:\WINDOWS.0\system32\config\default: Permission denied C:\WINDOWS.0\system32\config\SAM: Permission denied C:\WINDOWS.0\system32\config\SECURITY: Permission denied C:\WINDOWS.0\system32\config\software: Permission denied C:\WINDOWS.0\system32\config\system: Permission denied C:\WINDOWS.0\Temp\ZLT005fc.TMP: Permission denied E:\Silvers Folder\stuff\Install programs\INC1200_Corel_ALL_Full_ESD.exe: Trojan.Qhost-165 FOUND F:\Games\JoWood\Dead Reefs\bin\toolkit_30sp1.dll: Worm.Kido-34 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 604067 Engine version: 0.95.2 Scanned directories: 15353 Scanned files: 222680 Infected files: 2 Data scanned: 93963.31 MB Data read: 178207.83 MB (ratio 0.53:1) Time: 9279.953 sec (154 m 39 s) -------------------------------------- Completed -------------------------------------- |
|||||||||||
|
|||||||||||||
 |
| |
|
Antonio S.
|
|
Hello,
Have a check with online Jotti or Virustotal services to see if those are false positives (I have seen many FP arising from Clam scans recently, so it's better to make a double check). If only Clamwin is detecting the files as infected, then it's definitely a FP. Pls notify Clam tean using the form @ cgi.clamav.net/sendvirus.cgi. and ticking the relevant box related to FP. They are going to fix the issue rapidly so it won't show in next scans. Hope this helps, antonio |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
A quick check is to look at the modification date (or installation date if not modified) of the files to see if they were changed. Navigate to the file in Windows Explorer, right click to bring up the context menu, and select properties. One of the tabs (Detail tab maybe) will show dates. If there have not been any recent changes, the file MAY be okay. I said MAY because some viruses can change the dates, so this isn't 100% sure. If they do, it may look funny, however--I've seen them change files so that the modification date is before the setup date!
Regards, |
|||||||||||
|
|||||||||||||
|
 | False Positive(s), possibly... | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.