 |
 | Worm found in Destop ini file on windows 7 |  |
|
swilson23
|
|
Hello,
I just did a clean install with windows 7 and when I scan my system I get the followin message: C:\Users\Scott & Lori\Desktop\desktop.ini: Worm.Autorun-2190 FOUND A friend of mine also just did a windows 7 install and is getting the same message. Is this a false positive? Thanks for your help. |
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
The best way to verify a detection is false is to upload it to Jotti or VirusTotal. If just a few AVs there find an infection, it is probably a false positive, and you should tell Clam about it. I like to see 5 or more AVs to verify an infection.
Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
grantbourque
|
|
https://virusscan.jotti.org/en/scanresult/d833ae59a68d433d5cb6004df20e194f80e2d69f/aeee7a6e1109590dafd9bd9c653d55161f44242e
VirusTotal had the same result. If it is a false positive, why in the world would it be named Worm.Autorun? Seems kind of odd doesn't it? Do you think it'd be safe to remove? I've never had a virus before (or a false-positive for that matter) and I practice very conservative computer habits. I almost had a heart attack when ClamWin told me about this. |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
A false positive happens because viruses can use some of the same code as a "good" file. A virus is just another program.
Send the false positive to Clam at https://www.clamav.net/sendvirus/ on the web so they can fix the signature. Be sure and check the false positive block when you get to the upload page. Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
pcbloods
|
|
Hi exactly the same happened to me just recently. AVG finds nothing wrong and I have just had the message on a fresh Win 7 install.
|
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
The only way to fix a false positive in ClamWin is to verify it is false with one or more other antivirus programs and then send a copy of the false positive file to Clam starting at https://www.clamav.net/sendvirus/ on the web. Be sure to indicate it is a false positive and tell the name of the false virus. They will check it out and adjust the signature for Clam and ClamWin.
Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
Mikef12
|
|
Another way, particularly if it's a text file like desktop.ini, is to look at it in notepad. I just had the same thing happen in Vista Ult. It was a false positive. Cheers, Mike |
|||||||||||||
|
|||||||||||||||
|
 | Worm found in Destop ini file on windows 7 | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.