I've done a couple of scans with Clamwin and every entry scanned states 'permission denied' and then in the middle of the scan I get a virus alert from Avast which says:

C:\users\my name\appData\local\temp\clamAv (and a long string of numbers & letters)
Malware name: Win32: trojan-gen -virus/worm

The end result of the scan says that there is NO infection.
This happened in both of the scans

I've done several online scans, also with Avast and they were all OK.

Would greatly appreciate if someone could please explain what's going on here and what does all this mean. Also, how do I resolve this? Can I just delete this from the quaranteen box?
Thanks.


Windows 7
Avast
Windows Defender

I suspect what is happening with Avast is that it detects a virus in a ClamWin temp file. As ClamWin scans, it uses temporary files that may contain a virus signature--not a virus, but one of its signatures. It might be a file hash that looks something like what you describe (something like ed228603bf5d6ba382b59274dba35a0a.tmp). I had this problem once-in-a-while when I used Avast with ClamWin a couple of years ago. There is no real virus--it just happens to have a signature similar to ClamWin for something.

It's okay, just let Avast kill the temp file. Better yet, see if you can exclude *.tmp from Avast's detection. Some other ClamWin temp files you may see are nocomment.html and notags.html. Another alternative is to turn off Avast's real-time protection when you scan with ClamWin (if you scan manually).

The new version of Avast is very good--providing well-balanced and comprehensive protection. The free version is a real bargain, and ClamWin makes a good backup to it.

Regards,

GuitarBob:
Thanks for explaining this. Guess I could have deleted this right from the virus alert box, but since I sent it to the quaranteen box, can I now just delete it from there?

I am very new to Avast and find it a bit confusing. Could you please advise me on how to shut down real-time protection?
When I go to 'stop provider', do I click on standard shield or web shield? Am having a time trying to understand all these shield terms etc.

Will search around to find out how to exclude .tmp from my next scan.

Thanks again for your help, really appreciate it.

vjg

It's been a while since I used Avast, and it appears to have changed based on what I see on their web site. I think the standard shield is what you need to disable to suspend real-time scanning. You should be able to delete/clear what is in the Avast quarantine folder--jst be sure not to Restore any viruses back to where they came from!

You do not want to exclude all temp/tmp files from Avast scans, just the clamtmp files and nocomment.html and notags.html, if possible. You may need to actually name the clamtmp files and the name will change, but they will all have the clamtmp extension--that is, *.clamtmp. I don't recall if you can use that star "wildcard" to tell Avast to exclude any filename with a .clamtmp extension. Check the Avast forum for more help with it.

Regards,

Thanks very much for your help. I will check the Avast forums as you suggested.

vjg