When I ran the antivirus programme yesterday, it had quarantined Trojan Agent - 148141 in file C\Program Files\ Microsoft works\ SWP.exe . I am wondering whether this is a trojan or part of the file and would appreciate advice of what Trojan 148141 is and whether any other files might be affected.

Thank you.

Upload the file to Threat Expert at https://www.threatexpert.com/ on the web. Submit Sample, and they will give you an email report of what the file does. Anubis at https://anubis.iseclab.org/ on the web is a similar service, but they will give you a report on screen. These two services are free, but they only analyze Windows executable files. It is okay if a file adds, modifies, or changes its own registry keys. A virus/trojan/etc. will change other keys, open up ports/contact web sites on its own, and have a fairly long report. Threat Expert will give you a threat ranking.

For Javascript, PDF, and URLs, go to Wepawet at https://wepawet.iseclab.org/ on the web.

If the file turns out to be a false positive, upload it to Clam Av for correction, starting at https://www.clamav.net/lang/en/sendvirus/ on the web. When you get to the upload page, be sure to select False Positve, and tell them the name of the false virus in the Comments section. Clam will correct the signature in a day or so, and ClamWin will also benefit.

Don't set ClamWin to Quarantine/Remove until Version .96 comes out--soon!

Regards,

Thanks guitar bob. Unfortunately I am a not very accomplished silver surfer and do not know which file and where from(quarantine perhaps) and do not know how to upload it. Many thanks. dic

Without having the file, there is no way to tell if it is a real infection or a false positive. I checked the Clam AV submission interface, and the Clam signature appears to be for a version of the Virut virus. The signature was made 3/11/10. The Virut signatures are subject to false positives, but they usually are reported shortly after the signature is made. Viruses do not affect MS Works very often--the suite is not as popular as MS Office. In fact, I believe Microsoft has discontinued it. This makes me think it is very likely a false positive detection and not a real virus.

False positives should be submitted to Clam AV, (which furnishes its detection engine and signatures to ClamWin. Clam AV's submission page is located at https://www.clamav.net/lang/en/sendvirus/ on the web. From there, you go to a submission page where you fill in a form--changing the description block to False Positive and inserting the exact name of the false detection in the Comments section.

You can tell where your Quarantine directory is by right clicking on the ClamWin icon among those in your Windows system tray. Then click on General options, and a section on the page will tell you where the Quarantine folder is located. You can navigate there by using Windows Explorer to access your computer's directory files. I suggest you get someone to show you how to access the directory--it is very useful to know. I think you could also do some searching on Google for Using Windows Explorer or Accessing the Windows directory. There is some good instructional material on the world wide web--on any subject you want. If you found your way here, I know you can do it!

Regards,

Thank you for your help but as you say I will most certainly need help. I am grateful for your help.

Best wishes