 | Trojan.Dropper-26461 |  |
viola
Joined: 06 Oct 2010 |
Posts: 0 |
|
|
 |
Posted: Wed Oct 06, 2010 10:38 am |
|
 |
 |
 |
 |
Yesterday Clamwin found this trojan in a file called foobar_uninstall.exe. However, no other AV (Trend online and AVG) found it, and there was nothing in the Clamwin quarantine vault. I uninstalled foobar using the Windows add/remove programmes facility, however Clamwin still shows the trojan in local settings\Temp. Is it likely that this is because I have yet to reboot, and complete the uninstall process? Is it safe to reboot while the trojan is still (?) there in a temporary file? (I should add that it still doesn't show up in the quarantine file, and neither avg nor windows defender can find anything wrong!)
|
|
 |
 | |  |
GuitarBob
Joined: 09 Jul 2006 |
Posts: 9 |
Location: USA |
|
 |
Posted: Wed Oct 06, 2010 3:44 pm |
|
 |
 |
 |
 |
It sounds like you had a false positive detection, but you can manually delete the file from the temp directory. ClamWin comes with a default of "Report Only" for infected files. You can also set it to Remove or to Quarantine; however, you should probably leave it at the default on a permanent basis--to prevent removing/quarantining an important file (like a Windows system file!) as a false positive. Check any detections it finds with Jotti or Virus Total first before you do anything. If a file is really infected, you can manually remove it or temporarily set the infected file option to remove/quarantine and rescan. Be sure to reset back to the infected file default afterwards.
Often, a virus in a temp file needs to be activated by a "control" program and they are harmless until then. You don't want them around though.
If you are not using a real-time antivirus with ClamWin (it is only an on-demand scanner), look into the Clam Sentinel front end for ClamWin (you must have ClamWin installed in order to use it). It's free at https://sourceforge.net/projects/clamsentinel/ on the web. Read the short Simple Guide before installation.
Regards,
|
|
 |
 | |  |
viola
Joined: 06 Oct 2010 |
Posts: 0 |
|
|
 |
Posted: Thu Oct 07, 2010 10:30 am |
|
 |
 |
 |
 |
Yes, that seems to have worked; manually deleted all temp files, and a new Clamwin scan is the all-clear! (Do seem to get a lot of PF's with Clamwin lately, but better safe than sorry!")
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by
phpBB © phpBB Group
Design by
phpBBStyles.com |
Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.