ClamWin Free Antivirus :: View topic

Posted: Tue Jul 12, 2011 7:59 am

Dear Support Team,

i'm using your software to do a antivirustest on computers. Yesterday i scaned a pc with the newest virus definitions. 5 "viruses" appeared (LOGFILE). When i did the scan today with some new definitions only 3 viruses appeared. Can you tell me, what these viruses are? Is it just a problem with some definitions (checksums)?

best regards

steffen

Scan Started Mon Jul 11 15:23:10 2011
-------------------------------------------------------------------------------
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db: Permission denied
C:\Documents and Settings\Administrator\Local Settings\Temp\nsx1D.tmp: Permission denied
C:\pagefile.sys: Permission denied
C:\WINDOWS\system32\CatRoot2\tmp.edb: Permission denied
C:\WINDOWS\system32\config\default: Permission denied
C:\WINDOWS\system32\config\SAM: Permission denied
C:\WINDOWS\system32\config\SECURITY: Permission denied
C:\WINDOWS\system32\config\software: Permission denied
C:\WINDOWS\system32\config\system: Permission denied

C:\WINDOWS\regedit.exe: Trojan.Genome-118 FOUND
C:\WINDOWS\system32\dllcache\regedit.exe: Trojan.Genome-118 FOUND
C:\WINDOWS\system32\dllcache\spider.exe: Trojan.Genome-25 FOUND
C:\WINDOWS\system32\dllcache\taskmgr.exe: Trojan.Genome-28 FOUND
C:\WINDOWS\system32\taskmgr.exe: Trojan.Genome-28 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 1694462
Engine version: 0.95.3
Scanned directories: 5288
Scanned files: 53041

Infected files: 5

Data scanned: 9897.66 MB
Data read: 8374.11 MB (ratio 1.18:1)
Time: 2028.015 sec (33 m 48 s)
--------------------------------------
Completed
--------------------------------------

one day later:

Scan Started Tue Jul 12 08:58:53 2011
-------------------------------------------------------------------------------
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db: Permission denied
C:\Documents and Settings\Administrator\Local Settings\Temp\nsj25.tmp: Permission denied
C:\pagefile.sys: Permission denied
C:\WINDOWS\system32\CatRoot2\tmp.edb: Permission denied
C:\WINDOWS\system32\config\default: Permission denied
C:\WINDOWS\system32\config\SAM: Permission denied
C:\WINDOWS\system32\config\SECURITY: Permission denied
C:\WINDOWS\system32\config\software: Permission denied
C:\WINDOWS\system32\config\system: Permission denied

C:\WINDOWS\system32\dllcache\spider.exe: Trojan.Genome-25 FOUND
C:\WINDOWS\system32\dllcache\taskmgr.exe: Trojan.Genome-28 FOUND
C:\WINDOWS\system32\taskmgr.exe: Trojan.Genome-28 FOUND
----------- SCAN SUMMARY -----------

Known viruses: 1696528
Engine version: 0.95.3
Scanned directories: 5288
Scanned files: 53063

Infected files: 3

Data scanned: 9898.14 MB
Data read: 8374.55 MB (ratio 1.18:1)
Time: 2043.203 sec (34 m 3 s)
--------------------------------------
Completed
--------------------------------------

Antivirus results
AhnLab-V3 - 2011.07.12.02 - 2011.07.12 - -
AntiVir - 7.11.11.63 - 2011.07.12 - -
Antiy-AVL - 2.0.3.7 - 2011.07.12 - -
Avast - 4.8.1351.0 - 2011.07.11 - -
Avast5 - 5.0.677.0 - 2011.07.11 - -
AVG - 10.0.0.1190 - 2011.07.11 - -
BitDefender - 7.2 - 2011.07.12 - -
CAT-QuickHeal - 11.00 - 2011.07.11 - -
ClamAV - 0.97.0.0 - 2011.07.12 - Trojan.Genome-28
Commtouch - 5.3.2.6 - 2011.07.12 - -
Comodo - 9357 - 2011.07.12 - -
DrWeb - 5.0.2.03300 - 2011.07.12 - -
Emsisoft - 5.1.0.8 - 2011.07.12 - -
eSafe - 7.0.17.0 - 2011.07.11 - -
eTrust-Vet - 36.1.8438 - 2011.07.12 - -
F-Prot - 4.6.2.117 - 2011.07.11 - -
F-Secure - 9.0.16440.0 - 2011.07.12 - -
Fortinet - 4.2.257.0 - 2011.07.12 - -
GData - 22 - 2011.07.12 - -
Ikarus - T3.1.1.104.0 - 2011.07.12 - -
Jiangmin - 13.0.900 - 2011.07.11 - -
K7AntiVirus - 9.108.4894 - 2011.07.11 - -
Kaspersky - 9.0.0.837 - 2011.07.12 - -
McAfee - 5.400.0.1158 - 2011.07.12 - -
McAfee-GW-Edition - 2010.1D - 2011.07.12 - -
Microsoft - 1.7000 - 2011.07.12 - -
NOD32 - 6285 - 2011.07.12 - -
Norman - 6.07.10 - 2011.07.11 - -
nProtect - 2011-07-12.02 - 2011.07.12 - -
Panda - 10.0.3.5 - 2011.07.11 - -
PCTools - 8.0.0.5 - 2011.07.12 - -
Prevx - 3.0 - 2011.07.12 - -
Rising - 23.66.00.03 - 2011.07.11 - -
Sophos - 4.67.0 - 2011.07.12 - -
SUPERAntiSpyware - 4.40.0.1006 - 2011.07.12 - -
Symantec - 20111.1.0.186 - 2011.07.12 - -
TheHacker - 6.7.0.1.253 - 2011.07.12 - -
TrendMicro - 9.200.0.1012 - 2011.07.12 - -
TrendMicro-HouseCall - 9.200.0.1012 - 2011.07.12 - -
VBA32 - 3.12.16.4 - 2011.07.12 - -
VIPRE - 9839 - 2011.07.12 - -
ViRobot - 2011.7.12.4563 - 2011.07.12 - -
VirusBuster - 14.0.119.0 - 2011.07.11 - -
File info:
MD5: 2cd1c3506a85b38e2d17e61aded175c4
SHA1: 811d06dc5c7b530a5f0bd07c50607e402da43d59
SHA256: f899e8c466b518346d47c7cd56f6d4ae3eed38369b8e38b6badf0227b93e7f82
File size: 135680 bytes
Scan date: 2011-07-12 07:34:43 (UTC)

Posted: Tue Jul 12, 2011 7:14 pm

It appears they are all false positives and that some of them have been corrected. You should upload the still-detected files to Clam AV for correction via their page at https://www.clamav.net/lang/en/ on the web (submit a file link). Be sure to indicate the type is "false positive" and not "virus" on the submission form Clam will correct their signature withing a couple of days. In the meantime, you can temporarily exclude those files from ClamWin scans via ClamWin preferences, filters, exclude matching filenames.

Regards,

Posted: Fri Jul 15, 2011 10:22 am

problem fixed with new virus definition updates. thx

Posted: Wed Sep 14, 2011 9:56 pm

Congratulation , you had fixed your problems !

Kevincartter
Los Angeles , USA