So i just ran a scan today and found 4 files, two of which i think are false positives not sure about other two. Also, i had clamwin to report only at first, it found 4, but in the log i could not find what those 4 were? So i had to rescan and quarantine the files? Is there something wrong in the logs because i could not find at first what those 4 problem files are? Also, how to restore system32 file that were quarantined? In the quarantine folder all i have is .txt files like this one

PnkBstrA.exe.infected.txt

I tried to restore it with sentinel recover and the quarantine browser but it seems that it has disappeared from the system? Two others are 6b403.msi.infected.txt and 10c3e2.msi.infected.txt which are from C:\windows\installer

Id like to see if they are false positives.

Also i think this is a false positive for a file called parkcontroldist32.exe

https://bitsum.com/parkcontrol/

Virustotal reports 3 detections one is clamav. Any insight on it?

If you only have a text file (restore helper file) in quarantine, no file was put in quarantine. When there is only a text file, the file was used/deleted too quickly for ClamWin to act. This is usually okay--say when you are installing a program that uses temp files, but viruses can do this also. I regard a temp .exe file as very suspicious. If that is the case, scan the computer with the Malwarebytes free antimalware program.

You can restore any files that ClamWin puts in quarantine with the QRecover.exe restore file in the ClamWin\program\bin folder. Run it and highlight any file(s) that you want to restore. I do not believe there are no instructions for QRecover, but it is fairly intuitive. If there is any doubt about a quarantined file, run it by Virus Total before you restore it. Be sure to whitelist any false positives for a while--because it could take the Clam AV people a couple of weeks to correct the signature. ClamWin gets its scan engine/virus signatures from Clam AV.

You can ignore Virus Total detections from the smaller/mediocre AV programs if there are no accompanying detections by major AVs. I consider Clam AV to be mediocre. That is why I suggested that a detection is probably valid if 2 out of the 5 AVs above detect something.

Regards,

Thanks for the reply. I've found the files which i know pnkbstrA.exe is from even balance punkbuster a anticheat game program found in games such as wolfenstein enemy territory and battlefield heroes and battlefield play for free. Although it says that clamav doesn't detect anything in virustotal. The other two are .msi files when highlight them seem to be from cyberlink. I think im ok with not using malwarebytes but thanks for that info i will keep it in mind. So with that in mind i think my system is clean for now.

if ClamAV isn't detecting the file, but ClamWin is, then my guess would be there are some porting issues with ClamWin. You are using the latest .98.6 version right?

Hi, yes i am using 0.98.6 of ClamWin

There can be a difference in AV versions and signature databases between your computer and an online service. Sometimes the online services aren't up-to-date.

Regards,