ClamWin Free Antivirus :: View topic - Infected files: 4 Total errors: 2 Not copied: 4

Posted: Thu Jul 21, 2016 6:23 pm

Hi everyone,

I'm writing you because I have got this issue every day on my computer !

Every day I have got the same viruses that I have deleted but they reappear next day, every day with the same report !!

Can you give me some explanations, please ?

release 0.99.1 on Win 7

Code:

WARNING: Can't open file C:\Users\hp\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Permission denied

WARNING: Can't open file C:\Users\hp\ntuser.dat.LOG1: Permission denied

WARNING: Can't open file C:\Windows\MEMORY.DMP: Permission denied

WARNING: Can't open file C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config: Permission denied

WARNING: Can't open file C:\Windows\Panther\UnattendGC\diagerr.xml: Permission denied

WARNING: Can't open file C:\Windows\Panther\UnattendGC\diagwrn.xml: Permission denied

WARNING: Can't open file C:\Windows\PLA\System\System Diagnostics.xml: Permission denied

WARNING: Can't open file C:\Windows\PLA\System\System Performance.xml: Permission denied

WARNING: Can't open file C:\Windows\security\database\secedit.sdb: Permission denied

WARNING: Can't open file C:\Windows\System32\catroot2\127D0A1D-4EF2-11D1-8608-00C04FC295EE\catdb: Permission denied

WARNING: Can't open file C:\Windows\System32\catroot2\F750E6C3-38EE-11D1-85E5-00C04FC295EE\catdb: Permission denied

WARNING: Can't open file C:\Windows\System32\restore\MachineGuid.txt: Permission denied

WARNING: Can't open file C:\Windows\System32\sysprep\Panther\IE\diagerr.xml: Permission denied

WARNING: Can't open file C:\Windows\System32\sysprep\Panther\IE\diagwrn.xml: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\01D083B8F092E9FEF6D9C55A64A75334.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\0CB6D8EA6179D949B588A4D328F2A1D5.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\341285245F81AA74FE6654017E06C685.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\36AC724DE559C5D39EB46462A440D4E5.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\4A870B469F34065CA18AB1FDF6312BDF.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\4BE9D6CB921FE137B78AE9960CDD98B0.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\5AE917280E947651A324A3BB4D162227.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\6F8564A71977AE6B940705DCC4847A8D.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\807DD20ADF6F5D5EEA0C4E4CF016E69E.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\844A429FB6680A32838047A6271F8CD9.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\93BE9B2D6163316A39F5D9F7DCF57A26.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\97823DC673AD0F92AB9B83F4C177678B.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\D361F8B496FD6DAF7BEEF497E09C0DC1.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\D646DA2E24852AB49017D421DF4AB456.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\E9D8A460B2C986DD5FF19F299F4A27EC.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\EDB534A0AD75CF6CD3441C25046B8E9A.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\F1326650D965B0087F10C6AA6C049D46.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\wbem\AutoRecover\F5E2A66F8CD81F282CEFFB9E8125CC6F.mof: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Application.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\HardwareEvents.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Internet Explorer.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Key Management Service.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Media Center.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application Server-Applications%4Admin.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application Server-Applications%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Problem-Steps-Recorder.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4CaptureMonitor.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Backup.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-CAPI2%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Compat-Appraiser%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Admin.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-GWX-Ins%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Control Panel%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Admin.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkLocationWizard%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-NlaSvc%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-PrintService%4Admin.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Recovery%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteApp and Desktop Connections%4Admin.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteApp and Desktop Connections%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\microsoft-windows-RemoteDesktopServices-RemoteDesktopSessionManager%4Admin.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-ClientUSBDevices%4Admin.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-ClientUSBDevices%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-WER-Diag%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsSystemAssessmentTool%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-MTPClassDriver%4Operational.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Reason.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Security.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Setup.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\System.evtx: Permission denied

WARNING: Can't open file C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx: Permission denied

WARNING: Can't open file C:\Windows\Tasks\Adobe Flash Player Updater.job: Permission denied

WARNING: Can't open file C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job: Permission denied

WARNING: Can't open file C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job: Permission denied

WARNING: Can't open file C:\Windows\Tasks\Norton Security Scan for hp.job: Permission denied

WARNING: Can't open file C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.1.7600.16385_none_d104e6cf97534cc4\dnary.xsd: Permission denied

WARNING: Can't open file C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.1.7601.17514_none_d335fa979441d05e\dnary.xsd: Permission denied

----------- SCAN SUMMARY -----------

Known viruses: 4632968

Engine version: 0.99.1

Scanned directories: 23136

Scanned files: 149644

Infected files: 4

Total errors: 2

Not copied: 4

Data scanned: 23073.84 MB

Data read: 31615.03 MB (ratio 0.73:1)

Time: 6972.340 sec (116 m 12 s)

The following files are Digitally Signed by Microsoft Corporation and may have been incorrectly detected as viruses:

C:\SWSetup\sp54099\Vista\RtkNGUI.exe: [Win.Worm.Runouce-381] FALSE POSITIVE FOUND

C:\SWSetup\sp54816\Graphics\igdumdx32.dll: [Win.Trojan.Ramnit-7000] FALSE POSITIVE FOUND

C:\Windows\System32\DriverStore\FileRepository\hdabpcas.inf_x86_neutral_65d28dc4370249ee\RtkNGUI.exe: [Win.Worm.Runouce-381] FALSE POSITIVE FOUND

C:\Windows\System32\DriverStore\FileRepository\hdahpbpc.inf_x86_neutral_29f9db11cf35df45\RtkNGUI.exe: [Win.Worm.Runouce-381] FALSE POSITIVE FOUND

C:\Windows\System32\DriverStore\FileRepository\kit38939.inf_x86_neutral_23ecc18cff72278a\igdumdx32.dll: [Win.Trojan.Ramnit-7000] FALSE POSITIVE FOUND

C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_x86_neutral_8685826a5ca37e6b\I386\hpcdmc71.dll: [Win.Trojan.Tracur-283] FALSE POSITIVE FOUND

C:\Windows\System32\DriverStore\FileRepository\prnhp005.inf_x86_neutral_9307c57b91a7985e\I386\HPCDMC71.dll: [Win.Trojan.Tracur-283] FALSE POSITIVE FOUND

C:\Windows\System32\igdumdx32.dll: [Win.Trojan.Ramnit-7000] FALSE POSITIVE FOUND

Please do not be alarmed and help us by submitting the files identified above as FALSE POSITIVE at http://www.clamav.net/sendvirus/

--------------------------------------

Completed

--------------------------------------

Thank you very much
Have a nice day
Best regards
cleroy61

Posted: Fri Jul 22, 2016 1:31 am

The files flagged as infection appear to just be false positives. Please submit these files to ClamAV false positive mail so they can correct them here: https://www.clamav.net/contact

The permission denied files you can just ignore. These are just files that are locked and cannot be scanned by ClamWin. Unfortunately, there is no way to suppress these.

Posted: Fri Jul 22, 2016 5:21 am

Ok thanks for answering me !

I have already sent to the support for the false positive.

I'm waiting the answer ! It is the reason why I have written here !

Thank you very much
Have a nice day
Best regards
cleroy61

Posted: Fri Jul 22, 2016 6:37 am

By the way, in the log was showing your RSA encryption keys (or at least I think they were the keys as it looked very similar to an encryption key) so I removed them. I would suggest, if you still use the RSA encryption, that you might want to change your encryption key so someone doesn't compromise it.

Posted: Sat Jul 23, 2016 1:31 am

You can usually believe it when a ClamWin scan says that a file is a false positive. The ClamWin developers decided some time ago to protect users against false positive signatures on important Windows files. If they were quarantined, you might not be able to start your computer or run important system files. ClamWin uses the Clam AV signatures designed for Linux mail servers, and Clam AV has not given much importance to false positive files since they are no problem on email servers.

That seems like a lot of permission denied files--just looking at the number of them. You might want to download a copy of Malwarebytes free antimalware version and do a scan with it just to be sure. Keep it around in case you need to clean up something later.

Thanks for using ClamWin!

Regards,

Posted: Thu Jul 28, 2016 7:20 pm

Thank you very much for your answers !

Have a nice day
Best regards
cleroy61