/media/james/A24425074424E031/Dell/Drivers/0T0GT/Vista/RtkNGUI.exe: Win.Worm.Runouce-381 FOUND

I pretty sure this is a false positive, but I want to be sure before doing anything. Could anybody help me?

Upload the file to Virus Total at https://www.virustotal.com/ on the web. Virus Total will scan it in a couple of minutes with 50+ antivirus programs, including the Clam AV scan engine used by ClamWin. If only 1 or 2 other AVs besides Clam AV say it is infected, it is most likely a false positive. I like to see at least 2 of these AVs detect a file as infected before I believe it: Avira, Bitdefender, Eset (Nod32), Kaspersky, and Sophos. They all use their own scan engine and have a wide user base which includes lots of businesses, which tend to use the better AVs.

Virus Total will send a copy of false positive files to the AVs that falsely detect it so they can correct their virus signatures. but you might speed up things a bit if you also submit it to Clam AV at https://www.clamav.net/reports/fp on the web. It may take Clam AV a week or so to correct their signature because no one works on Clam AV full-time--they have other duties for Cisco (the owner of Clam AV now). You could whitelist the file in ClamWin's tools if you want to.

Thanks for using ClamWin!

Regards,

Yep, it's a false positive. But my friend's computer that I'm scanning now probably is infected. I just posted about it.

ClamWin can not prevent an infected file from getting on your computer because it does not scan in real-time. It is an on-demand scanner that scans when you tell it to-either with a manual or scheduled scans. You/friend should use ClamWin as a backup to a real-time scanner.

Zemana Antimalware free or Malwarebytes free are pretty good at cleaning up after infections. Keep one of them around in case something gets by ClamWin/other security software.

Thanks for using ClamWin!

Regards,