ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
ClamWin Free Antivirus Forum Index » General Suggestions/Questions
Reply to topic
Malware/Virus Information
vincedanks


Joined: 09 Oct 2018
Posts: 0
Post Posted: Tue Oct 09, 2018 2:30 pm Reply with quote
Hi,

I’m running Windows 7 Basic on my Netbook laptop.

The taskeng.exe window kept randomly appearing so I ran a few different virus scanners and ClamWin found this:

C:\Users\Vince\AppData\Roaming\Thunderbird\Profiles\d9nrv8mw.default\Mail\mail.arielpress.com\Inbox: Vbs.Downloader.VBDownloader-6486516-0


and Malwarebytes found this:

Trojan.MalPack, C:\USERS\VINCE\APPDATA\ROAMING\MICROSOFT\WINDOWS\VETHFFSS\ERDCJHUI.EXE


I can get rid if these easily enough by re-formatting the hard drive but how can I find out what they’ve been doing?

Thanks,

Vince
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 9
Location: USA
Post Posted: Tue Oct 09, 2018 3:05 pm Reply with quote
I suggest that you first try to scan the files on the online Virus Total website to see if other AVs detect them as malicious. You can just upload the file detected by ClamWin directly from the Clamwin quarantine folder--all that ClamWin does is just change the name and put "infected file" after the file extension so it can not execute--I don't know about Malwarebytes.

If the file is detected by other AVs, then it is a real infection, not a "false positive" which ClamWin sometimes gets. Virus Total will notify Clam AV (Clam AV is responsible for the scan engine/virus signatures used by ClamWin) so Clam AV can change its bad signature. If the file is really infected, you can leave it in quarantine or delete it from there. Malwarebytes doesn't get too many false positives.

I don't think you need to reformat even if these are real infections. Just do another scan with Malwarebytes and ClamWin to see if they missed something. If they find something, keep running until they don't find anything. If the infection keeps coming back, get a copy of Dr. Web's free Cureit from their web site and do a scan or two with it. I don't think you have to install Cureit--you can run it as downloaded.

Thanks for using ClamWin! Make sure to use ClamWin as a backup scanner to a real-time AV. You need that real-time protection to keep malware off your computer in the first place. If you are using Malwarebytes Pro, that is okay.

Regards,
View user's profileSend private message
vincedanks


Joined: 09 Oct 2018
Posts: 0
Post Posted: Tue Oct 09, 2018 3:46 pm Reply with quote
Many thanks for the advice, I will do as you suggest!

Cheers,

Vince
View user's profileSend private message
Malware/Virus Information
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
 		All times are GMT  
Page 1 of 1  
  
  
ClamWin Free Antivirus Forum Index » General Suggestions/Questions
 Reply to topic