|
bren
| Joined: 12 Dec 2016 |
| Posts: 0 |
|
|
|
 Posted: Tue Nov 06, 2018 6:42 pm |
|
 |
 |
|
|
I have several new computers scanned and all were found with:
C:\Progrtam Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll:
Win.Packed.Gandcrab-6502665-1 FOUND
Anyone has the same issue?
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Tue Nov 06, 2018 11:36 pm |
|
|
|
|
|
ClamWin uses the Clam AV scanning engine and signatures from the open source Clam AV project. The Clam AV signatures find a bit more false positive detections than other AVs. I suggest that you scan the file(s) involved with the free Virus Total online scanner. If 2 of these AVs detect an infection, I will believe it is a valid detection: Avira, Bitdefender, Eset Nod 32, Kaspersky, or Sophos. If they do not, then look to see if at least 2 other major AVs detect it--such as Microsoft, Avast, AVG...
If it is a false positive detection that is only detected by Clam AV on Virus Total, Virus Total will send a copy of the file to Clam AV so they can correct their signature, which will eventually be received by ClamWin in a Clam AV signature update. This may take several days, however, so you might be able to speed things up by uploading a copy of the falsely-detected file to Clam AV via the Contacts link on the Clam AV web site. Be sure to select the false positive link--not the report a virus link. You can temporarily exclude/whitelist a file from ClamWin's scans via the Tools, Preferences, Filters, Exclude Matching Filenames menu item. I would give Clam AV about 2 weeks to correct their signature--no one works on Clam fulltime at Cisco.
Thanks for using ClamWin!
|
|
|
