You are here

ClamWin: CWP Says CWP is a trojan?

6 posts / 0 new
Last post
oraclex7
Offline
Last seen: 8 years 5 months ago
Joined: 2010-09-03 22:44
ClamWin: CWP Says CWP is a trojan?

Okay, strangeness abounds.

I installed the suite on my new USB HD, and just for fun thought I'd run CWP, updated the defs as it said since it was the first time running, then started scanning the USB drive, my McAfee picked up the temp files as a trojan, but I know the reason for that after looking through this forum (thanks for that answer)

But then I thought I'd scan the processes in memory... And CWP picked up itself, twice as a trojan, some generic one or other.

I know my system is clean so I'm not worried, but thought I'd post to see if anyone else has struck this issue and if anyone can explain it.

Tim Clark
Tim Clark's picture
Offline
Last seen: 12 years 11 months ago
Joined: 2006-06-18 13:55
_CW_ says CWP is a trojan?

You really need to provide more specific information, but based on what you have said this is what I Think is happening, ClamWin [the host app] is detecting ClawWinPortable [the launcher] and/or compressed parts of the host app, as being infected.

See this as a further example:
https://portableapps.com/node/20613

Please read the whole topic to understand what MAY be happening.

Tim

Things have got to get better, they can't get worse, or can they?

Tim Clark
Tim Clark's picture
Offline
Last seen: 12 years 11 months ago
Joined: 2006-06-18 13:55
Follow Up

Confirmed and fixed

The detected file was:
CWP\App\clamwin\lib\shell.pyd
Trojan.Fraudpack-4400 FOUND

I would guess that it was the compression of this file that caused the FP.
As of today's daily dat 11800 it is no longer detected.

Please verify for yourself that your CWP is functioning properly.
Or at least verify that the file shell.pyd still exists in the location indicated above.
If you have the default setting for a memory check,
"Unload Infected Programs from Computer Memory" enabled
Clam may have deleted the file and I'm not sure what it does (I don't intend to test it)

IF that file does not exist or your CWP is not functioning properly please reinstall it.

I recommend Disabling the default "Unload Infected Programs from Computer Memory"

Tim

Things have got to get better, they can't get worse, or can they?

diegoopensource
Offline
Last seen: 12 years 3 months ago
Joined: 2010-04-27 10:56
This is getting better!

https://www.virustotal.com

File name:ClamWinPortable_0.96.2.1_English.paf.exe
Submission date:2010-09-09 17:49:00 (UTC)
Current status:queued queued analysing finished
Result:3/ 43 (7.0%)

===============================================
Jiangmin 13.0.900 2010.09.09 Trojan/Obfuscated.asyg
McAfee 5.400.0.1158 2010.09.09 Suspect-D!7A35D0DCFB26
TrendMicro 9.120.0.1004 2010.09.09 PAK_Generic.001
===============================================

MD5 : d51435e647f4af05af521bccecaa898f
SHA1 : 64a036011148bb2c26d0587bfd08665403756576
SHA256: 2ccda112dba7b0d29e8e74f5293bf9717b20501f506495dc831b3b4a3dc2c3a7

Insurance is a false positive!...??

==================================================================
==================================================================

This is getting better! Smile

File name: ClamWinPortable_0.96.2.1_English.paf.exe
Submission date: 2010-09-17 01:51:07 (UTC)
Current status: queued queued analysing finished
Result: 2/ 43 (4.7%)
===============================================
Jiangmin 13.0.900 2010.09.16 Trojan/Obfuscated.asyg
TrendMicro 9.120.0.1004 2010.09.16 PAK_Generic.001
===============================================

joeharker
Offline
Last seen: 6 years 3 weeks ago
Joined: 2006-11-27 17:48
Note regarding virus claim

Clam win has not been working for me since the virus warnings started

i replaced my \PortableApps\ClamWinPortable\App\clamwin\bin\ClamWin.exe file with the file from a full install

now i dont get warnings and my clamwin works

John T. Haller
John T. Haller's picture
Offline
Last seen: 7 hours 22 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Same File

We make no changes to clamwin.exe for the portable version. We don't UPX it because of false-positive issues.

Sometimes, the impossible can become possible, if you're awesome!

Log in or register to post comments