FYI:
A Probable False Positive is being reported by CW for the following files:
C:\WINDOWS\ServicePackFiles\i386\wextract.exe: Worm.Waledac-2299 FOUND
C:\WINDOWS\system32\ wextract.exe: Worm.Waledac-2299 FOUND
as of definition versions of at least 9313 to 9318 [updated this morning]
VirusTotal and Jotti both find the files clean other than for ClamAV.
I do Not recommend allowing the deletion of these files.
A false positive report has been filed with ClamAV
Tim
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
As you know this is a ClamAV issue and not a ClamWin issue, we don't need the post here. The last thing we want it a post about every ClamAV false positive in this forum.
Sometimes, the impossible can become possible, if you're awesome!
I was just concerned as this file will be on Every Windows system out there, or at least every Windows XP system out there, and if Anyone runs a full scan, or more likely just the recommend scan on \system32 , they will see it and might panic, and come here to post, I thought to nip it in the bud
Tim
[Topic moved to the OT forum by me at 1:10 CDT]
Things have got to get better, they can't get worse, or can they?
To late...I've already quarantined it. Now my computer is telling me to download windows again in the system 3 pack. Is there a way I can restore this from quarantine?My media player seems to be functioning, but...I haven't tried to burn anything...so I am not sure. I don't have the disk its telling me to insert.
How do you make God Laugh? Tell him your plans.
preferences>general>infected files set to report only. You could go back and scan the file again and quarantine it if you suspect a malicious file, but let it just report it first to alleviate these types of situations. Also save the report, so you know where the file is located, the report logs stuff like that.
To Others: Would it be possible for the previous commnetor to go into the quarantine folder and salvage his file? Rename the file extention to remove the quarantine extension? I think that I saw something along these lines somewhere.
Sorry for not getting back to you before.
I don't read the Off Topic Forum unless someone brings something to my attention.
[I only moved the Topic here has John did not seem to like it]
You might be able to, as someone else suggested, copy it back from your quarantine folder and restoring the original location and name if need be [I have never let ClamWin quarantine anything so I'm not sure if it changes the name]
ClamWinPortable should always be run in the default Report only mode, the decision to delete should be an informed decision that you make.
Good Luck
Tim
Things have got to get better, they can't get worse, or can they?
Im pretty sure if you check your scan log that you will see a list of the files quaranteened or Issues found, it should display the full path to the file including the original file extension so just move it back to that path and give it back its original file extension and that should be it. But as stated before its best to just use the "report only" setting to avoid any problems.
An eye for an eye makes the whole world blind.
Mahatma Gandhi,
Indian political and spiritual leader (1869 - 1948)