Hi all,
Look, I have AVG AntiVirus Free 8.0 and the latest version of ClamWin installed on my computer. I have ClamWin scheduled to do a C:\ scan on Thursday nights and E:\ (my external hard drive) on Saturday night and AVG scans both drives on Friday night. This is what ClamWin came up with on my scan last night:
Scan Started Sat May 02 22:00:06 2009
-------------------------------------------------------------------------------
*** Scanning Programs in Computer Memory ***
*** Memory Scan: using ToolHelp ***
*** Scanned 47 processes - 498 modules ***
*** Computer Memory Scan Completed ***
E:\Brad's Files\Brad\PortableApps Installations\Xenon_File_Manager_Portable_1.5.paf.exe: Worm.Waledac-4693 FOUND
E:\Brad's Files\Brad\PortableApps Installations\Xenon_File_Manager_Portable_1.5.paf.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\Xenon_File_Manager_Portable_1.5.paf.exe.infected'
----------- SCAN SUMMARY -----------
Known viruses: 548838
Engine version: 0.95.1
Scanned directories: 2434
Scanned files: 45096
Infected files: 1
Data scanned: 69916.30 MB
Data read: 109558.50 MB (ratio 0.64:1)
Time: 31695.640 sec (528 m 15 s)
On Friday night, AVG picked up a virus in another PortableApps program listed below:
Folders selected for scanning:;"C:\;E:\;"
Scan started:;"Friday, 1 May 2009, 10:59:15 PM"
Scan finished:;"Saturday, 2 May 2009, 8:58:12 AM (9 hour(s) 58 minute(s) 57 second(s))"
Total object scanned:;"1149449"
User who launched the scan:;"SYSTEM"
Infections
File;"Infection";"Result"
E:\Brad's Files\Brad\PortableApps Installations\aMSN_Portable_0.97.2.paf.exe;"Trojan horse Agent2.FIE";"Infected"
E:\Brad's Files\Brad\PortableApps Installations\aMSN_Portable_0.97.2.paf.exe:\$JP\aMSN\scripts\utils\windows\gnash\libcurl-4.dll;"Trojan horse Agent2.FIE";"Infected"
If anyone can please tell me if this is wrong, please tell me how I can contact both AntiVirus companies to let them know. Thanks in advance!
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
First update to the latest definitions of ClamAV, currently daily: 9320
I reported a similar FP to ClamAV yesterday, Worm.Waledac-#### and they fixed it late this morning
If it still shows up, upload the file to:
http://www.virustotal.com/en/indexx.html
and/or
http://virusscan.jotti.org/
If it shows clean there you can be sure it is a false positive.
You should then upload the file to to ClamAV being sure to check the False Positive check box at:
http://cgi.clamav.net/sendvirus.cgi
I don't use AVG so I don't know about it, but you should have some method to report a false positive.
Try this:
-----------------------------------
http://free.avg.com/faq.num-1320?srch=report%7Cfalse%7Cpositive#faq_1320
* Open AVG Free User Interface.
* Choose the "Virus Vault" option from the "History" menu.
* Right-click the false positive file and select the "Send to analysis" option from context menu.
* Fill in your e-mail address
* Confirm the dialog
This file will be sent to our virus specialists for analysis and we will inform you about the result.
-----------------------------------
Also, This topic will be moved to the ClamWin Portable Forum shortly
Tim
Things have got to get better, they can't get worse, or can they?
This topic will be moved to the ClamWin Portable Forum shortly
This thread has nothing to do with ClamWin Portable. The sw is installed on the OP's hard drive.
Ed
I totally agree with you. That is the reason I put this in the General Discussion section, because it wasn't ClamWin Portable that picked up the viruses, only ClamWin installed on my computer. I mustn't have made myself clear enough in the main topic I started, otherwise this probably wouldn't have happened.
Thanks for helping though, Tim, I sent the file to ClamWin that was the problem, so hopefully they may have fixed it. I haven't solved the aMSN one that AVG picked up though, but plan to do that today.
Also, after searching many pages of the General Discussions forum, trying to find this topic I started, I ended up having to use the Search feature. Rather than saying that the thread is being moved in a forum reply, wouldn't it be better to email people about their topic being moved? It would save a lot of panicked searching.
Bradley Eaton
(eltonbrad)
My apologies
I moved it here as it talks about a False Positive in ClamWin, which I did misread as ClamWinPortable [my bad] and is thus not really a PortableApps question, even in General Discussion, but we have no False Positive Forum and the CWP one seemed close. I thought I had left it in the General Forum for a long enough time [several hours] that you would have seen the reply.
Even my own topic on the subject is in the Off Topic Forum.
Unfortunately only the Admin of the site has access to your email address for your safety, the mods do not.
Again, my apologies
Tim
[oh, as a side note, many of us here use the tracker page: https://portableapps.com/tracker it is very useful to see what's been posted recently, and it also has a link near the top to Your Recent posts called: My Recent Posts]
Things have got to get better, they can't get worse, or can they?
That's OK, I understand what you mean. I merely was saying that ClamWin had found a virus in the Xenon File Manager installation file while AVG found another virus in the aMSN installation file. I still haven't found out whether the file has been fixed by ClamWin yet, but I'm waiting for the scheduled scan to start on Saturday night so I can find out on Sunday. I haven't shorted the aMSN one out yet that AVG found, but I will next week if it keeps being picked up.
Oh well, at least it's good you all tell people in your replies whether the post is being moved, especially since only the Admin only has the email addresses.
Thanks so much for telling me about the PortableApps Tracker, I didn't know about that, but I'll be using it from now on!
Thanks again!
Bradley Eaton
(eltonbrad)