Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: win32

How do I return these files to their original names and folders

 

 

ClamAV win32 RSS feed   Index | Next | Previous | View Threaded


jw.michels at gmail

May 1, 2009, 10:41 AM

Post #1 of 4 (3593 views)
Permalink
How do I return these files to their original names and folders

Hi,
After a recent virus scan (Clamwin) I discovered that several programs were
no longer working properly. They are Excel, Word, Power Point, and Firefox.
My scan log showed that on the last two scans 21 and 11 viruses had been
detected. I rarely get any viruses on this machine. Less than one a year. I
did a online search and found in a forum that Clamwin has recently had
problems with "false positives". I need to know if these are "false
positives" and if they are how do I return them to their original file name
and location?
Thank you for any assistance you can provide.
J. W. Michels
_PREV_GoogleDesktopCommon.dll.infected

1dee163.msp.infected

7f0ae4.msp.infected

17e5129b.msp.infected

A0094894.EXE.infected

A0094895.EXE.infected

A0094896.EXE.infected

A0094897.EXE.infected

A0095280.dll.infected

A0095281.dll.infected

A0095282.dll.infected

EXCEL.EXE.infected

EXCEL.EXE.infected.000.infected

GoogleDesktopCommon.dll.infected

GoogleDesktopCommon.dll.infected.000

XL12CNV.EXE.infected

XL12CNV.EXE.infected.000.infected

--
This e-mail transmission may contain information that is proprietary,
privileged and/or confidential and is intended exclusively for the person(s)
to whom it is addressed. Any use, copying, retention or disclosure by any
person other than the intended recipient or the intended recipient's
designees is strictly prohibited. If you have received this message in
error, please notify the sender immediately by return e-mail and delete all
copies

J.W. Michels
5752 150th St.
Lubbock, Texas 79424

806 863-3704 - Home
806 224 3947 - Cell


jw.michels [at] gmail - Personal/Professional
jwmichels [at] msn
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32


tmetro+clamwin32 at gmail

May 1, 2009, 3:59 PM

Post #2 of 4 (3345 views)
Permalink
Re: How do I return these files to their original names and folders [In reply to]

J.W. Michels wrote:
> Each of the files in quarantine on my desktop is located on my laptop
> as well (less the ".infected" addition.) So I am pretty certain they are not
> viruses or trojans.

What leads you to that conclusion? They could be existing files that
became infected.

Additionally, if you're running the same AV tools on the laptop, and
they haven't been quarantined there, that's further evidence that
there's something different (like an infection) about the ones on the
desktop.


> I downloaded my version of Clamwin from the Clamwin website.

ClamWin is an independent project that makes use of ClamAV technology
internally. Not to dismiss your questions, but you're better off posting
your question about how to get your files out of quarantine on their forums:

http://forums.clamwin.com/

Their code is responsible for the quarantine action, once the AV engine
says it is infected, so they'll know how to reverse it.

And for your false positive question, you'll probably also reach more
people there who are regularly scanning all the files on a Windows
desktop. (Many users of the official win32 port only use it to scan
email attachments.)

-Tom

--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32


michael.m.minor at gmail

May 1, 2009, 4:17 PM

Post #3 of 4 (3342 views)
Permalink
Re: How do I return these files to their original names and folders [In reply to]

The Excel.exe may very well be a false positive, I had the same problem and
the digital signature was still intact. I submitted it as a false positve
to the signature team, but I don't know if they have gotten to it yet. Are
you using Office XP?

Michael M. Minor


On Fri, May 1, 2009 at 6:59 PM, Tom Metro
<tmetro+clamwin32 [at] gmail<tmetro%2Bclamwin32 [at] gmail>
> wrote:

> J.W. Michels wrote:
> > Each of the files in quarantine on my desktop is located on my laptop
> > as well (less the ".infected" addition.) So I am pretty certain they are
> not
> > viruses or trojans.
>
> What leads you to that conclusion? They could be existing files that
> became infected.
>
> Additionally, if you're running the same AV tools on the laptop, and
> they haven't been quarantined there, that's further evidence that
> there's something different (like an infection) about the ones on the
> desktop.
>
>
> > I downloaded my version of Clamwin from the Clamwin website.
>
> ClamWin is an independent project that makes use of ClamAV technology
> internally. Not to dismiss your questions, but you're better off posting
> your question about how to get your files out of quarantine on their
> forums:
>
> http://forums.clamwin.com/
>
> Their code is responsible for the quarantine action, once the AV engine
> says it is infected, so they'll know how to reverse it.
>
> And for your false positive question, you'll probably also reach more
> people there who are regularly scanning all the files on a Windows
> desktop. (Many users of the official win32 port only use it to scan
> email attachments.)
>
> -Tom
>
> --
> Tom Metro
> Venture Logic, Newton, MA, USA
> "Enterprise solutions through open source."
> Professional Profile: http://tmetro.venturelogic.com/
> _______________________________________________
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
>
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32


jw.michels at gmail

May 1, 2009, 4:43 PM

Post #4 of 4 (3347 views)
Permalink
Re: How do I return these files to their original names and folders [In reply to]

Hi,
Yes I'm using officeXP pro. I tired to replace the files in the hidden
folders but couldn't get them to reveal. All of the "infected" files are
either Excell files are or Microsoft signature Install files. So I'm doing a
restore from a retrospect backup I did several months ago. I'm running a
dual boot Win Mellenium and XP pro and am doing the disc restore from
millenium. I dont know if it is going to work but if not I will simply
reinstall everything. I haven't had to do a re install since 2005 so it is
probably about time to clean it up. This old 2001 Dell has pretty much
completely been rebuilt and I like to keep it running clean and simple.
thanks for the info.
J.W. Michels

On Fri, May 1, 2009 at 6:17 PM, Michael M. Minor
<michael.m.minor [at] gmail>wrote:

> The Excel.exe may very well be a false positive, I had the same problem and
> the digital signature was still intact. I submitted it as a false positve
> to the signature team, but I don't know if they have gotten to it yet. Are
> you using Office XP?
>
> Michael M. Minor
>
> On Fri, May 1, 2009 at 6:59 PM, Tom Metro
> <tmetro+clamwin32 [at] gmail <tmetro%2Bclamwin32 [at] gmail><
> tmetro%2Bclamwin32 [at] gmail <tmetro%252Bclamwin32 [at] gmail>>
> > wrote:
>
> > J.W. Michels wrote:
> > > Each of the files in quarantine on my desktop is located on my laptop
> > > as well (less the ".infected" addition.) So I am pretty certain they
> are
> > not
> > > viruses or trojans.
> >
> > What leads you to that conclusion? They could be existing files that
> > became infected.
> >
> > Additionally, if you're running the same AV tools on the laptop, and
> > they haven't been quarantined there, that's further evidence that
> > there's something different (like an infection) about the ones on the
> > desktop.
> >
> >
> > > I downloaded my version of Clamwin from the Clamwin website.
> >
> > ClamWin is an independent project that makes use of ClamAV technology
> > internally. Not to dismiss your questions, but you're better off posting
> > your question about how to get your files out of quarantine on their
> > forums:
> >
> > http://forums.clamwin.com/
> >
> > Their code is responsible for the quarantine action, once the AV engine
> > says it is infected, so they'll know how to reverse it.
> >
> > And for your false positive question, you'll probably also reach more
> > people there who are regularly scanning all the files on a Windows
> > desktop. (Many users of the official win32 port only use it to scan
> > email attachments.)
> >
> > -Tom
> >
> > --
> > Tom Metro
> > Venture Logic, Newton, MA, USA
> > "Enterprise solutions through open source."
> > Professional Profile: http://tmetro.venturelogic.com/
> > _______________________________________________
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
> >
> _______________________________________________
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
>



--
This e-mail transmission may contain information that is proprietary,
privileged and/or confidential and is intended exclusively for the person(s)
to whom it is addressed. Any use, copying, retention or disclosure by any
person other than the intended recipient or the intended recipient's
designees is strictly prohibited. If you have received this message in
error, please notify the sender immediately by return e-mail and delete all
copies

J.W. Michels
5752 150th St.
Lubbock, Texas 79424

806 863-3704 - Home
806 224 3947 - Cell


jw.michels [at] gmail - Personal/Professional
jwmichels [at] msn
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

ClamAV win32 RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.