Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: win32

Re: How do I return these files to their original names and folders

 

 

ClamAV win32 RSS feed   Index | Next | Previous | View Threaded


tmetro+clamwin32 at gmail

May 1, 2009, 1:58 PM

Post #1 of 2 (2105 views)
Permalink
Re: How do I return these files to their original names and folders

J.W. Michels wrote:
> After a recent virus scan (Clamwin) I discovered that several programs were
> no longer working properly.
> I need to know if these are "false positives"

The main ClamAV-users list is a better place to ask that.

http://www.clamav.net/support/ml

You'll want to post more than just the file list. You should dig up the
report indicating what was found in those files, or rescan them.


> ...and if they are how do I return them to their original file name
> and location?
> EXCEL.EXE.infected
> EXCEL.EXE.infected.000.infected

It appears the infected files are being renamed (they may have been
moved and/or permissions altered as well). As far as I know, that isn't
something the official win32 port of ClamAV does, so you are likely
using a third party port of ClamAV and/or some other tool that
incorporates ClamAV. The organization that produced the software ought
to be able to tell you how to reverse the quarantine process.

-Tom

--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32


jw.michels at gmail

May 1, 2009, 2:38 PM

Post #2 of 2 (1945 views)
Permalink
Re: How do I return these files to their original names and folders [In reply to]

Hi,
Thanks for responding.

I've found most of these same files on my laptop. They are located in
:WINDOWS\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\,
and
in: WINDOWS\Installer\7f0ae4.msp,
and in: \System Volume
Information\_restore{5C52C924-5405-4741-90F9-29F5110BD59C}

Installer (as are the others) is a hidden file, I found it and opened it
with "Everything" search on my laptop. Windows search will not locate the
file. Each of the files in quarantine on my desktop is located on my laptop
as well (less the ".infected" addition.) So I am pretty certain they are not
viruses or trojans. I can also find the path and the folder on the laptop
but am unable to get the hidden folders on my desktop to open. Even when I
clik "show hidden folders" the Installer and $patchcache$ folders are not
shown.
I downloaded my version of Clamwin from the Clamwin website. It ran fine
until the April 27 (approx) update.
I run Windows firewall, Sygate personal firewall, spyware blaster, ccleaner,
advanced systems care, AVG free and Clamwin antivirus. I have had this
combination for several years now.
On Fri, May 1, 2009 at 3:58 PM, Tom Metro
<tmetro+clamwin32 [at] gmail<tmetro%2Bclamwin32 [at] gmail>
> wrote:

> J.W. Michels wrote:
> > After a recent virus scan (Clamwin) I discovered that several programs
> were
> > no longer working properly.
> > I need to know if these are "false positives"
>
> The main ClamAV-users list is a better place to ask that.
>
> http://www.clamav.net/support/ml
>
> You'll want to post more than just the file list. You should dig up the
> report indicating what was found in those files, or rescan them.
>
>
> > ...and if they are how do I return them to their original file name
> > and location?
> > EXCEL.EXE.infected
> > EXCEL.EXE.infected.000.infected
>
> It appears the infected files are being renamed (they may have been
> moved and/or permissions altered as well). As far as I know, that isn't
> something the official win32 port of ClamAV does, so you are likely
> using a third party port of ClamAV and/or some other tool that
> incorporates ClamAV. The organization that produced the software ought
> to be able to tell you how to reverse the quarantine process.
>
> -Tom
>
> --
> Tom Metro
> Venture Logic, Newton, MA, USA
> "Enterprise solutions through open source."
> Professional Profile: http://tmetro.venturelogic.com/
> _______________________________________________
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
>



--
This e-mail transmission may contain information that is proprietary,
privileged and/or confidential and is intended exclusively for the person(s)
to whom it is addressed. Any use, copying, retention or disclosure by any
person other than the intended recipient or the intended recipient's
designees is strictly prohibited. If you have received this message in
error, please notify the sender immediately by return e-mail and delete all
copies

J.W. Michels
5752 150th St.
Lubbock, Texas 79424

806 863-3704 - Home
806 224 3947 - Cell


jw.michels [at] gmail - Personal/Professional
jwmichels [at] msn
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

ClamAV win32 RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.