ClamWin False Alarm ?

[Guest]

ClamWin says there is a trojan in:

windows\notepad.exe
and
windows\system32\notepad.exe

I think this is a false alarm! McAfee does not find it.

If someone out there has ClamWin (on Windows xp) could you scan those two
files and post back. I feeling nervous!

Thanks,
?:-(
Tim

 

[Bill Sanderson MVP]

Have you tried analyzing these two files at virusscan.jotti.org?

There is at least one rather ancient virus which infects notepad.exe. I
know this well, because I was once infected with it for about 5 minutes,
while running Windows Me, on dialup.

 

[Guest]

Bill,

After posting last night I uploaded the file to VirusTotal and all the
scanners found it clean except ClamAV. I posted a suspected FP at their site.
This morning after reading your posted I uploaded the file again to
VirusTotal and your recommened virusscan.jotti.org. Both found it clean
including the ClamAv portion of the scan. I am assuming they have updated
their defs since l posted. The Clam site does not yet show an update
available but the program is in fact updating as I write. When the update is
done I will retest.

I guess this is a good reason to test new defs as they come out. The
problem is ClamWin updates about everyday. A full scan takes a long time and
they don't have a quick scan option, just individual files or directories.

Sometimes you're Chicken Little and sometimes you're the Canary in the Mine,
I guess.

Pausing to let update finish and retest the files in question <---

Test is complete, NO Virus found in either file.
I guess this was my first report of a genuine FP to a company and they
responded very quickly I must say.

Peace Out,
?
Tim
Only the Paranoid Survive

 

[Bill Sanderson MVP]

Excellent. Most antimalware vendors are pretty good about responding to
false positives, I think.

Indeed--testing antivirus definitions may well be a good idea. Such
definitions may well result in critical software being disabled, depending
on settings and user responses.


--