Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ClamAV scan - false positive?


  • Please log in to reply
3 replies to this topic

#1 J@ck

J@ck

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 24 September 2016 - 05:08 AM

My friend has a Toshiba NB-500 netbook:

CPU: x86_64 Intel(R) Atom(TM) CPU N455   @ 1.66GHz
RAM: 1GB 
HDD: 5400rpm - 320 GB
OS: Windows 10 (upgraded from pre-installed windows 7 starter)

The problem is the slowness: the system is really not usable.

 

So after cleaning auto run boot applications, and services from msconfig, I've tried to scan it with various adware scanners (RKill, TDSSkiller, adwcleaner, malware bytes am, and so on...) nothing found.

I've also performed a scan with the installed antivirus, Avast: nothing found. Then I removed it and activate the default MS Win Defender, launched a scan, but nothing found that time too.

Finally, I scanned it with ClamAV working form a USB booted Linux live system and obtained the following results:

/mnt/sda2/Program Files/Adobe/Reader 9.0/Reader/reader_sl.exe: Win.Trojan.Decay-453 FOUND
/mnt/sda2/Program Files/Mobile Partner/AutoRun/AutoRunSetup.exe: Win.Trojan.Katusha-600 FOUND
/mnt/sda2/Program Files/Mobile Partner/SkinMagicU.dll: Win.Trojan.Ramnit-7199 FOUND
/mnt/sda2/ProgramData/DatacardService/DCService.exe: Win.Trojan.Katusha-600 FOUND
 
----------- SCAN SUMMARY -----------
Known viruses: 4824952
Engine version: 0.99.2
Scanned directories: 26173
Scanned files: 147551
Infected files: 4
Total errors: 8
Data scanned: 22485.68 MB
Data read: 27043.46 MB (ratio 0.83:1)
Time: 14972.820 sec (249 m 32 s)

I doubt that they are false positives. How can I verify it?

May be by md5sum? could you suggest some procedure?

 

Thanks a lot in advance!   :)



BC AdBot (Login to Remove)

 


#2 Al1000

Al1000

  • Global Moderator
  • 7,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:43 AM

Posted 24 September 2016 - 07:27 AM

Hi,

ClamAV was originally designed to scan emails rather than operating systems, and is notorious for reporting false positives. In my experience, if it's only ClamAV that reports a file as malware, chances are it's a false positive.

For peace of mind, so long as each file is no larger than 128MB, you could upload them to Virus Total.

https://www.virustotal.com/

Edited by Al1000, 25 September 2016 - 11:46 AM.


#3 J@ck

J@ck
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 25 September 2016 - 01:41 PM

I tried it yesterday. Those entries seems to be false positives, not infected files. Now, I can't tell why it appears so slow.

I'd try to come back form current windows 10 to a fresh install of windows 7 starter... But I'm not sure if it can really improve netbook "reactivity".



#4 Al1000

Al1000

  • Global Moderator
  • 7,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:43 AM

Posted 26 September 2016 - 07:48 AM

Now, I can't tell why it appears so slow.


I think it may be down to the hardware, although that would be off-topic to discuss here.

I suggest starting a thread in the Internal Hardware forum if you want advice/opinions on this.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users