[clamav-users] Fwd: Re: Clamav File - Virus detected by Microsoft Defender

Alejandro Hernández alejandrolibre at disroot.org
Sun Nov 29 14:15:58 UTC 2020 

> Has the computer ever suffered from malware?
Yes. ;P



https://mastodont.cat/@alejandroindependiente

29 de noviembre de 2020 1:22, "G.W. Haywood via clamav-users" <clamav-users at lists.clamav.net>
escribió:

> Hi there,
> 
> On Sat, 28 Nov 2020, Alejandro Hernández via clamav-users wrote:
> 
>> The 'clamav tmp file' detected by M-Defender was:
>> file:
>> C:\Users\Alejandro\AppData\Local\Temp\ClamWinPortableTemp\clamav-04c260ec0d7bc2675378f5ead51c44d0.00
>> 01648.clamtmp
>> 
>> Detected: Trojan:Win32/Wacatac.C!ml
> 
> Now I think I understand.
> 
> It appears that you ran ClamWinPortable, which produced some temporary
> files and left them lying around in the filesystem. ClamAV does use
> the filesystem for temporary storage, so that isn't very surprising.
> 
> Windows Defender then found something in one of these temporary files.
> 
> It's possible that this is a 'false positive'. False positives are
> not uncommon. Or it might be that ClamWin really did find something
> nasty, and left some evidence in its temporary directory. I know very
> little about how ClamWin behaves.
> 
> But one of the tricks that malware authors get up to is disguising the
> files that they create in your filesystem as something else. So if it
> seems likely that the temporary file really was created by ClamWin (it
> should for example have a timestamp at a time when ClamWin was running)
> and wasn't created by malware (which I think is unlikely but possible)
> then the simplest thing to do would be to delete it. If you are going
> to remove ClamWin 0.99.4 and install 0.103 the you can probably delete
> everything relating to ClamWinPortable anyway. You might want first
> to upload the file to VirusTotal or Jotti's virus scan to see if the
> dozen or more other virus scanners they use think it's a problem.
> 
> https://virustotal.com
> https://virusscan.jotti.org
> 
> Has the computer ever suffered from malware?
> 
> --
> 
> 73,
> Ged.
> 
> _______________________________________________
> 
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list