Hello,
A scan of a PC I was given to disinfect reports the following when using
clamav 0.102.1 portable in Windows:
[code]
PS C:\Users\UserName\Desktop\clamav-0.102.1-win-x64-portable>
.\clamscan.exe --remove C:\Windows\System32\msiexec.exe
C:\Windows\System32\msiexec.exe: Win.Virus.Expiro-7396684-0 FOUND
ERROR: Can't remove file 'C:\Windows\System32\msiexec.exe'.
----------- SCAN SUMMARY -----------
Known viruses: 6587211
Engine version: 0.102.1
Scanned directories: 0
Scanned files: 1
Infected files: 1
Not removed: 1
Data scanned: 0.06 MB
Data read: 0.06 MB (ratio 1.00:1)
Time: 9.615 sec (0 m 9 s)
[/code]
Seeing as Windows reported "can't remove", I figured the file was in memory
or some such thing and that running the scan with the drive mounted using a
live Linux disc would certainly work. However, Linux reports that there is
no virus in the file:
[code]
root@ubuntu:/media# clamscan sda4/Windows/System32/msiexec.exe
sda4/Windows/System32/msiexec.exe: OK
----------- SCAN SUMMARY -----------
Known viruses: 6616229
Engine version: 0.102.1
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.06 MB
Data read: 0.06 MB (ratio 1.00:1)
Time: 7.705 sec (0 m 7 s)
[/code]
Looking at that file in Windows and mounted in Linux, they are the same
size and hash to the same value. How can this be?
Thanks for any help you can provide!
A scan of a PC I was given to disinfect reports the following when using
clamav 0.102.1 portable in Windows:
[code]
PS C:\Users\UserName\Desktop\clamav-0.102.1-win-x64-portable>
.\clamscan.exe --remove C:\Windows\System32\msiexec.exe
C:\Windows\System32\msiexec.exe: Win.Virus.Expiro-7396684-0 FOUND
ERROR: Can't remove file 'C:\Windows\System32\msiexec.exe'.
----------- SCAN SUMMARY -----------
Known viruses: 6587211
Engine version: 0.102.1
Scanned directories: 0
Scanned files: 1
Infected files: 1
Not removed: 1
Data scanned: 0.06 MB
Data read: 0.06 MB (ratio 1.00:1)
Time: 9.615 sec (0 m 9 s)
[/code]
Seeing as Windows reported "can't remove", I figured the file was in memory
or some such thing and that running the scan with the drive mounted using a
live Linux disc would certainly work. However, Linux reports that there is
no virus in the file:
[code]
root@ubuntu:/media# clamscan sda4/Windows/System32/msiexec.exe
sda4/Windows/System32/msiexec.exe: OK
----------- SCAN SUMMARY -----------
Known viruses: 6616229
Engine version: 0.102.1
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.06 MB
Data read: 0.06 MB (ratio 1.00:1)
Time: 7.705 sec (0 m 7 s)
[/code]
Looking at that file in Windows and mounted in Linux, they are the same
size and hash to the same value. How can this be?
Thanks for any help you can provide!