ClamWin serious F/P again
ClamWin has developed 2 new F/P's in the latest sig update, one not so serious, and one very serious. If you've still not got ClamWin set to report only, I strongly urge you to do so;
C:\Program Files\NetMeeting\cb32.exe: Trojan.Waledac-389 FOUND
C:\WINDOWS\system32\dllcache\cb32.exe: Trojan.Waledac-389 FOUND
C:\WINDOWS\system32\dllcache\userinit.exe: Trojan.Agent-119464 FOUND
C:\WINDOWS\system32\userinit.exe: Trojan.Agent-119464 FOUN
As before, if you do have ClamWin quarantine these instead of reporting, you can restore them from the quarantine folder (just rename the file to remove ".infected" and put them back where they're supposed to be). If you have ClamWin automatically delete them (NO! NO! NO!), you'll need to restore them from the Service Pack files (you did download the ISO's for the SP's, right?).
These F/P's are occuring in this case, on Windows XP (all versions) and Windows Server 2003 (all versions), ClamWin hasn't shown the same F/P's on my Vista machine yet.
I am running into the same sort of issue, on one machine (so far) malwarebytes shows an actual infection - not much to add
2 comments:
What infection is MBAM showing?
We use CSA (with Clam embedded) and about a dozen machines came up with the problem, and handful of them had a variety of other spyware/malware but nothing consistent other than the userinit.exe: Trojan.Agent. In a few cases replacing userinit worked after disabling system restore, and in other cases uninstalling and reinstalling (with AV disabled) was the only option.
Posted this on your blog as well...
Post a Comment