If it were me, I'd submit the file(s) to http://www.virustotal.com and see what they have to say.
On Mon, Feb 9, 2009 at 12:45 PM, Oliver Schwabedissen <[email protected]> wrote: > Hello, > > I'm running clamav 0.94.2 on a Gentoo Linux system. Today I scanned my whole > file system which also contains an ntfs partition with Windows XP (mounted > using fuse/ntfs-3g). I rarely boot this Windows partition but since it is > more vulnerable than my Linux system I'm scanning it anyway. > > Today clamav suddenly found several infections with Worm.Pinit-4 on this > partition: > > /windows/C/WINDOWS/$hf_mig$/KB890859/SP2QFE/user32.dll: Worm.Pinit-4 FOUND > /windows/C/WINDOWS/$hf_mig$/KB925902/SP2QFE/user32.dll: Worm.Pinit-4 FOUND > /windows/C/WINDOWS/ServicePackFiles/i386/user32.dll: Worm.Pinit-4 FOUND > /windows/C/WINDOWS/$NtServicePackUninstall$/user32.dll: Worm.Pinit-4 FOUND > /windows/C/WINDOWS/system32/user32.dll: Worm.Pinit-4 FOUND > > Therefore I scanned all of /windows/C/WINDOWS from a WinXP installation > running in a virtual machine under Linux using a current version of AVG Free. > AVG Free didn't find any infection at all. > > I didn't boot this supposedly infected WinXP for at least 2 or 3 month. > > Is it possible that clamav reports a false positive? Or doesn't AVG Free not > yet discover this infection? > > Worm.Pinit-4 was added with daily update 8965 (02/08/09): > Submission-ID: 6467818 > Sender: Paul > Added: Worm.Pinit-4 > Virus name alias: Trojan.Win32.Patched.bb (Kaspersky AVP) > > -- > Ciao, > Oliver > > GPG Public Key available at http://wwwkeys.de.pgp.net > Key fingerprint = 3264 280C 05B1 572F 3F0B 42B8 1E7B 2D9D 063B D507 > Just listening to: Faithless - Bring My Family Back (feat. S. Setlur) (Bravo > Hits 25, 1999) > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
