Hello, I'm running clamav 0.94.2 on a Gentoo Linux system. Today I scanned my whole file system which also contains an ntfs partition with Windows XP (mounted using fuse/ntfs-3g). I rarely boot this Windows partition but since it is more vulnerable than my Linux system I'm scanning it anyway.
Today clamav suddenly found several infections with Worm.Pinit-4 on this
partition:
/windows/C/WINDOWS/$hf_mig$/KB890859/SP2QFE/user32.dll: Worm.Pinit-4 FOUND
/windows/C/WINDOWS/$hf_mig$/KB925902/SP2QFE/user32.dll: Worm.Pinit-4 FOUND
/windows/C/WINDOWS/ServicePackFiles/i386/user32.dll: Worm.Pinit-4 FOUND
/windows/C/WINDOWS/$NtServicePackUninstall$/user32.dll: Worm.Pinit-4 FOUND
/windows/C/WINDOWS/system32/user32.dll: Worm.Pinit-4 FOUND
Therefore I scanned all of /windows/C/WINDOWS from a WinXP installation
running in a virtual machine under Linux using a current version of AVG Free.
AVG Free didn't find any infection at all.
I didn't boot this supposedly infected WinXP for at least 2 or 3 month.
Is it possible that clamav reports a false positive? Or doesn't AVG Free not
yet discover this infection?
Worm.Pinit-4 was added with daily update 8965 (02/08/09):
Submission-ID: 6467818
Sender: Paul
Added: Worm.Pinit-4
Virus name alias: Trojan.Win32.Patched.bb (Kaspersky AVP)
--
Ciao,
Oliver
GPG Public Key available at http://wwwkeys.de.pgp.net
Key fingerprint = 3264 280C 05B1 572F 3F0B 42B8 1E7B 2D9D 063B D507
Just listening to: Faithless - Bring My Family Back (feat. S. Setlur) (Bravo
Hits 25, 1999)
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
