Blog for hpHosts, and whatever else I feel like writing about ....

Sunday 3 May 2009

ClamWin's gone bonkers again - wextract.exe - Worm.Waledac

I just got back online after being forced to sleep (oh the joys) to find a report waiting for me, from the gateway. It would appear that ClamWin has developed the same F/P that many other AV's seem to have experienced.

In this case, ClamWin detected wextract.exe, the Win32 Cabinet Self Extractor file, as Worm.Waledac-2299 in the following directories;

%SystemRoot%\ServicePackFiles\i386
%SystemRoot%\System32

This file is not critical to Windows, so this F/P unlike the previous one's, won't cripple the system. You can either ignore it if you don't need this file, or restore it either from the Windows CD, or from the ClamWin quarantine.

/edit 04-05-2009

Just an addendum, this has now been mentioned over at the ClamWin forums.

http://forums.clamwin.com/viewtopic.php?t=2302

1 comment:

lordpake said...

It would be more correct to say ClamAV went bonkers :)

ClamWin guys only handle the Windows version, all the defs come from ClamAV. Since ClamAV is not Windows app itself, these things unfortunately happen (I dunno how much they test their defs on Windows before releasing)

-lordpake