January 23, 2017

ClamWin Free Antivirus: Bad False Positive

ClamWin virus signatures and scanner updates caused the free ClamWin (ClamAV for Windows) virus scanner a false positive and move large numbers of files into quarantine on Windows systems. On the ClamWin forum, various users reported that 25,000 files, including system files, were moved into quarantine.

The issue has reportedly been fixed, but some users are struggling to restore their systems. The quarantined files have been listed in the ClamScanLog.txt file at log folder and this file could be used to restore the system.

How to recover quarantined files if you have the logs?

1. Check if you have the log file with quarantine info in it.
The log files are located:

Win7 and Vista: C:\Users\All Users\.clamwin\log\ClamScanLog.txt
XP: C:\Documents and Settings\All Users\.clamwin\log\ClamScanLog.txt

If there is no quarantine info on the logs there is still a chance it would be in your TEMP folder. It should start with tmp and look like this:

XP: C:\Documents and Settings\user\Local Settings\Temp\tmp0bx8st
Win7 and Vista: C:\Users\user\AppData\Local\Temp\tmp0bx8st

If you can’t locate these logs, then unfortunately the only way to restore is to copy the files manually.
2. Download and unzip http://files.clamwin.com/QRestore1.0.zip Works on Windows XP and above. DISCLAIMER – There is no warranty for this software. USE AT YOUR OWN RISK
3. Run the QRestore.exe and click File-Open and navigate to the log file
4. The program will process the log and show the quarantined files.
5. You may highlight files you wish to restore and click File-Restore Selected. If you wish to restore all files then click File-Restore All.
6. When the restore process is complete the program will open the report.

ClamWin, the Free Antivirus program for Microsoft Windows operating system. ClamWin Free Antivirus is used by more than 600,000 users worldwide on a daily basis. It comes with an easy installer and open source code.