ClamWin has developed 2 new F/P’s in the latest sig update, one not so serious, and one very serious. If you’ve still not got ClamWin set to report only, I strongly urge you to do so;
C:\Program Files\NetMeeting\cb32.exe: Trojan.Waledac-389 FOUND
C:\WINDOWS\system32\dllcache\cb32.exe: Trojan.Waledac-389 FOUND
C:\WINDOWS\system32\dllcache\userinit.exe: Trojan.Agent-119464 FOUND
C:\WINDOWS\system32\userinit.exe: Trojan.Agent-119464 FOUN
As before, if you do have ClamWin quarantine these instead of reporting, you can restore them from the quarantine folder (just rename the file to remove “.infected” and put them back where they’re supposed to be). If you have ClamWin automatically delete them (NO! NO! NO!), you’ll need to restore them from the Service Pack files (you did download the ISO’s for the SP’s, right?).
These F/P’s are occuring in this case, on Windows XP (all versions) and Windows Server 2003 (all versions), ClamWin hasn’t shown the same F/P’s on my Vista machine yet.
I am running into the same sort of issue, on one machine (so far) malwarebytes shows an actual infection – not much to add