stanmarsh14

Right, just downloaded v2.08, using the alt location NOT the File Hippo link. Just sent the file to Virus Total, and these are the results.... File ccsetup208.exe received on 05.31.2008 11:24:51 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 1/30 (3.34%) Loading server information... Your file is queued in position: ___. Estimated start time is between ___ and ___ . Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2008.5.30.1 2008.05.30 - AntiVir 7.8.0.25 2008.05.30 - Authentium 5.1.0.4 2008.05.31 - Avast 4.8.1195.0 2008.05.31 - AVG 7.5.0.516 2008.05.30 - BitDefender 7.2 2008.05.31 - CAT-QuickHeal 9.50 2008.05.30 - ClamAV 0.92.1 2008.05.31 - DrWeb 4.44.0.09170 2008.05.31 - eSafe 7.0.15.0 2008.05.29 - eTrust-Vet 31.4.5837 2008.05.30 - Ewido 4.0 2008.05.31 - F-Prot 4.4.4.56 2008.05.31 - F-Secure 6.70.13260.0 2008.05.31 - Fortinet 3.14.0.0 2008.05.30 - GData 2.0.7306.1023 2008.05.31 - Ikarus T3.1.1.26.0 2008.05.31 - Kaspersky 7.0.0.125 2008.05.31 - McAfee 5307 2008.05.30 - Microsoft None 2008.05.31 - NOD32v2 3148 2008.05.30 - Norman 5.80.02 2008.05.30 - Panda 9.0.0.4 2008.05.31 Suspicious file Prevx1 V2 2008.05.31 - Rising 20.46.50.00 2008.05.31 - Sophos 4.29.0 2008.05.31 - Sunbelt 3.0.1139.1 2008.05.29 - Symantec 10 2008.05.31 - VirusBuster 4.3.26:9 2008.05.30 - Webwasher-Gateway 6.6.2 2008.05.30 - Additional information File size: 2914296 bytes MD5...: 615b5b05eb90ddb4a071ddfb3514a9e1 SHA1..: 788b87df7efcf14d26de5a4abc793fd547c173e2 SHA256: 3ce60972e4ede061b3306aebc435fd4ae7d0179fbfc02e2827b32c2b200b0518 SHA512: 7ab255d955e17cb9d351540edd8cb6d1e7cf685c64b0cadeb9dac3ec6815f774 e69e759d15a2e478db172552f55b088ba6611dfb746e6ea72367aebc8b28ced0 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x403225 timedatestamp.....: 0x47eebf2f (Sat Mar 29 22:14:07 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x5934 0x5a00 6.46 663546ac41801daf2dc51f560ec05a56 .rdata 0x7000 0x1190 0x1200 5.18 db16645055619c0cc73276ff5c3adb75 .data 0x9000 0x1af98 0x400 4.70 f0511f18783910813a0de0de02bc1206 .ndata 0x24000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rsrc 0x2f000 0x8668 0x8800 4.83 2f872074846dfae7e1a9228f0ebe6c70 ( 8 imports ) > KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA > USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow > GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject > SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation > ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA > COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create > ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance > VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA ( 0 exports ) packers (Kaspersky): WiseSFXDropper, WiseSFXDropper, WiseSFXDropper As you can see, I have received only ONE HIT, and that is from Panda, which is most likely a FALSE-POSITIVE. If this file was infected with something, I would expect to see a lot more hits than this (I would normaly concider that anything which results in hit's totalling more than 33% to be enough to warrant further checking / not installing the app).

OK, first I need to apologise in that the version concerned was v2.07, and NOT the current v2.08 what I have just spotted. Most of the machines I have serviced are using Norton IS / Symantec Corp AV, though there are two that are running a different a/v (Steganos and Zone Alarm Security Suite), all the machines are reporting issues with v2.07 CCleaner resulting from the file hippo link. Yes, mistakes can and do happen in this world, and yes the origonal poster was getting a bit out of control, but on the flipside the OP was basicaly getting an unhelpful responce from staff / trusted members here, saying basicaly "nothing to do with us, our product is clean" without any apparent double checking till later in this thread. I think what has happened is that folks have gotten confused with what versions of CCleaner was affected here. From what I can see, it is v2.07 from File Hippo and NOT the current v2.08, though I have yet to check this myself, though I am sure it will be fine, and it was just one of those mistakes that can and do happen in computer programming (Big clue here is to read the DISCLAIMER of ANY software you choose to install). EG: "This software is provided 'as-is', without any express or implied warranties whatsoever. In no event will the authors, partners or contributors be held liable for any damages, claims or other liabilities direct or indirect, arising from the use of this software." Removal of the issues with Zlob appear to be easy if you use Spybot S&D (http://www.safer-networking.org/en/index.html), or if you are more of a comp techie like myself you could follow the information here: (Warning, this info is for advanced users ONLY!) Bottom line is..... if after all of this, will I stop using CCleaner?...... NO. Piriform have a fantastic product, and better yet ITS FREEWARE unlike Norton Utilities (Which is the nerist product that comes to mind that comes close to what CCleaner can do). People have to relise in that ANYTHING they download always carries some risk, and most will check the item downloaded with a good anti-virus BEFORE installing (If need be, you can check any files by checking out http://www.virustotal.com/ which uses 30 a/v scanners, free of charge). (If Piriform are reading this, seriously guys, for a product like this, you need to start charging for it, even if it's just like say $10 US).

Sorry to say this, but I am with this poster here. Recently serviced 6 machines using the aforementioned version of CCleaner from the File Hippo link this past two weeks and have had to revisit every one of these machines after their respective a/v's reported problems with the zlob trojan. Now fortunately I have been able to remove the issues with Spybot S&D, and resorted to using an earlier version of CCleaner I had on a memory stick. Suggest users take a look at the following if they get hit with zlob (Warning, the following link assumes you have good working computer know-how. If you do not feel comfortable, I suggest you use Spybot S&D, and follow it's instructions when scanning):