Hi,
I'm new to the forum. However, I have been having almost exactly the same issues with Webroot & Ccleaner. I have Ccleaner set to 1 pass, secure deletion, and every once in a while, when running Ccleaner, "Webroot Internet Security Essentials" pops up and warns of a "Koobface" Trojan. I have run several "full" scans of my machine and dozens of "Quick" scans. None have detected a virus. I submitted a ticket to Webroot. So far I have received the usual broad sweeping answers. I will continue to follow up with Webroot.
I have created a folder for copies of my Firefox Cashe files, then copied the Cashe to that folder, the run Webroot on the folder and find no problems, then run Ccleaner and about 1 in 10 times, up pops a koobface warning. I run a folder scan on the files I copied and still no problems are found.
This problem is really a challenge because it can go a couple of days without showing up. I don't know if Ccleaner is writing files (during the overwrite process) that Webroot is picking up, or if Webroot is looking at odd behavior, or if it's in the Webroot definitions. I assume Ccleaner uses totally random data to overwrite the files, which makes the problem even more confusing. I wish that Ccleaner included a setting to make it write all zeros. That would eliminate the random data issue. When Ccleaner is run it overwrites a lot of files; the recycle bin, the explorer files, etc. Each time Webroot warns of a koobface alert, it always comes from the Firefox Cache. However, keep in mind I don't use Internet explorer hardly at all.
Here's some facts:
Machine: HPdv1000
Op Sys: Win XP SP3 (system updates are current within a few days)
Webroot: 6.1.0.145 (engine version: 3.4.1 - Latest data Update 2/27/2010)
Ccleaner: v2.27.1070
First detected: Feb 17, 2010
Today, my other machine, a Sony Desktop, pops up with the same Webroot alert while running Ccleaner. I hardly ever even use that machine to go to the internet. It also contains the same version of Webroot, and It's virus database is up to date. The only difference is the version of Ccleaner is v2.26.1070
Here are my possible conclusions:
1: Webroot is falsely detecting behavior or,
2: Ccleaner has got a problem or,
3: This is one very scary Trojan, because it alludes multiple scans!!!
That's all I know for now, any comments are welcome.