CCleaner Trojans

Hi ,

I had a problem with my Disk Cleanup sticking , and was told that CCleaner was the appilcation to go for. So last night I installed CCleaner and ran it , seemed to be fine cleaning my registry and other older files.

I came in tonight to see that my AVG anti-virus was running on a pre-set scan, I had a look as I had ran one the day before and to my horror I seen that I had some Trojans.


So far the AVG says I have 4 threats.

ccsetup214.exe/2009.exe in My Documents

ccsetup214.exe in My Documents

And twice in my

System Volume Information/restore .. A0137264.exe/2009.exe

System Volume Information/restore .. A0137264.exe


Sounds really weird imo because what I have experienced CCleaner is 100% free from malware. Don't you think it could be false alarms? Upload the "infected" files at and you will find the answer. Dont forget to make a short contribution here afterwards! :)

It sounds more like antivirus2009 infections that are sometimes really nasty and a bit hard to remove.

I would download MBAM then update it then run a Quick scan and let it remove what it detects and a reboot may be required to remove locked files:

walsh2509, when you downloaded the installer file for CCleaner, did you save it to the "My Documents" folder, ie: the location flagged by AVG? And did you download it from FileHippo?

If so, the first of those entries is almost certainly a FP.

The second...not so certain. Locate that particular file if you can, the "ccsetup214.exe/2009.exe" one. The name is suspicious.Right click it, select properties, then the "version" tab, and report what it is.

It should appear to be similar to the picture. The "File Version" of mine is 2.0.0. The "language" reads "neutral". The "product name" is "CCleaner".

The detection is heuristic, so it is more likely to be a fp than if it was detected using signatures. The detections in "system volume information" are probably the same ones, kept in system restore. Not a problem, for now.

Incidentally, AVG is starting to get itself quite a reputation for its false positives, so far.



Thanks for the info ..

I was talking to some mates and they said it was more than likely that AVG was showing up a False Positive.

Again thanks for the replys.

Worthwhile being sure, though.

What if your mates' guesses are wrong?

Be very careful of AVG. I've used it for years but in the last few months it has deleted - yes, DELETED - no less than 4 programs that were NOT infected with anything. Digging around in Windows Explorer one day I found an Access file that is the whole year's accounting for my husband's business for 2002 in AVG's Virus vault. I'm just lucky it didn't delete that too. I'm afraid to let AVG run. Time to get something else. <_<

As you can see in the message from AVG, this detection was not an exact one but only by heuristics... heuristics are not precise and may yield false positives.


As you can see in the message from AVG, this detection was not an exact one but only by heuristics... heuristics are not precise and may yield false positives.


I have been using CCleaner for a while now,when I updated to 215 last nite I ran a clamwin virus scan on the file and it came up with a trojan and quarantined the file I think its an fp but not sure. any one have any thoughts .

Try uploading the file to Virus Total for a multi-scanner online analysis. Chances are it has already been examined, if not, wait for the scan to complete, and you'll get a list of results from a large number of popular virus scanners.

Other things to check: does the md5 (electronic fingerprint) of the file match that advertised on the download site? If so, high probability of a FP.

(There are various downloadable tools that can give you the md5 of a file. Some AS scanners have it built in to their toolkits.)

Try uploading the file to Virus Total for a multi-scanner online analysis. Chances are it has already been examined, if not, wait for the scan to complete, and you'll get a list of results from a large number of popular virus scanners.

Other things to check: does the md5 (electronic fingerprint) of the file match that advertised on the download site? If so, high probability of a FP.

(There are various downloadable tools that can give you the md5 of a file. Some AS scanners have it built in to their toolkits.)

Thanks for the help. the md5 matches and only 1/38 came up as suspicious on VIRUS TOTAL scan so it looks to be an fp result.