I downloaded and installed the new update v4.09 on 17th December and my anti-virus program detected a trojan virus and deleted the file. This is worrying as I have used CCleaner for quite some time with no issues before. I tried to find a way to contact Piriform but was unsuccessful so have joined this forum for their attention.
Which site did you download the file from?
Piriforms site
https://www.piriform.com/ccleaner
or FileHippo
http://www.filehippo.com/download_ccleaner/
What anti virus do you use?
ive download ccleaner update and my computer now HAS computer has virus too
WHY?????????????????????????/
im using nod 32 eset is this an actual virus or what??? never had a virus from this software before
I also recently installed the version 4.09.4471, am running AVG IS and found no viruses.
It could be a false positive thrown up by NOD32.
As @hazelnut asks, where did you get CC from?
What file is NOD32 saying is infected?
What is the infection?
I downloaded from Piriform as usual. Antivirus is McAfee VirusScan Enterprise + AntiSpyware Enterprise. The file name msi4142exe detected as RDN/Generic, type Trojan which it deleted. This was found on CCleaner64exe.
What is NOD32?
What is NOD32?
Antivirus program, flagging the Google Tool Bar bundle which you can decline, or wait for the slim build.
I checked three Security sites and here are the results.
It's a false positive!
File Name: ccsetup409.exe Has valid digital signature, signed: Tuesday, December 17, 2013 8:24:11 AM MD5 Hash: 90B4989B832A57D261F0AB51F143E97A SHA-1 Hash: 932E042070F1567ED5A116E98E3C04D7D07E0681
Both Piriform.com and FileHippo.com have matching hashes, i.e.; the downloads are identical.
Another site scan result to add to Kroozer's list with 40 antivirus scanners deeming it as 100% clean:
Antivirus program, flagging the Google Tool Bar bundle which you can decline, or wait for the slim build.
I checked three Security sites and here are the results.
http://r.virscan.org/f40fb16cee93a9a67d140997cab90970 1 out of 37 NOD32(which is ESET)
http://virusscan.jotti.org/en/scanresult/e43f2c739376697004cff67739b3ca88318c56c9/9bb4493f10131db7ddfd540b2d5dfec929f3c125 1 out of 23 ESET
https://www.virustotal.com/en/file/522b29f9cae71206a5cd6e28dd0646ab4f57b5fdcedf498f4d78d71ac74030f9/analysis/ 1 out of 49 ESET
According to kroozer's results, ESET is the one that consistently flags the Google Tool Bar installer as potential malware. I decided to go to the source, Google, and download the installer by itself ( filename: GoogleToolbarInstaller_en32_signed.exe). Here are the results when running this file through the same three security sites:
http://r.virscan.org/report/9e91214349911d3e0b7d33081d141a0d.html 2 out of 37 ClamAV and F-Prot
http://virusscan.jotti.org/en/scanresult/05b8b27ec3e641b9db05cc45ce79beee8758532b/d8c8a77353ca27081765560c2b6d7a7338f77468 1 out of 23 ClamAV
So one version of the Google Toolbar Installer, the one that it is bundled with the CCleaner Installer, is detected only by ESET as malware. But the Google Toolbar Installer, downloaded directly from Google, is ignored by ESET but detected by ClamAV twice and F-Prot once as malware. Anyone care to explain this? It certainly is puzzling to me.
kroozer - I hope you don't mind me editing your post, I just wanted to clarify things for everyone.
Anyone care to explain this?
Only Google can explain that.
@j2k
Just flag it up to ESET as a false positve.
I'm inclined to think that they are two different versions of the Google Toolbar. Or an earlier and later version perhaps. Maybe I'm trying too hard to be logical here, but if they were exactly the same, then ESET either should have flagged both, or ignored both.
According to kroozer's results, ESET is the one that consistently flags the Google Tool Bar installer as potential malware. I decided to go to the source, Google, and download the installer by itself ( filename: GoogleToolbarInstaller_en32_signed.exe).
So one version of the Google Toolbar Installer, the one that it is bundled with the CCleaner Installer, is detected only by ESET as malware. But the Google Toolbar Installer, downloaded directly from Google, is ignored by ESET but detected by ClamAV twice and F-Prot once as malware. Anyone care to explain this? It certainly is puzzling to me.
kroozer - I hope you don't mind me editing your post, I just wanted to clarify things for everyone.
ESET via the scan here states it's clean (it doesn't say NOD or anything, just ESET the vendor company/name). Although the difference between Windows and Linux versions of antivirus scanners can give different results.
As for ClamWin giving false positives on those scanning sites I've personally ignored everything it comes up with on them clean or infected for months now, also the Zillya scanner some use is also very prone to false positives.
Concerned (not really understanding all this, just reporting) I ran a full scan last night with the following results:
msafpe.exe prog data RDN Generic back door!vu Trojan Deleted
msafpe.exe Documents and settings/All users Ditto ditto Ditto
@j2k
Just flag it up to ESET as a false positve.
how do i do that???
ive got the old version the new one keeps getting blocked by eset...
ive downloaded c cleaner all the time from
https://www.piriform.com/ccleaner
or
how do i do that???
can someone report it please.
My bank account has been hacked and someone has tried to collect a large amount of money out of it. Bank says that virus remains and to do another full scan straight away. I logged in to my account and the page looked perfectly normal.
You are strongly advised to go immediately to a Malware Removal forum and get help.
See item 10 in this link for some recommended sites
My bank account has been hacked and someone has tried to collect a large amount of money out of it. Bank says that virus remains and to do another full scan straight away. I logged in to my account and the page looked perfectly normal.
did that happen by downloading c cleaner?? :-(
You are strongly advised to go immediately to a Malware Removal forum and get help.
See item 10 in this link for some recommended sites
when the new update be available eset still flags up as virus......................
I have ESET nod 32 on Win 7 64bit.
I have CCleaner 4.0.9 slim build installed which was downloaded from the builds page
https://www.piriform.com/ccleaner/builds
ESET did not flag the download. I expect it is flagging the FULL version of CCleaner for you because it includes an option to install a toolbar