I am running CCleaner v.2.01.507 in a Terminal Server enviroment. It runs evertime a user logs into the TS.
My eTrust ITM downloaded signatures at 7:45am... At 7:51am, when the next user logged in, the realtime scanner popped the following warnings:
The Win32/FakeAv.CX was detected in C:\PROGRAM FILES\CCleaner\UNINST.EXE. Machine: xxxxx, User: xxxxxx . Status: Infected
and
The Win32/FakeAv.CX was detected in C:\PROGRAM FILES\CCleaner\UNINST.EXE. Machine: xxxxx, User: xxxxxx. Status: File was cured; system cure performed.
Do you all think this is a false positive situation? During my googleing of this, i found some mention of false positives on the file a year or so ago.
It thinks that the install file for the newest version is a virus also
Here is the message:
[time 8/20/2008 9:12:11 AM: ID 14: machine xxxxx: response 8/20/2008 9:12:57 AM] The Win32/FakeAv.CX was detected in C:\...\CCSETUP210[1].EXE. Machine: xxxxx, User: xxxxx. Status: File is cured and the machine needs to reboot to complete cure.
I have used CCleaner for a long time, and know for a fact that is far from a virus or trojan. I can only assume that CA has failed me again with a false positive!
I'm getting the same mesage from CA eTrust antivirus. I've tried downloading previous versions of CCleaner, but whenever the setup file is downloaded CA eTrust antivirus deletes it...
Also, on a related note, while I was poking around the Piriform site I noticed that they now have a defragmenting program. I thought I would try it, but when I downloaded the installer, I got the same FakeAV message! So it's not just CCleaner.
Also, on a related note, while I was poking around the Piriform site I noticed that they now have a defragmenting program. I thought I would try it, but when I downloaded the installer, I got the same FakeAV message! So it's not just CCleaner.
right! Same thing with daemon4300-LITE.exe (Daemon-Tools). I've updated the thread at CA forum.
Files can be verified using two free online single file virus scanning services that use multiple virus scanners, there's nothing to install as you only upload the files to them:
It thinks that the install file for the newest version is a virus also
Here is the message:
[time 8/20/2008 9:12:11 AM: ID 14: machine xxxxx: response 8/20/2008 9:12:57 AM] The Win32/FakeAv.CX was detected in C:\...\CCSETUP210[1].EXE. Machine: xxxxx, User: xxxxx. Status: File is cured and the machine needs to reboot to complete cure.
I have used CCleaner for a long time, and know for a fact that is far from a virus or trojan. I can only assume that CA has failed me again with a false positive!
I got the same thing too, it deleted the install and uninstall files on my system tonight.
I'm glad that I'm not the only one! I had to lower my firewall briefly and thought I picked up a virus! LOL
Given the fact that so many are having the same problem with the same file after a recent anti virus update, it's obvious that it's a false positive due to the updated signature from CA Antivirus. It isn't the first time they've messed up. At least this time they aren't flagging valid Window System files like they did a month ago!
I'm glad that I'm not the only one! I had to lower my firewall briefly and thought I picked up a virus! LOL
Given the fact that so many are having the same problem with the same file after a recent anti virus update, it's obvious that it's a false positive due to the updated signature from CA Antivirus. It isn't the first time they've messed up. At least this time they aren't flagging valid Window System files like they did a month ago!
Situation resolved with fix from CA. Ca users must update.
davey
Yes, I think we're in the clear now. Today I downloaded the install program for Defraggler and did NOT get the virus alert. Whew! I had some worried moments yesterday when these alerts were popping up all over.
I'm new to this Forum and registered because of the Trojan detection by my CA security suite. I rarely download software, and hardly ever 'free' software, but I did download CCleaner because of Kim Komando endorsements and other reviews I have read. I was very distressed by the Trojan detection notice/cleanup. While I am now somewhat relieved to learn this was a false positive situation, I'm even more relieved that my CA security software errs on the side of caution.
Everyone has their own likes and dislikes; I'd rather have a security product that makes a mistake to protect me, rather than one which fails to do so.
I'd rather have a security product that makes a mistake to protect me, rather than one which fails to do so.
Welcome to the forums!
I personally would rather never have a false positive from anti-malware software. If they're falsely detecting program files those are surely easy to reinstall, however; if and when they start falsely targeting Windows OS files themselves that's where a serious problem could arise.
Back when I used eTrust Antivirus (and I used it for years) I did like it allot until they started bloating it with the control center, bugs, etc., then the appeal was completely lost.