Malware detected in latest 4. version; so says AVG- true/false?

On my PC with Windows 7, I updated to the lastest version of cCleaner 4. ....

AVG 2014 internet security popped up saying malware was in the latest update of CCleaner.

It offered this as the problem: MalSign.SearchProtect.IDD

The last 3 letters may be 1DD instead of IDD; I'm not sure.

False positive??

What is the function of MalSign.SearchProtect.IDD ?

Probably another false positive, you can check against it using malware scanning sites like VirusTotal, Jotti, and MetaScan Online.

What does it say if you try the Slim installer, available at:

I too run AVG IS 2014 and installed the latest CC about 5 days ago and had no issue.

Where did you get the download from?


I ran those scans suggested by Andavari on the latest CCleaner installer.

AVG is used by those scanners, and they still did not detect malware.

Avast! on this computer did not detect malware.

Only ESET on Virustotal detected malware, nevertheless Virustotal says the file is "probably safe".

There are lots of phoney CCleaner downloads.

You should make sure you didn't get one of them by mistake.

The two safe places to download CCleaner are Piriform and Filehippo. and

Hi, the cCleaner update came directly from piriform.

When I opened cCleaner if stated there was a newer version and asked if I wanted to download it. So, I clicked it. It wasn't the slim version, as I had to decline the toolbar stuff. Just this morning I read up on the slim version, as I previously had no idea what slim meant.

Slim for me in the future! :)

OK, good, the installer apparently isn't a phoney one.

Probably AVG is reacting to the bundled Google Toolbar offer.

The slim version is fully capable, and should serve you well.

I don't know why, though, that mta's AVG did not react while yours did.

Wonder what happens if you just download the installer directly from Piriform or Filehippo?


If you had to decline the toolbar offer, you must have installed the file, right?

How did you manage to download it if AVG triggered an malware warning?

Doesn't actually matter, just my curiosity, glad you got the issue fixed.

Be CAREFUL when using the free software download links!

(I tried to email Piriform directly, but could not find a direct contact form or email.)

When you download CCleaner, the file should be named ccsetup414.exe (for today's version, 5/31/14).

But - Piriform's Free Download link sends us to third party download sites, and many of these third parties use a "download tool" that is not safe if you don't want other software installed on your computer.

This download tool file is often named something simple like "setup.exe"

It is usually misrepresented - it sounds like you need it, but you don't need it at all.

The download tool page usually does give you the option of using it or using a clean download link - BUT it makes the link with the download tool look almost identical to the clean download. You have to really be careful - read all the greyed out and small text. If you accidentally begin downloading the download tool, it usually does not remove what has already been downloaded. I have had to remove malware after only one mis-click - I just couldn't stop it.

If you accidentally continue with the download tool, you must read the text VERY carefully - they often word the links so they are confusing, and aim you toward installing their extra software.

Example - Alongside a "Continue" button, they show a grayed out "Decline" button - it appears inactive, but it is not - you can click to decline the extra software. If you click "Continue" the extra software will be installed.

Example - Alongside a "Continue" button, they show a link named "Cancel". It give you the impression if you click it, you will cancel the download you want. But in reality, it simply cancels the download of the extra software they are offering in the benign looking text above. If you click "Continue" the extra software will be installed.

The download tools promote the software they are trying to add on as "Safe" but I have had hijackers, for example that take over my browser setting without ever detailing or asking permission. It certainly is not "safe" by my definition.

It is my current Internet pet peeve - I used to use and recommend, for example because they promoted that all their downloads were scanned for OUR safety. BUT now they always use a download tool that is deceptive and tricky, and I had to uniinstall hijacking and malware software several times before I realized that it was actually THEM - actually - that was promoting it, not some third party dirty dog. I have posted the information on the CNet forum, and every time it has been deleted within a few hours, with no reply. Someone must be making money here... but I sure don't know how or who.

I would love to have all legitimate software companies like Piriform be much more selective of where they point us to download their free software, and not use those locations that use the deceptive, dangerous and very frustrating download tools.

Be CAREFUL when using the free software download links!

Always good advice.

But, fwiw, before that last post I did these things:

1. Used CCleaner free to download the latest Update,

2. Used CCleaner Pro to download the latest update,

3. Used the Piriform site to download the latest update,

4. Used the Filehippo site to download the latest update.

All the downloaded files were identical.

So it seems that the "official" download mechanisms are OK.

Also the Filehippo and Piriform sites.

I would love to have all legitimate software companies like Piriform be much more selective of where they point us to download their free software, and not use those locations that use the deceptive, dangerous and very frustrating download tools.

One can not control where your download links are located on the internet. So this is more of an PICNIC if the user download their software from known or suspected dodgy websites.

Off topic:

Fining it really sad how many people get get phrase "Over and Out" wrong :( .

Stating Over and Out with tag "...for now.." really not the correct radio (2way) ethic. You are either "Over" meaning you letting someone else talk coming back later or waiting for responce or "Out" meaning you and the conversation is done.


just in case your reading of what slim meant didn't highlight the fact, but the slim and portable builds come out a little later then any new release.

I think the period is a week.


Only the slim (unless that changed recently without my noticing)

Just the Slim build. I know because I only use the Portable build.