Trojan in version 2.28.1091

CCleaner for Windows
1

I've uploaded the version 2.28.1091 instalation file in virustotal.com website and eSafe report "Win32.TrojanHorse" on it.

Here's the virustotal scan link:

http://www.virustotal.com/en/analisis/16a78d2e40d864f084442a1cddfdf7713ec9346cdfe23688357e5b885157b7c2-1267549933

I've download all the files from FileHippo.

Can someone help me here?

Tanks in advance

2
I've download all the files from FileHippo.

Can someone help me here?

I've never had any problem downloading and installing any Piriform app from FileHippo. Is that the only virus checker you use? ;)

3

As you've probably noticed a 1/40 match isn't exactly an overwhelming result so I think you'll find it's a false positive.

Virustotal uses a detection method called heuristics which I'm sorry to say is frankly overkill and rather unreliable.

Richard S.

4
I've uploaded the version 2.28.1091 instalation file in virustotal.com website and eSafe report "Win32.TrojanHorse" on it.

Here's the virustotal scan link:

http://www.virustotal.com/en/analisis/16a78d2e40d864f084442a1cddfdf7713ec9346cdfe23688357e5b885157b7c2-1267549933

I've download all the files from FileHippo.

Can someone help me here?

Tanks in advance

Nowadays you're almost guaranteed a false positive or several via virustotal and similar sites. Partly due to the advancements to antivirus software and partly due to advancements to every other piece of software you may have scanned. Many programs utilize code and procedures of similar functionality of identified malware.

5

Also why are you downloading not 2.29?

6
Also why are you downloading not 2.29?

Actually all started when I downloaded version 2.29.1111 to upgrade from 2.28.1091.

As I always do I check the file in virustotal and receive a report from "Symantec" named "Suspicious.Insight".

I found that strange because, as far as I could remember, all previous versions of CCleaner reported completely clean from virustotal.

So that's why I decided to check again the 2.28.1091 version.

I am sure that on the first time it came clean, so to my surprise, on the second time it reported the trojan.

I thought the file could became infected on my disk so i decided to download a new one from FileHippo but the report came the same.

I still have the file of the 2.27.1070 version and that one is clean.

Anyway, I've check again the latest 2.29.1111 and now it doesn't report nothing so that's the version I'm using right now.

To Lucky10:

The virus checker I have is AVG Free, but since I've found the virustotal website I use it to check the files too.

I guess that having 42 tests is better than just one.

I know that sometimes we have a false positive but, althought it was 1 out of 40, how can we be sure??

I think that it was the best interest of all if the guys at Piriform clear this with the antivirus maker, because in the end, if it is not a trojan it should not report as a trojan.

Thansk for all of your answers

Best regards

Jo?o Gomes

7

Symantec's Suspicious.Insight means "few people using Norton are using this file". It doesn't mean there's a virus.

8
I know that sometimes we have a false positive but, althought it was 1 out of 40, how can we be sure??

Because it's far more likely the 1 out of 40 is wrong than the other 39 out of 40 are wrong.

9
Because it's far more likely the 1 out of 40 is wrong than the other 39 out of 40 are wrong.

Which is exactly the point of using a service like VT to make certain, now if you had 19/34 maybe that would be different;even then though many Virus checker false spot anything that edits/cleans registry and protected folders. to summarize cCleaner is in no way a virus/Trojan/or any other type of malware

10

I have been using Norton Internet Security now for 2 years. I just purchased and installed version 2010. It has NEVER missed a single virus, worm or any type of malware. I also downloads CCleaner 2.28 before downloading version 2.29, and Norton checks every download with all sorts of advanced features, and it found nothing. I agree with several other replies that you received a "False Positive". I have enough faith in my Norton Anti-Everything protection, which replaces Windows Firewall and Windows Defender with its own Firewall and superior features to Defender that are much more reliable, as they interfere with Norton Internet Security running properly.

I have checked every file on my computer with "Deep Scans", and I have yet to find anything bad. The only viruses it quarantined were attached to emails that I received from pin heads that have nothing better to do than try to destroy other peoples equipment. Both were Trojan Horse viruses.

Sleep tight. I would bet anything that you didn't get a virus in CCleaner 2.28 unless you downloaded it from a questionable Web site, or received it from a friend. Filehippo is the only place to get the program safely in my opinion.

pdelta

11

Installation of ver 2.30 caused McAfee to flash a message that it removed a Trojan (clicked on link in announcement email -- System: Win XP PRO 30bit SP 3 / AMD Athlog 64 X2 Dual 5600+ 3GB RAM

12

If you downloaded it from the official site or from FileHippo, it is not a virus. Maybe you can report the FP to McAfee ?

VirusTotal link : http://www.virustotal.com/fr/analisis/fe6c...75f7-1269901392

13

Crappy antivirus software giving false positives? Who would have thought?

People need to get a clue... Sorry, don't want to be rude... But something about the people reporting these viruses gives me the idea they're the kind of people who think you can still get a virus even if your computer is disconnected from the internet.

Move on already.

14
But something about the people reporting these viruses gives me the idea they're the kind of people who think you can still get a virus even if your computer is disconnected from the internet.

I didn't say it was a "virus", only that McAfee reported a Trojan -- I'm only the messenger ;)

15

Virus, trojan, infection, what ever you want to call it.

1 of 40 antivirus programs reporting a "trojan" is nothing to be alarmed about. The fact that people would even bother scanning ccleaner with virustotal boggles my mind.

But anyway i'm cranky today, so i'll just stop. Carry on with the paranoia. Make sure to check for rootkits and keyloggers!

16

Thank you GraphiteFingers for posting that McAfee was reporting a trojan connected to ccleaner.

If you would be kind enough to report this false positive to them I'm sure they will update their definition files quickly as other av companies do in this sort of situation.

Welcome to the forum :)

17

I upgraded to the latest version of Cleaner today, no problems with the download whatsoever. Later I ran a full system virus check and McAfee detected and quarantined the EXE file for one of the OLDER versions on my drive.

The version was 227.

The file was CCSETUP227.EXE.

The Trojan detected was: Generic.dx!psw

18

McAfee has obviously got a false positive regarding ccleaner in one of it's definition files.

Perhaps you could contact them with this info then they can update their defs to eliminate this false positive.

Welcome to the forum GPS :)

19
But something about the people reporting these viruses gives me the idea they're the kind of people who think you can still get a virus even if your computer is disconnected from the internet.

Yep count me in there ... do you think you can't?

20
Yep count me in there ... do you think you can't?

+1 +1 +1

(Floppy, USB, CD, Coughing :blink:;) )