Help! My ZoneAlarm Pro just completed a scan and reported a trojan in CCleaner.exe . The name listed in my ZoneAlarmPro associated with the trojan is "Win32.Backdoor.Delf.cir". I quarantines it, which removed CCleaner.exe and my desktop icon for CCleaner. Has anyone else had a problem? I haven't looked at the Zone Alarm forums to see if there's information about it there.
David
Help! My ZoneAlarm Pro just completed a scan and reported a trojan in CCleaner.exe . The name listed in my ZoneAlarmPro associated with the trojan is "Win32.Backdoor.Delf.cir". I quarantines it, which removed CCleaner.exe and my desktop icon for CCleaner. Has anyone else had a problem? I haven't looked at the Zone Alarm forums to see if there's information about it there.
David
It's 99.99% chance that you've just witnessed a "false positive". Make sure you download the CCleaner program from a known good site like Major Geeks and reinstall it. If ZoneAlarm sees it as a trojan again then you need to tell the program that it is safe and to ignore it in the future scans.
http://www.majorgeeks.com/CCleaner_Slim_No...lish_d4191.html
http://www.viclovan.com/ccleaner2settings.htm
Good Luck!
Vic
VicLovan.com
Help! My ZoneAlarm Pro just completed a scan and reported a trojan in CCleaner.exe . The name listed in my ZoneAlarmPro associated with the trojan is "Win32.Backdoor.Delf.cir". I quarantines it, which removed CCleaner.exe and my desktop icon for CCleaner. Has anyone else had a problem? I haven't looked at the Zone Alarm forums to see if there's information about it there.
David
Hello David,
Thank you for your report.
It is like unclebic said in his reply.Follow his suggestion.
Also to get this resolved with Zone Alarm please provide this info.
When did you last update ZoneAlarmPro?
When did you last install CCleaner?
What version?
Downloaded from where?
OS and version ?
Security software and ver?
Other data you think might be relevant?
Welcome to the forum!!!
Thanks,
davey
Help! My ZoneAlarm Pro just completed a scan and reported a trojan in CCleaner.exe . The name listed in my ZoneAlarmPro associated with the trojan is "Win32.Backdoor.Delf.cir". I quarantines it, which removed CCleaner.exe and my desktop icon for CCleaner. Has anyone else had a problem? I haven't looked at the Zone Alarm forums to see if there's information about it there.
David
I had the exact same issue. Been using CCleaner and Zonealarm for months without issue, so why would this trojan be flagged now if it's a false positive?
Updated CCleaner from filehippo a few days ago. Not 100% sure of details as I have deleted CCleaner as a precaution for now, but it was latest version.
Graham
I had the exact same issue. Been using CCleaner and Zonealarm for months without issue, so why would this trojan be flagged now if it's a false positive?Updated CCleaner from filehippo a few days ago. Not 100% sure of details as I have deleted CCleaner as a precaution for now, but it was latest version.
Graham
Hi Graham,
Did you get the same message or something different?
When did you get it?
When did you last update ZoneAlarmPro?
Have you checked Zone Alarm forum?
Thanks
davey
that's weird i'm using Zone Alarm security suite and it has never found a trojan. i'm sure that you have encountered a false positive
Hi Graham,Did you get the same message or something different?
When did you get it?
When did you last update ZoneAlarmPro?
Have you checked Zone Alarm forum?
Thanks
davey
Was the exact same trojan(Win32.Backdoor.Delf.cir) that was flagged.
I have ZAP anti-spy set to update and scan daily, so was flagged on my system this morning.
Have checked the ZA forum and there is one post entered today with same issue, but no replys as yet.
IIRC it was only in past 7-10 days that I updated to latest CCleaner version.
Cheers
Graham
that's weird i'm using Zone Alarm security suite and it has never found a trojan.i'm sure that you have encountered a false positive
Now, it looks like there are 3 people anyway that have encountered this.
I would expect a lot more if it was a standard false positive as how many people out there are running CCleaner and ZAP with same definition updates?
Better go do some work now.
Cheers
...Have checked the ZA forum and there is one post entered today with same issue, but no replys as yet. ...
I posted to the ZoneAlarm forum, so that was probably mine.
I had originally downloaded it from FileHippo perhaps 6 months ago. About a week ago I accepted an update from within CCleaner.
ZoneAlarm Pro is version 7.0
I also use AVG Free edition, AVG Anti-Rootkit, Secunia, Spy Sweeper, Primary Response SafeConnect, and Spybot Search and Destroy.
Using a Gateway XP Media Center.
Zone Alarm found a trojan in CCleaner.
Hi, i have also had exactly the same trojan flagged up by Z A Pro. I downloaded CCleaner from file Hippo about a week ago and have run it 3/4 times. Z A Pro and CCleaner are both the latest versions. Upon deleting the trojan i then noticed that the CCleaner icon had just disappeared from the desktop screen, so decided to check this forum for any info about the problem before i reinstall CCleaner again. Since the original download of of CCleaner a week ago i have probably run the Z A pro scanner (full scan) a dozen or so times before it flagged the trojan up today.
Zone Alarm found a trojan in CCleaner.
Hi, i have also had exactly the same trojan flagged up by Z A Pro. I downloaded CCleaner from file Hippo about a week ago and have run it 3/4 times. Z A Pro and CCleaner are both the latest versions. Upon deleting the trojan i then noticed that the CCleaner icon had just disappeared from the desktop screen, so decided to check this forum for any info about the problem before i reinstall CCleaner again. Since the original download of of CCleaner a week ago i have probably run the Z A pro scanner (full scan) a dozen or so times before it flagged the trojan up today.
Hello uno.imrite,
Thank you for the great report.You provided some good info about this recent history.
I am not familiar with ZAP. Does it do background running real-time or stand alone scanning.
Are any other security programs running at the same time.
Thanks again to everybody sending us reports.Keep us filled in.
davey
Thanks again to everybody sending us reports.Keep us filled in.
davey
See Broadband Reports Security forum topic at this link.
and Zone Alarm forum topic at this link.
HTH
EG
See Broadband Reports Security forum topic at this link.
and Zone Alarm forum topic at this link.
HTH
EG
Hi egeezer,
Thanks for filling us in.
So now we know CCleaner will be removed by Microsoft Malicious Malware Tool.
FOR NOW DO NOT USE Microsoft Malicious Malware Tool OR YOU WILL HAVE TO RE-INSTALL CCleaner.
FOR NOW DO NOT request that CCleaner be deleted by ZoneAlarmPro OR YOU WILL HAVE TO RE-INSTALL CCleaner.
It has also been reported as a possible "false positive" to Microsoft
Good to hear from what I would call a Founding Member.
davey
Help! My ZoneAlarm Pro just completed a scan and reported a trojan in CCleaner.exe . The name listed in my ZoneAlarmPro associated with the trojan is "Win32.Backdoor.Delf.cir". I quarantines it, which removed CCleaner.exe and my desktop icon for CCleaner. Has anyone else had a problem? I haven't looked at the Zone Alarm forums to see if there's information about it there.
David
Hi David,
I have experienced the same problem as you have. I just installed the last version of CCleaner and it reported this trojan. Surprisingly, it did not report this trojan when I had the previous version. I have uninstalled and reinstalled it several times from various websites and it reports the same problem. I like this programe very much but I also trust the zonealarm which have never reported a false positive until now. I don't know. I might stick with th previous version instead of this one MY report found two files:
File: C:\Documents and Settings\Desktop\CCleaner.lnk
File: C:\Program Files\CCleaner\CCleaner.exe
Loren
Hi David,I have experienced the same problem as you have. I just installed the last version of CCleaner and it reported this trojan. Surprisingly, it did not report this trojan when I had the previous version. I have uninstalled and reinstalled it several times from various websites and it reports the same problem. I like this programe very much but I also trust the zonealarm which have never reported a false positive until now. I don't know. I might stick with th previous version instead of this one
MY report found two files:
File: C:\Documents and Settings\Markon Malaj\Desktop\CCleaner.lnk
File: C:\Program Files\CCleaner\CCleaner.exe
Loren
I don't normally respond to posts like this very much once I've had my say, but in this case I have to. I work on a lot of different computers with different setups all the time. I've worked with a lot of antivirus programs and security software in general. All that being said, trusting ANY program to never have false positives, is just silly. THEY ALL DO! It may not happen often, and some are better than others, but there just isn't any perfect software, even CCleaner. However in this case the best bet after seeing it come up on several systems with ZoneAlarm, when we know CCleaner isn't being reported as infected by any other antivirus, then the conclusion is simple, your software is the one that's on the wrong side in this case. You're concluding that every other antivirus vender in the world is missing that CCleaner is infected. That's just not likely.
Mark the CCleaner files that have been found by ZoneAlarm as safe, or ignore, whatever is needed and be done with it.
Vic
VicLovan.com
Help! My ZoneAlarm Pro just completed a scan and reported a trojan in CCleaner.exe . The name listed in my ZoneAlarmPro associated with the trojan is "Win32.Backdoor.Delf.cir". I quarantines it, which removed CCleaner.exe and my desktop icon for CCleaner. Has anyone else had a problem? I haven't looked at the Zone Alarm forums to see if there's information about it there.
David
Hi David,
I have the same problem as you have. I uninstalled the latest version of CCleaner and a few days later during a zonealarm scan it reported the backdoor trojan that you have mentioned. I uninstalled and installed it several times but it reported the same trojan. Then I installed the previous version of CCleaner which is version 2.04.543 and then did another scan with zone alarm and surprisingly it did not report any trojan and came out clean. I uninstalled the 2.04.543 version and installed it again and then did another scan and it came up with a clean report. then I uninstalled version 2.04.543 and installed the latest version again 2.05.555 and ran a scan. It showed the same trojan again. So it looks like the latest version has this problem and it has to be taken care of. Right now I think I will use version 2.04.543 until further notice.
Cheers
Loren
Hi egeezer,Thanks for filling us in.
So now we know CCleaner will be removed by Microsoft Malicious Malware Tool.
FOR NOW DO NOT USE Microsoft Malicious Malware Tool OR YOU WILL HAVE TO RE-INSTALL CCleaner.
FOR NOW DO NOT request that CCleaner be deleted by ZoneAlarmPro OR YOU WILL HAVE TO RE-INSTALL CCleaner.
It has also been reported as a possible "false positive" to Microsoft
Good to hear from what I would call a Founding Member.
davey
Glad to shed some light on the scope of the situation - I am not a programmer, but could it be that something that was changed in the updater/version checker code might have triggered the FP? Usually a "backdoor" FP alerts on some call-home capabilities or functions of legitimate applications. If the updated code in 2.04.543 was modified as part of the update, that might be someplace to look.
I just encountered the same trojan and i use ZoneAlarm Internet Security Suite- most updated recent version. I must say that i loved both programs. Since i switched from Norton my computer has been so much better protected. Norton would find the viruses and such but after they had done their damage, Zonealarm catches them as they enter. It has saved me over and over. It is quite slow, but it doesnt miss much if anything. I truly have %100 percent faith in it. Im not saying that it cant make mistakes though.
Now, i recently downloaded and used CCleaner and thought it was great too. I could delete things i never before could get to, and fix the registry for free, gotta love that. But then on my very first scheduled ZA scan, it found what it is saying to be a very serious trojan. In fact this is how it explains it...
"This program enables a remote user to control your computer. It runs in the background and opens a back door on your computer. The back door allows an unauthorized remote user to connect to and access your computer, circumventing your computer's security. When you connect to the internet, this program notifies the remote user that your computer is vulnerable. This program may also have built-in tools used to manage your files, run executables on your computer, control your mouse and CD tray, screens, and retrieve passwords, keystroke, and screen shots.
This trojan is frequently disguised as a useful program, or hidden inside other programs to get you to install them."
That is scary if you ask me, especially because i do think its a greatly useful program. What better way to gain access? The way the world is today, you can never be too careful.
I will only redownload CCleaner when its assured this trojan problem is gone. Im going to try the previous version as the other commenter stated its free of this problem.
It's a false positive.
Some stuff people can verify to make sure they have matching checksums of CCleaner.exe:
MD5 Checksum: 2b7b12d9549198924a2a842330d00724
SHA1 Checksum: 81f118fa5df48e1f9378a73dc5550f0db360e7d3
All of these free online single file malware scanners find nothing, and deem CCleaner.exe as clean:
Enough is enough!
For all you nervous Nellie users, who haven't figured out that this a a false positive.
Quickly unplug your computer from then Internet, turn off the power and box up that computer. Then as fast as you can go uncover the doors to that bomb shelter in your backyard and hide until I call you and give you the secret password that the all-clear is given.
OK so that's being a bit sarcastic, but do you really think that out of the MILLIONS of other users who have had no sign of infection, or the other programs that are hosted on the the same servers as CCleaner, and out of all of those you'd think there would be a serious call to arms. But there isn't, so don't you think you could just tell your antivirus program to ignore the CCleaner files and have it clean your system better than you could do it yourself? Stop worrying about a program that you really know in your heart is safe.
And just for a little run down about me and of what I use. I'm a computer tech who works on other people's computers at their location or back here at my home/shop. About 80% of the time the first thing I look at, regardless of what the call is about, is the security. I use the latest versions of - CCleaner, AVG AntiVirus, SpySweeper (AntiSpyware only), Spyware Doctor (free with the Google Pack), SUPER AntiSpyware, ClamAV, and just for good measure, sometimes Trend Micro House Calls, and my network is run by a SmoothWall 3.0. NONE of the security programs have flagged CCleaner.
The following is from Computer Associates (they're the ones who make the antivirus for Zone Alarm).
http://www.ca.com/securityadvisor/glossary.aspx#F
False Positive, False NegativeThese terms derive from their use in statistics. If it is claimed that a file or boot sector is infected by a virus when in reality it is clean, a false positive (or Type-I) error is said to have occurred. Conversely, if a file or boot sector that is infected is claimed to not be infected, a false negative (or Type-II) error has been made. From an antivirus perspective, false negatives probably seem more serious than false positives, but both are undesirable. False positives can cause a great deal of down-time and lost productivity because proving a program cannot replicate under some condition or other is generally much more time consuming than discovering the conditions under which a viral program will replicate.
With good known-virus scanners, false positives are rare. However, they can arise if the scan string for a virus is poorly chosen, say because it is also present in some benign programs. False negatives are a more common problem with virus scanners because known-virus scanners tend to miss completely new or heavily modified viruses. False positives have, historically, been quite a problem for scanners that make heavy use of heuristic detection mechanisms.
Another related, serious problem is the situation where a scanner detects a virus, but incorrectly identifies which. Such misdiagnosed positives can lead to terrible problems if the scanner, or its user, then engages in a virus-specific disinfection routine based on detailed knowledge of the 'detected' virus' characteristics. 'Generic disinfection' procedures are not entirely immune from such problems either.
School is out, now run along and play.
Good Luck!
Vic
VicLovan.com