Lol, the average computer user depends on their anti-virus and spyware programs to detect just that, viruses and spyware. We are not computer savvy enough to find the things on our own or even know what false negatives or false positives are. When we run into a situation where a trusted AV program tells us that an item is bad, we take heed and even take the time to discuss the problem- if only for assurance- before we delete it permanently, or find out its a false positive. That is what this forum is here for. Being condensending is never a good thing and it most definetly doesnt solve problems. In fact it can only lead to people being reluctant to post future questions or concerns. With that in mind, id like to add this question. I hope the answer doesnt make me feel more stupid.
Do false positives and negatives apply to trojans and/or spyware as well as viruses? The reason i ask is that my AV said that it is a trojan, not a virus as others have implied. And does that make a difference?
I was thinking that if it isnt quite as bad, i maybe can just go to my basement instead of the whole way out to the shelter.
Do false positives and negatives apply to trojans and/or spyware as well as viruses?
Yes!
Anti-malware programs, i.e.; anti-virus and anti-spyware can give a false positive. For instance some anti-spyware programs may detect perfectly valid entries in the Windows HOSTS file and in Internet Explorer's Restricted Sites as a hijack when in fact they aren't which results into a false positive.
Help! My ZoneAlarm Pro just completed a scan and reported a trojan in CCleaner.exe . The name listed in my ZoneAlarmPro associated with the trojan is "Win32.Backdoor.Delf.cir". I quarantines it, which removed CCleaner.exe and my desktop icon for CCleaner. Has anyone else had a problem? I haven't looked at the Zone Alarm forums to see if there's information about it there.
David
Yes same thing here, over, and over. tried to download it from majorgeeks.com and downloads.com but it always comes with the trojan. At first I quarantied it but then deleeted and yes it shuts down CCleaner but the setup is still left in and just nowwent to add/remove and got rid of it....Too bad because I have used CCleaner for about 3 yrs. I did the deep zonealarm scan on it 4 times with the same result, so I wont be downloading it again.
Yes same thing here, over, and over. tried to download it from majorgeeks.com and downloads.com but it always comes with the trojan. At first I quarantied it but then deleeted and yes it shuts down CCleaner but the setup is still left in and just nowwent to add/remove and got rid of it....Too bad because I have used CCleaner for about 3 yrs. I did the deep zonealarm scan on it 4 times with the same result, so I wont be downloading it again.
Once again, the smart thing to do is submit the file to ZoneAlarm so that they can finally FIX this false positive, which they ought to do in a hurry, at least if they care about their reputation.
As Andavari already said, you can upload the installer at Virtustotal, where it will be scanned simultaneously by over 30 different antiviruses, including ALL the top brands, and you'll find that none of them will find anything wrong with it.
Once again, the smart thing to do is submit the file to ZoneAlarm so that they can finally FIX this false positive, which they ought to do in a hurry, at least if they care about their reputation.
I'm running Zone Alarm's Internet Security Suite and I also have been getting a Win32.Backdoor.Delf.cir virus notice. There is no way to go in and exclude this in ZA.
Previous versions of CCleaner run fine, it's just this latest version.
I'd be happy to submit this to ZA if I knew how, but since it's just this last CC version and other AV programs are showing it as a virus also, shouldn't Piriform do an update to fix the problem?
I'm running Zone Alarm's Internet Security Suite and I also have been getting a Win32.Backdoor.Delf.cir virus notice. There is no way to go in and exclude this in ZA.
Previous versions of CCleaner run fine, it's just this latest version.
I'd be happy to submit this to ZA if I knew how, but since it's just this last CC version and other AV programs are showing it as a virus also, shouldn't Piriform do an update to fix the problem?
I love CCleaner and don't want to give it up!
So Gadfly, you are saying that other AVs are reporting it as a virus as well? I thought everyone was saying it was only ZoneAlarm- which i'm running as well and think is the best out there. If other AVs are reporting it too, then of course it would be a Piriform problem, but i think it is only ZoneAlarm. If omeone else has it being detected by another AV please let us know which ones. I hope it gets fixed by someone cause i dont want to lose CCleaner either.
If omeone else has it being detected by another AV please let us know which ones.
I agree that if other AV's are detecting it they should be listed as well. However the single file anti-malware scanning sites like Jotti and VirusTotal that use a myriad of scanners detect absolutely nothing.
I don't see it as a "Piriform bug" it's just some anti-virus giving a false positive, and who knows what in their definitions are causing it. It's up to the anti-virus vendors to fix false positive detections in their software.
As far as their reputation- It is always rated at the top as far as virus detection goes, it uses the Kapersky engine. And as far as "false positives", ZA encourages them to be sent in.
For anyone who may doubt the quality of ZoneAlarms product or their reputation, Id have you read their review by ZDNet... a direct quote...
"Intro of ZoneAlarm Security Suite
ZoneAlarm's Security Suite is one of the best security suites we have seen. Its interface is far easier to use and understand than the competition's, and its feature set puts the comparably priced Norton Internet Security and McAfee Internet Security to shame. Overall, ZoneAlarm Security Suite is the suite to beat for all-around Internet security and privacy, whether you use your PC from home or take the corporate laptop out on the road."
I just feel its sometimes good to mention some positive things about a product when conversation arises about possible negatives. Basically false positives happen to the best AV programs out there, but when they do, consideration should be looked at both ways until it is confirmed. There is such a thing as missed detections as well. It is very unlikely, but maybe the other AVs just are not up to par on the newest threats such as this one. To suggest people should overlook any threat before its properly researched is simply not a good practice. The file could have been added to the program by the download site for all we know. I will wait until its resolved before i just ignore it or put in an exception to the search. Its truly better to be safe than sorry.
this really getting weirder and weirder i am using ZA security suite here..and since you guys posted these issue here it hasn't found a trojan. i have the latest virus and program updates and im wondering why you guys kept getting these 'false positives".
this really getting weirder and weirder i am using ZA security suite here..and since you guys posted these issue here it hasn't found a trojan. i have the latest virus and program updates and im wondering why you guys kept getting these 'false positives".
If what you are saying is true than it suggests the possibility that the file could have been added to the program by certain download sites or somewhere in between. I mean, how could the same antivirus find a file in my CCleaner but not yours??? I dont fully understand this, so again, i am definetly waiting for a response by ZoneAlarm.
For all you nervous Nellie users, who haven't figured out that this a a false positive.
Quickly unplug your computer from then Internet, turn off the power and box up that computer. Then as fast as you can go uncover the doors to that bomb shelter in your backyard and hide until I call you and give you the secret password that the all-clear is given.
OK so that's being a bit sarcastic, but do you really think that out of the MILLIONS of other users who have had no sign of infection, or the other programs that are hosted on the the same servers as CCleaner, and out of all of those you'd think there would be a serious call to arms. But there isn't, so don't you think you could just tell your antivirus program to ignore the CCleaner files and have it clean your system better than you could do it yourself? Stop worrying about a program that you really know in your heart is safe.
And just for a little run down about me and of what I use. I'm a computer tech who works on other people's computers at their location or back here at my home/shop. About 80% of the time the first thing I look at, regardless of what the call is about, is the security. I use the latest versions of - CCleaner, AVG AntiVirus, SpySweeper (AntiSpyware only), Spyware Doctor (free with the Google Pack), SUPER AntiSpyware, ClamAV, and just for good measure, sometimes Trend Micro House Calls, and my network is run by a SmoothWall 3.0. NONE of the security programs have flagged CCleaner.
The following is from Computer Associates (they're the ones who make the antivirus for Zone Alarm).
I also have been running Zone Alarm and CCleaner for some time. The last version is when the Trojan message started. I also have Spywaredoctor fro PCTools and it also detects the same in CCleaner.
It is a pain because I have to keep re-installing CCleaner.
I will re-update everything on a different PC and try again.
I also have been running Zone Alarm and CCleaner for some time. The last version is when the Trojan message started. I also have Spywaredoctor fro PCTools and it also detects the same in CCleaner.
It is a pain because I have to keep re-installing CCleaner.
I will re-update everything on a different PC and try again.
I m runnng XP Pro on each PC.
Hi Laverne,
I am not familiar with the either Zone Alarm or Spywaredoctor.
Don't these give you the option to Exclude or Ignore rather than automatically removing CCleaner.
This is the first I have seen anywhere reporting that Spywaredoctor detects this.
What does it report and when?
Have you tried the latest CCleaner version v2.06 .
#1. Make sure you got the newest updated CCleaner 2.06.567
#2. Make sure you update ZoneAlarm to their most recent 7.0.470.000
*** You may think your updated just by running the update feature under the Anti-virus spyware tab- that just updates the definitions, well you need to go to Overview and click on the Preferences tab to update the actual Anti-virus and spyware engines.***
Do both and it eliminates the problem and CCleaner is back in use.
One interesting note is that after i then ran the virus scan it found a new virus...Backdoor.win32.Radmin.ag... but upon deletion it did not eliminate CCleaner. Let me know if anyone else gets the same response.
Also, just for information purposes, i seen it asked several times but never answered...if anyone ever needs to exclude items from future searches-
Under the Anti-virus/ Anti-spyware heading, click the Main tab and at the bottom click on Advanced Options. When the box pops up click on Eceptions in the left pane of options, then just add whatever it is you want.
2 more viruses caught since the new update, backdoor.win32.Zlob.jpu and backdoor.win32.Zlob.ius. I wasnt even scanning, Zonealarm jus popped up a window saying they were caught after attempting to run scripts or something. They were not caught while they were dormant during the scan a few hours ago.
all 3 are quaranteened and CCleaner is still available, thats a good sign i guess.
Please tell me if anyone else gets all these new ones as well.
#1. Make sure you got the newest updated CCleaner 2.06.567
#2. Make sure you update ZoneAlarm to their most recent 7.0.470.000
*** You may think your updated just by running the update feature under the Anti-virus spyware tab- that just updates the definitions, well you need to go to Overview and click on the Preferences tab to update the actual Anti-virus and spyware engines.***
Do both and it eliminates the problem and CCleaner is back in use.
...
I linked the above post to Broadbandreports topic for more exposure - See
I'm guessing changes were made in CC's as well as ZA's application - Possibly having to do with the CC updater piece being the trigger. I''m sure the CCleaner developers can elaborate, confirm or correct this.
Based on your AV detection results, I'd say you're surfing in some interesting territory and/or downloading some dodgy CODECs.
My Zone Alarm warns me of 'Suspicious Behavior" when I try to use my new version of CCleaner v.2.07.575. It says CCleaner is trying to launch C:\WINDOWS\system32\rundll32.exe, or use another program to gain access to privileged resources.
I am ignorant of all the computer technology. I have no idea if this is concerning some sort of trojan or not. I was simply concerned since I have been using CCleaner for a long time without anything like this appearing.
My Zone Alarm warns me of 'Suspicious Behavior" when I try to use my new version of CCleaner v.2.07.575. It says CCleaner is trying to launch C:\WINDOWS\system32\rundll32.exe, or use another program to gain access to privileged resources.
This is just a guess on my part, however do you have this setting enabled in CCleaner's Options->Settings: