Virustotal reports Trojans in ccsetup314.exe

[zuco]

Virustotal as well as Jotti's malware scan both find trojans in CCleaner - Installer version ccsetup314.exe. I hope someone knows why this is because I want to install CCleaner but can't till I know it's safe. And yes I downloaded it from http://www.piriform.com, I checked multiple times. Defraggler also had 1 negative report. What's going on?

 

Regards, John

 

here's the virustotal report:

https://www.virustotal.com/file/890c73b74e74f8e0344f2b2ff27e27627bc3de1081dabd63bb413bb867b772e1/analysis/1326449418/

[TheWebAtom]

There is nothing Piriform can do (with the exception of a strongly worded email) to prevent the incompetence of other companies. CCleaner and Defraggler are safe, if a security product is telling you otherwise I recommend not buying it.

[kroozer]

CC314/Piri download passes on my Avast and Mbam scans. Here are reports from three more scans.

 

http://cloud.iobit.c...9368cc7bd86328f

http://www.metascan-...2vbqu7tlv6inv74

http://virusscan.jot...08028b2339f2e65

[Tr3bg0D]

If you have concerns about using the installer, then use the portable version. There is no difference in the aplication.

[Nergal]

These are known as False Positives, if this were a case of your on device Antivirus catching this as a virus, we would suggest that you report the false positive to the company making the antivirus program. Because you are using VirusTotal Website there's not much you can do (you can still report it but you'll have to find the correct form on the incorrect AV product)

[pazsion]

I hope piriform takes a serious look at their files server and disregards their mods flaky comments here...not a false positive...this is a known back door. very few anti-v vendors stop these attacks. Many have removed it's detection from their databases wrongly, as it's thought to be associated with microsoft's built in backdoor. But it is an exploit of this... It's often injected though. I was only able to avoid repeat infections of these types by changeing my ip after removeing it with a complete format.... and not using the same old software...If this was on a pc you worked with, it could result in multiple infections of files downloaded during a certain period, or continueing. It often renames itself...etc.

 

Have you personally had these detections with a file on a pc you've scanned??? are you able to remove it? This would be able to confirm first hand. that it is or could be a threat to people who use this software. The two vendors in this list with detections are not widely trusted. It will also be handy to know when they downloaded their files they tested. and from what ip. not just web address. This way piriform can confirm it was from their servers, and not a spoof/hijack or smearing of software (false information spammed all over the internet to cause harm or scam people into using a particular product.)

[pazsion]

If you have concerns about using the installer, then use the portable version. There is no difference in the aplication.

 

piriform supports and recommends a cloud ap, internet ap of their software?? is there a link? what exactly do you mean by "portable" version?

[nodles]

piriform supports and recommends a cloud ap, internet ap of their software?? is there a link? what exactly do you mean by "portable" version?

See "CCleaner - Portable" http://www.piriform....ccleaner/builds.

Troll.

[Hulk]

Big players report it as clean so I'd rather trust them than the small ones

[TheWebAtom]

Ignore the semi-illiterate troll.

[Nergal]

While I understand what WebAtom is saying I do not share in the insulting nature of the post above me.

 

So a couple of things to cover here to end this correctly:

 

Both the sites that you flagged only found postived on 1 AV engine (both on Clam) Virus total was out of 40 engines while Jott was of 20.

This denotes a false positive and below is why

the malware flagged isn't a specific malware but a generic dropper

if this specfic dropper had indeed been in the installer at least some of the following engines would also have flagged (along with what the would have called it)

• AVG (GriSoft) - Dropper.Agent.ALFW (Trojan horse)
  
• avira - TR/Crypt.XDR.Gen
  
• Kaspersky - Trojan-Dropper.Win32.Agent.euvg
  
• BitDefender - Trojan.Generic.5820516
  
• McAfee - Generic Dropper!duu
  
• F-Prot - W32/Dropper.gen8!Maximus (suspicious)
  
• FortiNet - W32/Agent.EUVG!tr
  
• Symantec - Trojan.Gen
  
• Eset - Win32/TrojanDropper.Agent.BQOPYJZ trojan (probably
  
• norman - W32/Suspicious_Gen2.LQTQW (trojan)
  
• panda - Generic Trojan
  
• Sophos - Troj/SysInvad-A
  
• Trend Micro - TROJ_GEN.F4AC3DP
  
• V-Buster - Trojan.DR.Agent!hQxjF6fjk+8 (trojan)
  

One might expect at least 3-5 hits before a virus is confirmed. That's the point of those sites, they are there to make sure that something that was flagged is either correctly flagged or is not being seen by other programs (in this case the former as PUA.Packed.PECompact-1 is common)

to prove to you this case one final way I would tell you to look for any of the symptoms of this Malware on any of your or our machines which have installed ccleaner 3.14 with no issue.