Chouette Posted December 21, 2013 Share Posted December 21, 2013 I downloaded and installed the new update v4.09 on 17th December and my anti-virus program detected a trojan virus and deleted the file. This is worrying as I have used CCleaner for quite some time with no issues before. I tried to find a way to contact Piriform but was unsuccessful so have joined this forum for their attention. Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted December 21, 2013 Moderators Share Posted December 21, 2013 Which site did you download the file from? Piriforms site https://www.piriform.com/ccleaner or FileHippo http://www.filehippo.com/download_ccleaner/ What anti virus do you use? Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
j2k Posted December 21, 2013 Share Posted December 21, 2013 ive download ccleaner update and my computer now HAS computer has virus too WHY?????????????????????????/ im using nod 32 eset is this an actual virus or what??? never had a virus from this software before Link to comment Share on other sites More sharing options...
Moderators mta Posted December 21, 2013 Moderators Share Posted December 21, 2013 I also recently installed the version 4.09.4471, am running AVG IS and found no viruses. It could be a false positive thrown up by NOD32. As @hazelnut asks, where did you get CC from? What file is NOD32 saying is infected? What is the infection? Backup now & backup often.It's your digital life - protect it with a backup.Three things are certain; Birth, Death and loss of data. You control the last. Link to comment Share on other sites More sharing options...
Chouette Posted December 22, 2013 Author Share Posted December 22, 2013 I downloaded from Piriform as usual. Antivirus is McAfee VirusScan Enterprise + AntiSpyware Enterprise. The file name msi4142exe detected as RDN/Generic, type Trojan which it deleted. This was found on CCleaner64exe. What is NOD32? Link to comment Share on other sites More sharing options...
kroozer Posted December 22, 2013 Share Posted December 22, 2013 What is NOD32? Antivirus program, flagging the Google Tool Bar bundle which you can decline, or wait for the slim build. I checked three Security sites and here are the results. http://r.virscan.org/f40fb16cee93a9a67d140997cab90970 http://virusscan.jotti.org/en/scanresult/e43f2c739376697004cff67739b3ca88318c56c9/9bb4493f10131db7ddfd540b2d5dfec929f3c125 https://www.virustotal.com/en/file/522b29f9cae71206a5cd6e28dd0646ab4f57b5fdcedf498f4d78d71ac74030f9/analysis/ Link to comment Share on other sites More sharing options...
Moderators Andavari Posted December 22, 2013 Moderators Share Posted December 22, 2013 It's a false positive! File Name: ccsetup409.exe Has valid digital signature, signed: Tuesday, December 17, 2013 8:24:11 AM MD5 Hash: 90B4989B832A57D261F0AB51F143E97A SHA-1 Hash: 932E042070F1567ED5A116E98E3C04D7D07E0681 Both Piriform.com and FileHippo.com have matching hashes, i.e.; the downloads are identical. Another site scan result to add to Kroozer's list with 40 antivirus scanners deeming it as 100% clean: https://www.metascan-online.com/en/scanresult/file/4df52a84d8d74f268815d39ea01d3835 Link to comment Share on other sites More sharing options...
Derek891 Posted December 22, 2013 Share Posted December 22, 2013 Antivirus program, flagging the Google Tool Bar bundle which you can decline, or wait for the slim build. I checked three Security sites and here are the results. http://r.virscan.org/f40fb16cee93a9a67d140997cab90970 1 out of 37 NOD32(which is ESET) http://virusscan.jotti.org/en/scanresult/e43f2c739376697004cff67739b3ca88318c56c9/9bb4493f10131db7ddfd540b2d5dfec929f3c125 1 out of 23 ESET https://www.virustotal.com/en/file/522b29f9cae71206a5cd6e28dd0646ab4f57b5fdcedf498f4d78d71ac74030f9/analysis/ 1 out of 49 ESET According to kroozer's results, ESET is the one that consistently flags the Google Tool Bar installer as potential malware. I decided to go to the source, Google, and download the installer by itself ( filename: GoogleToolbarInstaller_en32_signed.exe). Here are the results when running this file through the same three security sites: http://r.virscan.org/report/9e91214349911d3e0b7d33081d141a0d.html 2 out of 37 ClamAV and F-Prot http://virusscan.jotti.org/en/scanresult/05b8b27ec3e641b9db05cc45ce79beee8758532b/d8c8a77353ca27081765560c2b6d7a7338f77468 1 out of 23 ClamAV https://www.virustotal.com/en/file/1f85e871db078e45a653ba98dd30c19500191421a7060c4609dd5fa407d82bc5/analysis/1387684029/ 0 out of 49 So one version of the Google Toolbar Installer, the one that it is bundled with the CCleaner Installer, is detected only by ESET as malware. But the Google Toolbar Installer, downloaded directly from Google, is ignored by ESET but detected by ClamAV twice and F-Prot once as malware. Anyone care to explain this? It certainly is puzzling to me. kroozer - I hope you don't mind me editing your post, I just wanted to clarify things for everyone. Start every day with a smile and get it over with. - W.C. Fields Link to comment Share on other sites More sharing options...
kroozer Posted December 22, 2013 Share Posted December 22, 2013 Anyone care to explain this? Only Google can explain that. Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted December 22, 2013 Moderators Share Posted December 22, 2013 @j2k Just flag it up to ESET as a false positve. Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
Derek891 Posted December 22, 2013 Share Posted December 22, 2013 I'm inclined to think that they are two different versions of the Google Toolbar. Or an earlier and later version perhaps. Maybe I'm trying too hard to be logical here, but if they were exactly the same, then ESET either should have flagged both, or ignored both. Start every day with a smile and get it over with. - W.C. Fields Link to comment Share on other sites More sharing options...
Moderators Andavari Posted December 22, 2013 Moderators Share Posted December 22, 2013 According to kroozer's results, ESET is the one that consistently flags the Google Tool Bar installer as potential malware. I decided to go to the source, Google, and download the installer by itself ( filename: GoogleToolbarInstaller_en32_signed.exe). So one version of the Google Toolbar Installer, the one that it is bundled with the CCleaner Installer, is detected only by ESET as malware. But the Google Toolbar Installer, downloaded directly from Google, is ignored by ESET but detected by ClamAV twice and F-Prot once as malware. Anyone care to explain this? It certainly is puzzling to me. kroozer - I hope you don't mind me editing your post, I just wanted to clarify things for everyone. ESET via the scan here states it's clean (it doesn't say NOD or anything, just ESET the vendor company/name). Although the difference between Windows and Linux versions of antivirus scanners can give different results. As for ClamWin giving false positives on those scanning sites I've personally ignored everything it comes up with on them clean or infected for months now, also the Zillya scanner some use is also very prone to false positives. Link to comment Share on other sites More sharing options...
Chouette Posted December 22, 2013 Author Share Posted December 22, 2013 Concerned (not really understanding all this, just reporting) I ran a full scan last night with the following results: msafpe.exe prog data RDN Generic back door!vu Trojan Deleted msafpe.exe Documents and settings/All users Ditto ditto Ditto Link to comment Share on other sites More sharing options...
j2k Posted December 22, 2013 Share Posted December 22, 2013 @j2k Just flag it up to ESET as a false positve. how do i do that??? ive got the old version the new one keeps getting blocked by eset... ive downloaded c cleaner all the time from https://www.piriform.com/ccleaner or http://www.filehippo...nload_ccleaner/ Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted December 22, 2013 Moderators Share Posted December 22, 2013 how do i do that??? http://kb.eset.com/esetkb/index?page=content&id=SOLN141 Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
j2k Posted December 23, 2013 Share Posted December 23, 2013 http://kb.eset.com/esetkb/index?page=content&id=SOLN141 can someone report it please. Link to comment Share on other sites More sharing options...
Chouette Posted December 23, 2013 Author Share Posted December 23, 2013 My bank account has been hacked and someone has tried to collect a large amount of money out of it. Bank says that virus remains and to do another full scan straight away. I logged in to my account and the page looked perfectly normal. Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted December 23, 2013 Moderators Share Posted December 23, 2013 You are strongly advised to go immediately to a Malware Removal forum and get help. See item 10 in this link for some recommended sites http://forum.piriform.com/index.php?showannouncement=15&f=4 Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
j2k Posted December 27, 2013 Share Posted December 27, 2013 My bank account has been hacked and someone has tried to collect a large amount of money out of it. Bank says that virus remains and to do another full scan straight away. I logged in to my account and the page looked perfectly normal. did that happen by downloading c cleaner?? :-( You are strongly advised to go immediately to a Malware Removal forum and get help. See item 10 in this link for some recommended sites http://forum.piriform.com/index.php?showannouncement=15&f=4 when the new update be available eset still flags up as virus...................... Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted December 27, 2013 Moderators Share Posted December 27, 2013 I have ESET nod 32 on Win 7 64bit. I have CCleaner 4.0.9 slim build installed which was downloaded from the builds page https://www.piriform.com/ccleaner/builds ESET did not flag the download. I expect it is flagging the FULL version of CCleaner for you because it includes an option to install a toolbar Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
j2k Posted December 28, 2013 Share Posted December 28, 2013 I have ESET nod 32 on Win 7 64bit. I have CCleaner 4.0.9 slim build installed which was downloaded from the builds page https://www.piriform.com/ccleaner/builds ESET did not flag the download. I expect it is flagging the FULL version of CCleaner for you because it includes an option to install a toolbar THANKS!!!! THIS VERSION WORKING FINE NOW :rolleyes: :rolleyes: :rolleyes: Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now