Jump to content
CCleaner Community Forums
dorf

Online Armor says virus or dangerous program CCleaner

Recommended Posts

Hey,

I have been using CCleaner and ESET for a very long time now.

 

You can find the toolbar free version here,

Note that the toolbar free version always come out a couple of days after a new release.

 

EDIT:

After informing ESET about this, they have fixed the problem, It was a false positive. Just wait for the next signature update.

 

Quote from ESET

 

I just downloaded CCleaner from the link and installed it quickly and there was no detection. I think that which you experienced was a false positive that has been resolved already today. :-)

Share this post


Link to post
Share on other sites

Some feedback,

after performing another scan via ESET (v 7.0.302.26) WITH detection of unsafe applications enable this time and VirusTotal, both still getting hits.

 

I informed ESET again about this matter and they indicated that they are investigating deeper as they are the only AV that gets hits.

 

This is one feedback from ESET.

 

Well, it could one of two reasons. :-)

 
1. It is a false positive (incorrect detection by ESET)
2. We are the first to detect the a bundled toolbar
 
But, I will definitely get an answer for you from our virus labs and will let you know!

 

Note: Point 2, this can be due to the fact that no other AV has seen the danger in the toolbar or something else, I am only speculating here.

Share this post


Link to post
Share on other sites

If they're going to flag it, it would help to stop people from freaking out if they'd only notify of toolbar presence and not allow the user to actually delete/quarantine the file being it's actually clean.

 

A detection like some other av's do when it's not a virus would help in the matter, example:

Win32/Bundled.Toolbar.Google.D (Not A Virus)

Share this post


Link to post
Share on other sites

This is the final quote from ESET

 

 

According to head office it will not be detected by default. Virustotal have enabled the detection of unsafe applications so it will show up there. The toolbar installs without the user knowing so the detection will stay the same (this does not in any way mean it is malicious).

 
Now as to why other AV vendors do not detect it, I do not know, you would need to ask them. :)

 

I think this matter is done-for seeing ESET has a set way of dealing with unsafe applications,

 

I have been using ESET for a very long time now and CCleaner as well but I just download the Slim version every time. In most cases my detection of unsafe applications is disabled.

 

On a side note ESET doesn't see it as virus it only shows that it's a Potentially unsafe applications see attached image of actions that can be taken.

post-60257-0-13217000-1394630844_thumb.png

Share this post


Link to post
Share on other sites

To add to Andavari's observation, if ESET insist on flagging CCleaner in this way then maybe they should change the "Potentially unsafe application" to at worst a "Potentially unwanted program" (PUP).

 

As far as I'm aware there isn't anything unsafe about the Google Toolbar. Unwanted? Possibly.

 

And if users are careful with the install, as they should be with all program installs, there is an opt-out.

Share this post


Link to post
Share on other sites

As far as I'm aware there isn't anything unsafe about the Google Toolbar. Unwanted? Possibly.

 

unless Google has changed things, their toolbar was known for recording sites visited and searches performed in order to create an online profile of your habits to fine-tune the ads they showed you.

 

some anti-malware programs used to flag it as adware/spyware and recommended it be removed.

 

so on that level, if still true, the Google toolbar would be a PUP.

Share this post


Link to post
Share on other sites

unless Google has changed things, their toolbar was known for recording sites visited and searches performed in order to create an online profile of your habits to fine-tune the ads they showed you.

 

some anti-malware programs used to flag it as adware/spyware and recommended it be removed.

 

so on that level, if still true, the Google toolbar would be a PUP.

 

 

Lets say Google did not change anything and it's still recording sites visited and and searches performed would you still see it as PUP or rather an unsafe application ?

 

Can anyone send send the file to their AVs HQ for analysis and see what is their reply ?

 

 

EDIT:

Got a final reply from ESET:

 

 

Our virus labs have stated that the detection for the google toolbar doesn't need to be as strict a detection because the toolbar is not as widely and aggressively pushed as other toolbars which are classified as potentially unwanted. (Potentially unwanted is a higher level threat compared to Potentially unsafe)
 
They say the situation may change in the future and based on future reviews, they may decide to reclassify the toolbar. :-)

Share this post


Link to post
Share on other sites
Potentially unwanted is a higher level threat compared to Potentially unsafe

 

Is it just me, or does that seem to be around the wrong way?

 

As an ordinary user, as most people are, I know which one would worry me the most.

Share this post


Link to post
Share on other sites
The toolbar installs without the user knowing so the detection will stay the same (this does not in any way mean it is malicious).

 

 

ESET is wrong with that reply as it pertains to Google software included with Piriform installers! It does not install automatically without user interaction, since end-users can opt-out as long as people are paying attention and not being click-happy without viewing the screens.

Share this post


Link to post
Share on other sites

Agreed. If you keep clicking NEXT like mad, without reading, you will end up with a lot of crapware installed into your computer. I have never had any issues opting out for the Google Toolbar thing while installing CC.

Share this post


Link to post
Share on other sites

Is it just me, or does that seem to be around the wrong way?

 

You may be right, cant you just email ESET and find out ?

Depending on where in the world you are you will be routed to the closet ESET support team.

 

 

ESET is wrong with that reply as it pertains to Google software included with Piriform installers!

 

You are 100% correct, I thing the tech just click next, next like most users would do. Also I think that the tecks at any AV vendor has to think like a normal pc user, so doing acting like them and making "mistakes".

Share this post


Link to post
Share on other sites
You may be right, cant you just email ESET and find out ?

 

 

If I was a Piriform employee I may have, but as I'm not, I'll leave it to them to decide whether they should act on it. Or Not.

 

My interest stretches only to the fact that it's an interesting subject.

:)

Share this post


Link to post
Share on other sites

I have been getting flags for a month or so when attempting to download ccleaner. I also use e-set smart security and it sends the toolbar directly to jail and does not pass go or collect $200. I am not to keen on having anything google installing on my machine. With all the secret data collecting by the government. I avoid anything that could possibly be used for that purpose. Piriform should make it known there is a toolbar bundled with ccleaner.

Share this post


Link to post
Share on other sites

use the slim or portable versions of CC as they don't include the toolbar or Chrome.

Share this post


Link to post
Share on other sites

Looks like this topic has come up a couple of times in the past as well.

 

Spoken to ESET again and they said they will not change the "threat" level of the Google toolbar.

 

This comeing from a fellow ESET user:

 all ESET users must either use the Slim or the Portable. Unless they want to look at the warning once again download the normal version !

 

Cant we link all ESET posts to this one so doing that we don't have to re-stat all this over and over ?

Share this post


Link to post
Share on other sites

ESET has an option to scan for low-level threats such as bundled options in installers.
You have to check the box for 'Potentially Unwanted Programs' before scanning.
So the default is for ESET Online Scanner not to bother with them.

Note Google Toolbar is not even possible to install on Firefox or Chrome.
It might install on Internet Explorer if that is your default browser.

 

This site scans using 68 different engines, ccsetup501.exe comes back clean.
If read the link, it shows 1/68 for the 401-404 versions from the time of the post.
http://www.herdprotect.com/ccsetup501.exe-205ea3a873c765ff2e0f78fb1834d6eb44c21bf3.aspx


 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...