suspicious file after ccleaner installation

[piriformfriend]

I recently downloaded ccleaner and selected the automatic update option.

 

I noticed that soon after the installation of ccleaner another file was downloaded to my computer, called $R3OBKCI.exe.

 

Is this a legitimate piriform file that updates ccleaner or is it some kind of malware or virus that I should be concerned about?

 

Thank you very much in advance for your help.

[Winapp2.ini]

How did you see $R3OBKCI? It looks like a recycle bin file name, but otherwise files prefixed with $ shouldn't be visible under normal conditions. Either way, this is definitely not a CCleaner related file.

[Nergal]

From where did you download Ccleaner?

But as winapp says only recycle bin files should have that name.

Can you upload it to virustotal ( https://www.virustotal.com/ )

[piriformfriend]

I have Norton Internet Security, which keeps a record of the files downloaded to my computer. This one, $R3OBKCI.exe, appears to have downloaded after I downloaded ccleaner. By mistake I downloaded twice the ccleaner, so I put one of the two copies of ccleaner on the recycling bin. $R3OBKCI.exe appeared afterwards.

 

The path of the$R3OBKCI.exe file is c:\$RECYCLE.BIN\S-1-5-21-28636295-2780579325-3835481906-1001\$R3OBKCI.exe, but the file seems to disappear immediately after being downloaded, because when I search it in the computer (or the recycling bin) its’ gone (so I can’t test it in https://www.virustotal.com/)

 

This (I believe) is the url where I downloaded ccleaner from:

 

http://pcsupport.about.com/gi/o.htm?zi=1/XJ&zTi=1&sdn=pcsupport&cdn=compute&tm=6091&f=00&su=p284.13.342.ip_&tt=65&bt=5&bts=3&zu=http%3A//www.piriform.com/ccleaner/builds

 

When I compare the ccleaner downloaded from this url to the ccleaner file downloaded from piriform.com, they are exactly the same size (down to the bytes), same dates, and same identical Digital Signature information.

 

I have also run Malwarebytes and Norton Internet Security, without finding any threat.

 

I am at truly at a loss about this file and would welcome any comment.

 

Thank you.

[piriformfriend]

I forgot to mention that I also checked this options in Ccleaner:

 

Add “Run Ccleaner” option to recycle bin context menu

 

Add “Open Ccleaner” option to recycle bin context menu

[Nergal]

I have Norton Internet Security, which keeps a record of the files downloaded to my computer. This one, $R3OBKCI.exe, appears to have downloaded after I downloaded ccleaner. By mistake I downloaded twice the ccleaner, so I put one of the two copies of ccleaner on the recycling bin. $R3OBKCI.exe appeared afterwards. The path of the$R3OBKCI.exe file is c:\$RECYCLE.BIN\S-1-5-21-28636295-2780579325-3835481906-1001\$R3OBKCI.exe, but the file seems to disappear immediately after being downloaded, because when I search it in the computer (or the recycling bin) its’ gone

 

 

Aren't you, here, saying that you threw away one of the files? Did you, by chance, throw it away without first canceling the download and immediately (still without canceling the download) empty the recycle bin?If so, to postulate, it could be that norton detected the renaming of the file by windows when it was moved to the recycle bin at which point windows deleted it.

 

 

http://pcsupport.about.com/gi/o.htm?zi=1/XJ&zTi=1&sdn=pcsupport&cdn=compute&tm=6091&f=00&su=p284.13.342.ip_&tt=65&bt=5&bts=3&zu=http://www.piriform.com/ccleaner/builds

 

This seems (and most likely is) wrong. Just to be sure you are using the free version not the paid one correct?

 

Only the end part of the referer is correct and it almost seems as if you copied that link from within an about.com articleWhen you did click that link did you see

 

[piriformfriend]

It is possible that this is just what happened, since the $R3OBKCI.exe file according to Norton was downloaded from download.piriform.com/ccsetup416.exe, and when I clicked on the Norton tab related to $R3OBKCI.exe it redirected me to the recycle bin, to a copy of ccsetup416.exe (I don’t know if it was entire or partial though).

 

I wasn’t aware of windows renaming files in the recycle bin. Do you think this is what happened?

 

I downloaded the free copy of ccleaner. I didn’t see the security alert you mentioned when I clicked the link to download ccleaner.

 

Thank you for your help.

[Nergal]

Yes I think that's what happened

 

From future onward you can get ccleaner from

http://ccleaner.com/download which will redirect you to the piriform.com page for downloading the latest version

 

[piriformfriend]

Thanks again Nergal. I really appreciated your help.

[Nergal]