piriformfriend Posted August 8, 2014 Share Posted August 8, 2014 I recently downloaded ccleaner and selected the automatic update option. I noticed that soon after the installation of ccleaner another file was downloaded to my computer, called $R3OBKCI.exe. Is this a legitimate piriform file that updates ccleaner or is it some kind of malware or virus that I should be concerned about? Thank you very much in advance for your help. Link to comment Share on other sites More sharing options...
Winapp2.ini Posted August 8, 2014 Share Posted August 8, 2014 How did you see $R3OBKCI? It looks like a recycle bin file name, but otherwise files prefixed with $ shouldn't be visible under normal conditions. Either way, this is definitely not a CCleaner related file. winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
Moderators Nergal Posted August 8, 2014 Moderators Share Posted August 8, 2014 From where did you download Ccleaner? But as winapp says only recycle bin files should have that name. Can you upload it to virustotal ( https://www.virustotal.com/ ) ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
piriformfriend Posted August 8, 2014 Author Share Posted August 8, 2014 I have Norton Internet Security, which keeps a record of the files downloaded to my computer. This one, $R3OBKCI.exe, appears to have downloaded after I downloaded ccleaner. By mistake I downloaded twice the ccleaner, so I put one of the two copies of ccleaner on the recycling bin. $R3OBKCI.exe appeared afterwards. The path of the$R3OBKCI.exe file is c:\$RECYCLE.BIN\S-1-5-21-28636295-2780579325-3835481906-1001\$R3OBKCI.exe, but the file seems to disappear immediately after being downloaded, because when I search it in the computer (or the recycling bin) its’ gone (so I can’t test it in https://www.virustotal.com/) This (I believe) is the url where I downloaded ccleaner from: http://pcsupport.about.com/gi/o.htm?zi=1/XJ&zTi=1&sdn=pcsupport&cdn=compute&tm=6091&f=00&su=p284.13.342.ip_&tt=65&bt=5&bts=3&zu=http%3A//www.piriform.com/ccleaner/builds When I compare the ccleaner downloaded from this url to the ccleaner file downloaded from piriform.com, they are exactly the same size (down to the bytes), same dates, and same identical Digital Signature information. I have also run Malwarebytes and Norton Internet Security, without finding any threat. I am at truly at a loss about this file and would welcome any comment. Thank you. Link to comment Share on other sites More sharing options...
piriformfriend Posted August 8, 2014 Author Share Posted August 8, 2014 I forgot to mention that I also checked this options in Ccleaner: Add “Run Ccleaner” option to recycle bin context menu Add “Open Ccleaner” option to recycle bin context menu Link to comment Share on other sites More sharing options...
Moderators Nergal Posted August 8, 2014 Moderators Share Posted August 8, 2014 I have Norton Internet Security, which keeps a record of the files downloaded to my computer. This one, $R3OBKCI.exe, appears to have downloaded after I downloaded ccleaner. By mistake I downloaded twice the ccleaner, so I put one of the two copies of ccleaner on the recycling bin. $R3OBKCI.exe appeared afterwards. The path of the$R3OBKCI.exe file is c:\$RECYCLE.BIN\S-1-5-21-28636295-2780579325-3835481906-1001\$R3OBKCI.exe, but the file seems to disappear immediately after being downloaded, because when I search it in the computer (or the recycling bin) its’ gone Aren't you, here, saying that you threw away one of the files? Did you, by chance, throw it away without first canceling the download and immediately (still without canceling the download) empty the recycle bin?If so, to postulate, it could be that norton detected the renaming of the file by windows when it was moved to the recycle bin at which point windows deleted it. http://pcsupport.about.com/gi/o.htm?zi=1/XJ&zTi=1&sdn=pcsupport&cdn=compute&tm=6091&f=00&su=p284.13.342.ip_&tt=65&bt=5&bts=3&zu=http://www.piriform.com/ccleaner/builds This seems (and most likely is) wrong. Just to be sure you are using the free version not the paid one correct? Only the end part of the referer is correct and it almost seems as if you copied that link from within an about.com articleWhen you did click that link did you see ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
piriformfriend Posted August 9, 2014 Author Share Posted August 9, 2014 It is possible that this is just what happened, since the $R3OBKCI.exe file according to Norton was downloaded from download.piriform.com/ccsetup416.exe, and when I clicked on the Norton tab related to $R3OBKCI.exe it redirected me to the recycle bin, to a copy of ccsetup416.exe (I don’t know if it was entire or partial though). I wasn’t aware of windows renaming files in the recycle bin. Do you think this is what happened? I downloaded the free copy of ccleaner. I didn’t see the security alert you mentioned when I clicked the link to download ccleaner. Thank you for your help. Link to comment Share on other sites More sharing options...
Moderators Nergal Posted August 9, 2014 Moderators Share Posted August 9, 2014 Yes I think that's what happened From future onward you can get ccleaner from http://ccleaner.com/download which will redirect you to the piriform.com page for downloading the latest version ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
piriformfriend Posted August 10, 2014 Author Share Posted August 10, 2014 Thanks again Nergal. I really appreciated your help. Link to comment Share on other sites More sharing options...
Moderators Nergal Posted August 10, 2014 Moderators Share Posted August 10, 2014 ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now