GoodDog Posted April 5, 2006 Share Posted April 5, 2006 Kaspersky (Personal Edition Pro v5.0.391 with database of 05-apr-2006) recently markes CCleaner v1.28.277 as "riskware-not a virus". Can some developer of this fine product explain me why Ccleaner is capable of being a risk? I did not have this report with previous versions of Ccleaner btw. Link to comment Share on other sites More sharing options...
Moderators rridgely Posted April 5, 2006 Moderators Share Posted April 5, 2006 Its just a false positive. Some other AV's were detecting ccleaner before and all the companies just need to be notified. Thanks for the heads up. Link to comment Share on other sites More sharing options...
Admin MrG Posted April 5, 2006 Admin Share Posted April 5, 2006 Thanks for the info. I'll contact them. Piriform.com - [CCleaner - Defraggler - Recuva - Speccy] Link to comment Share on other sites More sharing options...
avguser Posted April 5, 2006 Share Posted April 5, 2006 Its just a false positive. Some other AV's were detecting ccleaner before and all the companies just need to be notified. Thanks for the heads up. Hello, Every week I run an online scanner with Kaspersky and Pandasoftware and expected the usual cookies as usual. But today, I had a shock to find that the Kaspersky online scanner, for the first time ever, detected both CCLEANER 126 and 127 as RiskTool.Win32.PsKill.n I also uploaded it to http://virusscan.jotti.org and www.virustotal.com both of which said that Kaspersky detected this thing!!! I sent an email this morning to Kaspersky and here is their reply: Hello! This is not a false alarm. This file is detected as not-a-virus:RiskTool.Win32.PsKill.n because it may be used by viruses for malicious purposes. It is legal software, but potential danger present anyway. Such files are detected by extended databases set only. You can switch off extended databases set from your antivirus bases. In this case, software like this, will be not detected in future. Sincerely yours, Pavel Zelensky Virus analyst Kaspersky Lab Ltd Moscow, Russia Tel/Fax: +7 (095) 797-8700 E-mail: newvirus@kaspersky.com Internet: http://www.kaspersky.com, http://www.viruslist.com I hope this puts light on this subject!!! And also why is this in CCLEANER anyway? Link to comment Share on other sites More sharing options...
DjLizard Posted April 5, 2006 Share Posted April 5, 2006 The installer, or ccleaner.exe itself? The installer kills off any copies of CCleaner currently running before it installs... if that's being flagged as not-a-virus, then Kaspersky needs to get a clue. Flagging the process killing API is pretty stupid... might as well flag the ShellExecuteEx API as well, since it can lead to code execution! oh noes... I decided to send an uncompressed Dial-a-fix.exe through virusscan.jotti.org to see if DAF's process kill function (which is used to stop copies of winmgmt.exe, helphost.exe, and stuff like that, while doing repairs to WBEM and the Help and Support service) was detected as "not-a-virus" and it wasn't flagged. Damn. Click here if CCleaner Issues are re-appearing DjLizard.net DjLizard.net wiki Dial-a-fix Dial-a-fix tips DjLizard.net software support forum Do you live in Bradenton, Sarasota, Tampa, or St. Petersburg, Florida? Visit Digital Doctors where I work Link to comment Share on other sites More sharing options...
avguser Posted April 26, 2006 Share Posted April 26, 2006 The installer, or ccleaner.exe itself? The installer kills off any copies of CCleaner currently running before it installs... if that's being flagged as not-a-virus, then Kaspersky needs to get a clue. Flagging the process killing API is pretty stupid... might as well flag the ShellExecuteEx API as well, since it can lead to code execution! oh noes... I decided to send an uncompressed Dial-a-fix.exe through virusscan.jotti.org to see if DAF's process kill function (which is used to stop copies of winmgmt.exe, helphost.exe, and stuff like that, while doing repairs to WBEM and the Help and Support service) was detected as "not-a-virus" and it wasn't flagged. Damn. You might like to try this scanner www.virustotal.com It's just like virusscan.jotti.org but there they scan with 24 scanners not 15 but the limit to send them is 10MB unlike the 15MB with jotti. Link to comment Share on other sites More sharing options...
TheTOM_SK Posted April 28, 2006 Share Posted April 28, 2006 Russians companies provide the best security products, so I believe them, when they claim, that it is dangerous. Will be CCleaner setup fixed sometimes? I tried to put CCleaner setup to rar, even rars to rar, it did not help. When I put it to 7-zip, KAV did not detected it, so maybe malicious code will not detect it neither? I consider CCleaner as the best free security product, because it helps in prevention, which is more important than cleaning with AV, so this situation makes me sad. Link to comment Share on other sites More sharing options...
Moderators rridgely Posted April 28, 2006 Moderators Share Posted April 28, 2006 Russians companies provide the best security products, so I believe them, when they claim, that it is dangerous. Will be CCleaner setup fixed sometimes? I tried to put CCleaner setup to rar, even rars to rar, it did not help. When I put it to 7-zip, KAV did not detected it, so maybe malicious code will not detect it neither? I consider CCleaner as the best free security product, because it helps in prevention, which is more important than cleaning with AV, so this situation makes me sad. No, its a mistake. There is no malware in ccleaner. Why would zipping it in a different format matter anyway? It still does the same thing when executed. Also ccleaner isnt a "security" program. It does erase online data that clogs up your computer but it does absolutely nothing to prevent infection(unless you consider cookies an infection). CCleaner is meant to clean up junk off your computer. Nothing more nothing less. Link to comment Share on other sites More sharing options...
krit86lr Posted April 29, 2006 Share Posted April 29, 2006 All that the Kaspersky scanner is doing is WARNING the user that there is a process killer. Therefore, if it isn't a trusted program the user can make an educated decision about whether or not to keep the application. Kaspersky does not report any malware or virus. The process killer is there to kill any running processes of CCleaner during installation. Nothing more. I hope that this helps clear things up. Windows Pro Media 8.1 x64 | 8GB Ram | 500G HDD 7200 RPM | All that I know about my graphics is that it's Intel Link to comment Share on other sites More sharing options...
JoaoVr Posted May 2, 2006 Share Posted May 2, 2006 Same Thing Here: Link to comment Share on other sites More sharing options...
krit86lr Posted May 2, 2006 Share Posted May 2, 2006 Okay. This is getting redundant. Kaspersky WILL label CC as a non-virus risk tool. But it's not a risk because we know that it can be trusted. All that the Kaspersky scanner is doing is WARNING the user that there is a process killer. Therefore, if it isn't a trusted program the user can make an educated decision about whether or not to keep the application. Kaspersky does not report any malware or virus. The process killer is there to kill any running processes of CCleaner during installation. Nothing more. Windows Pro Media 8.1 x64 | 8GB Ram | 500G HDD 7200 RPM | All that I know about my graphics is that it's Intel Link to comment Share on other sites More sharing options...
Moderators Andavari Posted May 2, 2006 Moderators Share Posted May 2, 2006 Indeed it is now redundant. Time to have the thread locked! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now