Admin MrG Posted April 9, 2006 Admin Share Posted April 9, 2006 Hi all... There seems to be an unresolved problem with Kaspersky's antivirus tool, as it's still flagging CCleaner as "risk ware". There is of course no virus in CCleaner. It's calling it riskware as it's finding a Process Killing function in the installer, which is used to make sure CCleaner isn't running before copying the new version across. (This is a standard feature and is used by many application installers) So far Kaspersky have been unhelpful and have not said they are working to fix the problem. Even though it will reflect badly on both our products. In fact they're not even acknowledging it is a problem. Anyway... in summary it's a false positive detection so there's nothing to worry about. MrG (If you feel like contacting Kaspersky and letting them know about the "problem" then hopefully they'll get the message.) Piriform.com - [CCleaner - Defraggler - Recuva - Speccy] Link to comment Share on other sites More sharing options...
krit86lr Posted April 9, 2006 Share Posted April 9, 2006 Hey MrG. Thanks for the update. I am not worried about it, and I will be more than happy to contact Kaspersky myself if you think that it will help. I am curious about something though. I have installers other than CCleaner that contains a Process Killing function, and those installers weren't flagged. Why would the process killing function in CCleaner get flagged, and not the process killing function in other installers (such as DAF). I do not believe that CCleaner has a virus, but I would like to understand why CCleaner was the only flagged installer. Would that be a flaw with Kaspersky maybe? Thanks again, K Windows Pro Media 8.1 x64 | 8GB Ram | 500G HDD 7200 RPM | All that I know about my graphics is that it's Intel Link to comment Share on other sites More sharing options...
Admin MrG Posted April 10, 2006 Author Admin Share Posted April 10, 2006 Good point K, That's going to be an unknown that only Kaspersky can answer, as we don't know how their detection works. I'll try and run a few tests today. MrG Piriform.com - [CCleaner - Defraggler - Recuva - Speccy] Link to comment Share on other sites More sharing options...
BopperBugger Posted April 10, 2006 Share Posted April 10, 2006 It's caused by the Yahoo! Toolbar and tons of people know this. It's a pity that the developer of CCleaner knows that this is the cause but passes the blame onto another products installer. Studies have shown that anything with Yahoo! Toolbar shows up as riskware with multiple antivirus scanners. So why is the developer of CCleaner not addressing the issue that it is with CCleaners Yahoo! Toolbar and not with the installer? I would suspect greed and the desire for a fatter wallet. The time to boycott this software is now! Link to comment Share on other sites More sharing options...
DjLizard Posted April 10, 2006 Share Posted April 10, 2006 No it's not, you idiot, it's caused by pskill. ;D MrG: Start using Inno Setup. It is greater than all. (and written in Delphi ) Click here if CCleaner Issues are re-appearing DjLizard.net DjLizard.net wiki Dial-a-fix Dial-a-fix tips DjLizard.net software support forum Do you live in Bradenton, Sarasota, Tampa, or St. Petersburg, Florida? Visit Digital Doctors where I work Link to comment Share on other sites More sharing options...
krit86lr Posted April 10, 2006 Share Posted April 10, 2006 It's caused by the Yahoo! Toolbar and tons of people know this. It's a pity that the developer of CCleaner knows that this is the cause but passes the blame onto another products installer. Studies have shown that anything with Yahoo! Toolbar shows up as riskware with multiple antivirus scanners. So why is the developer of CCleaner not addressing the issue that it is with CCleaners Yahoo! Toolbar and not with the installer? I would suspect greed and the desire for a fatter wallet. The time to boycott this software is now! DjLizard is correct. It doesn't have anything to do with the toolbar. It's the process killer. Kaspersky forums & CCleaner Windows Pro Media 8.1 x64 | 8GB Ram | 500G HDD 7200 RPM | All that I know about my graphics is that it's Intel Link to comment Share on other sites More sharing options...
krit86lr Posted April 10, 2006 Share Posted April 10, 2006 FYI: Those of you who would like to confirm for yourselves that it isn't related to the Yahoo Toolbar can upload the builds that don't contain the yahoo toolbar to see the results for yourself. Windows Pro Media 8.1 x64 | 8GB Ram | 500G HDD 7200 RPM | All that I know about my graphics is that it's Intel Link to comment Share on other sites More sharing options...
Moderators Andavari Posted April 10, 2006 Moderators Share Posted April 10, 2006 At Jotti it's only KAV that is producing the false positive with CCleaner Slim 'ccsetup128_slim.exe': Kaspersky Anti-Virus Found not-a-virus:RiskTool.Win32.PsKill.n Being labeled a "risktool" DOES NOT equal a virulent. I've seen multiple av's for years flag my batch files to no end when in fact I knew it was all bulls**t, but at least that was just isolated to my system and my eyes, and not the type of crap KAV is going to cause. I'd suggest MrG make a sticky in the forums about this bulls**t in a post that can't have any comments added to it, and place an announcement on the main CCleaner homepage to try and negate Kaspersky's bulls**t. If we had a sticky all the bulls**t questions that will probably arise can be sent to one thread with an official announcement without any need for us to explain. In essence fight back via what you already have; a vast user-base, a forum and the CCleaner homepage, hell even put something in the setup dialog that reads "This software was scanned with <insert virus scanner name> before being published to the web, you are receiving a clean file... blah blah blah." Link to comment Share on other sites More sharing options...
lokoike Posted April 10, 2006 Share Posted April 10, 2006 ...hell even put something in the setup dialog that reads "This software was scanned with <insert virus scanner name> before being published to the web, you are receiving a clean file... blah blah blah." I agree. I think both the installer packages and the websites they are obtained from should contain a message stating that Kaspersky's warnings are erroneous, and maybe even suggest that an alternative antivirus is used until this problem is fixed. If KAV's makers realize that people are foregoing their product due to a bug, maybe then they'll start considering paying attention to other software makers, such as MrG. @ DjLizard: I have a stupid question: can you make a Delphi installer for a VB program, or did you mean rewrite CCleaner in Delphi as well? I haven't extensively programmed in VB, and I've never touched Delphi, so I'm pretty much a coding n00b. Save a tree, eat a beaver. Save a tree, wipe with an owl. Every time a bell rings, a thread gets hijacked! ding, ding! Give Andavari lots of money and maybe even consider getting K a DVD-RW drive. If it's not Scottish, IT'S CRAP!!! Link to comment Share on other sites More sharing options...
Moderators Andavari Posted April 10, 2006 Moderators Share Posted April 10, 2006 If KAV's makers realize that people are foregoing their product due to a bug, maybe then they'll start considering paying attention to other software makers, such as MrG. Commercial software developers don't give a hoot about freeware, or open-source developers. That's just my opinion. Link to comment Share on other sites More sharing options...
DjLizard Posted April 10, 2006 Share Posted April 10, 2006 @ DjLizard: I have a stupid question: can you make a Delphi installer for a VB program, or did you mean rewrite CCleaner in Delphi as well? I haven't extensively programmed in VB, and I've never touched Delphi, so I'm pretty much a coding n00b. You can make any kind of installer you like... as long as the program unpacks the files, places them in the proper folder as specified by the user, and registers the OCXs and whatnot that the program uses. You could make the installer in whatever language; that part doesn't matter. It just happens that Inno Setup, my favorite installer/packaging program, is written in Delphi, and as such, is highly extensible (you can write Pascal script inside of Inno Setup to automate your tasks, or create functions that don't even exist in Inno Setup). MrG could just as easily continue using his current installer, but have it run a small custom program that uses the Win32 API to kill off the processes, instead of the well-known "risk tool" pskill. Inno Setup may even provide a process termination function (I haven't checked) or allow you to write one. I use the TerminateProcess API to kill off processes in Dial-a-fix, and DAF has never been flagged by anything jotti uses (I re-tested it just last week - no positives). Here's a TerminateProcess stub for VB. Even HP uses tools in system preparation that are flagged by anti-virus vendors as "risk tools", just because they manipulate window handles. One such example is the program in C:\hp\bin\ called fondlewindow or something like that. I see it a lot on older HP computers running XP. It's part of their system preparation/configuration software. Click here if CCleaner Issues are re-appearing DjLizard.net DjLizard.net wiki Dial-a-fix Dial-a-fix tips DjLizard.net software support forum Do you live in Bradenton, Sarasota, Tampa, or St. Petersburg, Florida? Visit Digital Doctors where I work Link to comment Share on other sites More sharing options...
lokoike Posted April 11, 2006 Share Posted April 11, 2006 You can make any kind of installer you like... as long as the program unpacks the files, places them in the proper folder as specified by the user, and registers the OCXs and whatnot that the program uses. You could make the installer in whatever language; that part doesn't matter. Great! Thanks for all the info. Now I can go to bed a much wiser lokoike. Save a tree, eat a beaver. Save a tree, wipe with an owl. Every time a bell rings, a thread gets hijacked! ding, ding! Give Andavari lots of money and maybe even consider getting K a DVD-RW drive. If it's not Scottish, IT'S CRAP!!! Link to comment Share on other sites More sharing options...
@rb Posted April 25, 2006 Share Posted April 25, 2006 It's caused by the Yahoo! Toolbar and tons of people know this. It's a pity that the developer of CCleaner knows that this is the cause but passes the blame onto another products installer. Studies have shown that anything with Yahoo! Toolbar shows up as riskware with multiple antivirus scanners. So why is the developer of CCleaner not addressing the issue that it is with CCleaners Yahoo! Toolbar and not with the installer? I would suspect greed and the desire for a fatter wallet. The time to boycott this software is now! I doubt it because I made sure not to install the Yahoo toolbar but I still got the KAV warning. Link to comment Share on other sites More sharing options...
avguser Posted April 26, 2006 Share Posted April 26, 2006 Hello, You all might to look at this thread about this problem!! As you will see I have already contacted Kaspersky about this problem and there you can also see the reply they sent me. The link is below http://forum.ccleaner.com/index.php?act=ST...st=0#entry36729 I have pasted my reply below!! Hello, Every week I run an online scanner with Kaspersky and Pandasoftware and expected the usual cookies as usual. But today, I had a shock to find that the Kaspersky online scanner, for the first time ever, detected both CCLEANER 126 and 127 as RiskTool.Win32.PsKill.n I also uploaded it to http://virusscan.jotti.org and www.virustotal.com both of which said that Kaspersky detected this thing!!! I sent an email this morning to Kaspersky and here is their reply: ***************************************************************************************** Hello! This is not a false alarm. This file is detected as not-a-virus:RiskTool.Win32.PsKill.n because it may be used by viruses for malicious purposes. It is legal software, but potential danger present anyway. Such files are detected by extended databases set only. You can switch off extended databases set from your antivirus bases. In this case, software like this, will be not detected in future. Sincerely yours, Pavel Zelensky Virus analyst Kaspersky Lab Ltd Moscow, Russia Tel/Fax: +7 (095) 797-8700 E-mail: newvirus@kaspersky.com Internet: http://www.kaspersky.com, http://www.viruslist.com ***************************************************************************************** I hope this puts light on this subject!!! And also why is this in CCLEANER anyway? Link to comment Share on other sites More sharing options...
Lost1 Posted April 28, 2006 Share Posted April 28, 2006 Why would some one place *.ware in there apps as they know they will be busted by this forum? Is it a comp to outwit each other ? Im not sure what to use now with all the paranoids....Ill still use crap as long as its safe Link to comment Share on other sites More sharing options...
Moderators rridgely Posted April 29, 2006 Moderators Share Posted April 29, 2006 Ugh.. I don't get why people can't grasp the concept that ccleaner IS NOT in any way infected with any kind of virus/malware. Link to comment Share on other sites More sharing options...
Lost1 Posted April 29, 2006 Share Posted April 29, 2006 I agree...if it was infected .....people on this forum would find it......it.would be moronic.. Cheers rridgely Link to comment Share on other sites More sharing options...
Recommended Posts