Jump to content
CCleaner Community Forums

Rootkit Or Virus affecting CCleaner? Any known?

Recommended Posts

Hi, new poster here in CCleaner's Forum...


BTW, Thank you to the makers of CCleaner...Your Program is the best and I (and my many, many of my customers), use it many times daily!


I have a customer's multiple user family box that was infected bigtime. They let the AV lapse for a year and 5 months (138 viruses & trojans, thousands of spyware items removed and I broke out the cat-o-nine-tails already, lol)...Husband surfs porn sites, daughter is a big Sims item downloader among many other games).


The box shows clean using 2 different on machine AV's (installed separately of course..AVG Free is now the installed AV of choice), and 5 different AV online scans, multiple Anti-trojan scanners and 5-6 Anti-Spyware tools. This is a Dual Booting XP Pro SP2 and Win98SE box. 3 users on the XP Pro SP2 side. 1 user on the Win98SE side for older game app's. that XP doesn't play well with.


The Problem;


This is the only machine I have ever seen that CCleaner will not work on in the "Issues Cleanup" portion (reports the same issues for each user profile over & over no matter what I cleanup and it flat won't remove some Reg. keys...I can't even reg edit them out manually). It reports a different set of issues for each user including when run in Safe Mode. Sometimes it reports more or fewer issues in each profile/user after a restart, but usually the same ones are also included. Something has the latest issue of CCleaner really whacked out on this particular machine. I have never seen this great tool added to my arsenal over a year ago act this way...I have even uninstalled CCleaner and cleaned up the registry w/ Norton's Win Dr. then re-installed CCleaner's latest issue, w/the same result.


The Question;


Is/are there any known Viruses, Trojans, or Stealth Root Kits known to cause this type of behavior? (Maybe I and all the AV/Anti-Spyware tools, missed something?)


I would understand if you would not want that info posted in the forum at this time...But if there are any known issues of this kind and a solution short of a full re-format are known please e-mail me the solution. I'd rather not reformat the machine, but I NEED to get CCleaner working on this particular box. I can provide logs if necessary to support, just tell me what info you need, the box is only 4 doors away from my shop. Any and all help would be fully appreciated in response.


Thank's again to the makers of CCleaner! It replaced 3-4 tools in my toolbox.



Link to post
Share on other sites

See my signature for what to do when issues reappear. Viruses commonly restrict permissions in the registry (especially HKCR), and my Repair permissions tool in Dial-a-fix can fix it.



TY DjLizard...All or most of them are HKCR entries, that I do know. I fully appreciate the help, I'll tell you how it goes in a couple of days. BTW, after a quick scan over of the tools and tips on DAF...All I can say is "Nice Tool Bro!"


Thanks Again.




On second thought...After reading these; I have a question....System OS; XP Pro SP2 (Do I need the Light or Medium DAF?) One says XP Pro needs Light, the other says to "Re-set Permissions" use the Medium...?



Q: The same items keep immediately re-appearing in subsequent Issues scans in CCleaner after attempting to remove them, what should I do?


A: Run the Repair Permissions tool in Dial-a-fix. This will fix it 90% of the time. If you are unable to run this tool, try it in "Safe mode with command prompt". The Repair Permissions tool is included in the Medium and Full versions of Dial-a-fix. If you are just here to repair this particular CCleaner problem, get the Medium version. Once you extract it, double click on Dial-a-fix.exe, click Tools, click Repair Permissions, and click GO. After the permissions repair completes, run a new issues scan in CCleaner -- do not remove the objects found by the scan that was performed before the permissions repair tool was run.


If CCleaner finds its own COM objects, such as CCListView, CCListBar, CCTab, etc, then the same answer also applies."




"Medium version

The medium version of Dial-a-fix contains the secedit package so that you can use the permissions repair tool in Windows XP Home. Windows XP Professional and Windows 2000 Professional do not need this version of Dial-a-fix to be able to perform permissions repair. Those systems may instead use the Light version of Dial-a-fix."


Link to post
Share on other sites

Not likely a rootkit that prevent CCleaner from working. More likely situation FUBAR.


If it is really bad, then it might be worth it to format the disk and do a complete reinstall.

Link to post
Share on other sites
  • Moderators

If it is really bad, then it might be worth it to format the disk and do a complete reinstall.


Many times that's the only fix, and is less of a headache versus doing some massive disinfection that isn't always 100% corrective.

Link to post
Share on other sites

Many times that's the only fix, and is less of a headache versus doing some massive disinfection that isn't always 100% corrective.



Link to post
Share on other sites
  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...