Jump to content

Virus alert with CCcleaner files


gagelle

Recommended Posts

My Kaspersky anti-virus picked up a trojan downloader file win32.zlob.kz in several CCcleaner files including ccsetup133.exe and uninst.exe. I had Kaspersky delete these files. Does anyone know if this is a false alarm? When I go on the CCcleaner web site and try to download the program again, I get an alert that the installation program is infected with this same trojan.

Link to comment
Share on other sites

Hi and welcome. :)

 

It's either a false positive or ALL of us are now infected... LOL!

 

... just kidding of course, and I'm unable to duplicate that. I just downloaded the latest version from here:

 

http://www.ccleaner.com/download/

 

I uploaded the installer to be tested at http://www.virustotal.com/flash/index_en.html , a site which uses a number of different AVs, including Kaspersky, to scan a file, and the results were negative, as is to be expected.

 

Not sure what exactly it was you downloaded, or where you found it...

Link to comment
Share on other sites

  • Moderators

Kaspersky has detected CCleaner before and it's always been a false positive, so this info really isn't anything new. And the last time something was detected called "Not-A-Virus" I think they refused to remove it from their detection.

Link to comment
Share on other sites

Hi,

I'm new to this forum. I've come here because I have the same problem as stated above. Only that as of now, I still haven't decided who to trust, Kaspersky or CCleaner? I have been using both programs for a while now, and they have both always performed very well. Now Kaspersky is telling me to delete Ccleaner, or at least the uninstall.exe file. Any opinions? (I've attached a screenshot, if you'd like to see it)

 

THANKS!

 

post-7031-1158695492_thumb.jpg

 

Ooops, I guess you guys already posted your opinion while I was typing and taking screenshots...

post-7031-1158695492_thumb.jpg

Link to comment
Share on other sites

Well, I'm still unable to duplicate it using the VT scan. Possibly the online scanner isn't using the Extended Virus databases...

 

Will try http://virusscan.jotti.org/ now...

 

Now Kaspersky is telling me to delete Ccleaner, or at least the uninstall.exe file. Any opinions?

 

 

I'll post in the specialized forum in question, where it should be noticed by someone from KAV.

 

But feel free to contact them yourselves as well. It can only be a FP...

 

 

....

 

 

Well, still unable to duplicate it using either Jotti's or Kaspersky's own online scan:

 

http://www.kaspersky.com/remoteviruschk

 

It didn't object to my uninst.exe either...

 

FP Submitted at the board.

Link to comment
Share on other sites

Thank You everone. I think I'll have to reinstall Ccleaner because I used "Your Uninstaller!" to remove the CCleaner registry entries and then manually deleted the rest of the files. I guess I overreacted because I thought other parts of the program might be infected.

Link to comment
Share on other sites

I too am getting a virus message on the Uninst.ext file (win32/zlob.oa). I am using F-Prot. This started showing up about a week ago.

 

 

OK, so please report the False Positive to F-Prot so they can correct this... I'll report it myself as well.

 

 

...

 

 

done! :)

Link to comment
Share on other sites

  • 1 year later...

Hey Gang -

 

I have been using CCleaner for a couple of years now and recently updated the client to the most current version. Minutes after installing the new version and running it for the first time, I got the attached McAfee VirusScan Alert. This has never happened before, for me. I have ran everything I can think of and nothing indicates a virus. Suggestions?

VIR.doc

McAfee_VirusScan_Version.doc

VIR.doc

McAfee_VirusScan_Version.doc

Link to comment
Share on other sites

This appears to be McAfee detecting cidaemon.exe as a trojan. This file is not CCleaner related, but, if legitimate, part of Windows, and co-responsible for the Indexing Service

 

Sounds like a coincidence, and possibly a McAfee False Positive.

 

Does the log tell you were the file was originally located? The legitimate one is to be found in your Windows\System32 folder.

 

I'm not familiar with McAfee, but if possible, restore the file from Quarantine, disable McAfee's resident detection, and upload the file at http://www.virustotal.com/ to be scanned. That will give you a host of "second opinions."

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.