gagelle Posted September 19, 2006 Share Posted September 19, 2006 My Kaspersky anti-virus picked up a trojan downloader file win32.zlob.kz in several CCcleaner files including ccsetup133.exe and uninst.exe. I had Kaspersky delete these files. Does anyone know if this is a false alarm? When I go on the CCcleaner web site and try to download the program again, I get an alert that the installation program is infected with this same trojan. Link to comment Share on other sites More sharing options...
Eldmannen Posted September 19, 2006 Share Posted September 19, 2006 Could be a false positive. You can upload the file to an online scanner. http://forum.ccleaner.com/index.php?showtopic=5496 Link to comment Share on other sites More sharing options...
TonyKlein Posted September 19, 2006 Share Posted September 19, 2006 Hi and welcome. It's either a false positive or ALL of us are now infected... LOL! ... just kidding of course, and I'm unable to duplicate that. I just downloaded the latest version from here: http://www.ccleaner.com/download/ I uploaded the installer to be tested at http://www.virustotal.com/flash/index_en.html , a site which uses a number of different AVs, including Kaspersky, to scan a file, and the results were negative, as is to be expected. Not sure what exactly it was you downloaded, or where you found it... Tony CLSID List - A Collection of Autostart Locations Link to comment Share on other sites More sharing options...
Tsumana Posted September 19, 2006 Share Posted September 19, 2006 The same thing happened to me in the past half hour or so, I use Kaspersky and I downloaded CCleaner from the 'Alternative Download' page. All the online scanners I checked told me it was fine so I think must just be Kaspersky. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted September 19, 2006 Moderators Share Posted September 19, 2006 Kaspersky has detected CCleaner before and it's always been a false positive, so this info really isn't anything new. And the last time something was detected called "Not-A-Virus" I think they refused to remove it from their detection. Link to comment Share on other sites More sharing options...
TonyKlein Posted September 19, 2006 Share Posted September 19, 2006 OK, I downloaded a copy from the Alternative download page and will try to duplicate that. If so I'll submit the FP in a specialized forum where it ought toi be noticed by the right folks. Tony CLSID List - A Collection of Autostart Locations Link to comment Share on other sites More sharing options...
qurks Posted September 19, 2006 Share Posted September 19, 2006 Hi, I'm new to this forum. I've come here because I have the same problem as stated above. Only that as of now, I still haven't decided who to trust, Kaspersky or CCleaner? I have been using both programs for a while now, and they have both always performed very well. Now Kaspersky is telling me to delete Ccleaner, or at least the uninstall.exe file. Any opinions? (I've attached a screenshot, if you'd like to see it) THANKS! Ooops, I guess you guys already posted your opinion while I was typing and taking screenshots... Link to comment Share on other sites More sharing options...
TonyKlein Posted September 19, 2006 Share Posted September 19, 2006 Well, I'm still unable to duplicate it using the VT scan. Possibly the online scanner isn't using the Extended Virus databases... Will try http://virusscan.jotti.org/ now... Now Kaspersky is telling me to delete Ccleaner, or at least the uninstall.exe file. Any opinions? I'll post in the specialized forum in question, where it should be noticed by someone from KAV. But feel free to contact them yourselves as well. It can only be a FP... .... Well, still unable to duplicate it using either Jotti's or Kaspersky's own online scan: http://www.kaspersky.com/remoteviruschk It didn't object to my uninst.exe either... FP Submitted at the board. Tony CLSID List - A Collection of Autostart Locations Link to comment Share on other sites More sharing options...
qurks Posted September 19, 2006 Share Posted September 19, 2006 But feel free to contact them yourselves as well. It can only be a FP... I've sent them an email. Thanks for your help. Link to comment Share on other sites More sharing options...
TonyKlein Posted September 19, 2006 Share Posted September 19, 2006 Allrighty, I just read it should be fixed in the next update: http://forum.kaspersky.com/index.php?showtopic=21876 Tony CLSID List - A Collection of Autostart Locations Link to comment Share on other sites More sharing options...
Admin MrG Posted September 19, 2006 Admin Share Posted September 19, 2006 Don't worry it's just another false positive. I think Kaspersky need to improve their QA a little bit. I'll put a note on the homepage to let people know. MrG Piriform.com - [CCleaner - Defraggler - Recuva - Speccy] Link to comment Share on other sites More sharing options...
qurks Posted September 19, 2006 Share Posted September 19, 2006 I have just updated Kaspersky and scanned the whole CCleaner directory again. No problems reported. Everything's solved. thanks. Link to comment Share on other sites More sharing options...
TonyKlein Posted September 19, 2006 Share Posted September 19, 2006 That's good to hear, thanks for the heads up. Tony CLSID List - A Collection of Autostart Locations Link to comment Share on other sites More sharing options...
Admin MrG Posted September 19, 2006 Admin Share Posted September 19, 2006 I have just updated Kaspersky and scanned the whole CCleaner directory again. No problems reported. Everything's solved. thanks. Great thanks! Piriform.com - [CCleaner - Defraggler - Recuva - Speccy] Link to comment Share on other sites More sharing options...
gagelle Posted September 19, 2006 Author Share Posted September 19, 2006 Thank You everone. I think I'll have to reinstall Ccleaner because I used "Your Uninstaller!" to remove the CCleaner registry entries and then manually deleted the rest of the files. I guess I overreacted because I thought other parts of the program might be infected. Link to comment Share on other sites More sharing options...
jebwhs87 Posted September 21, 2006 Share Posted September 21, 2006 I too am getting a virus message on the Uninst.ext file (win32/zlob.oa). I am using F-Prot. This started showing up about a week ago. Link to comment Share on other sites More sharing options...
Eldmannen Posted September 21, 2006 Share Posted September 21, 2006 This is why CCleaner should have file hashes on the website. Link to comment Share on other sites More sharing options...
TonyKlein Posted September 22, 2006 Share Posted September 22, 2006 I too am getting a virus message on the Uninst.ext file (win32/zlob.oa). I am using F-Prot. This started showing up about a week ago. OK, so please report the False Positive to F-Prot so they can correct this... I'll report it myself as well. ... done! Tony CLSID List - A Collection of Autostart Locations Link to comment Share on other sites More sharing options...
TonyKlein Posted September 22, 2006 Share Posted September 22, 2006 OK, according to Frisk/F-Prot's Mike: That was fixed already - they should update... So there ya go... Tony CLSID List - A Collection of Autostart Locations Link to comment Share on other sites More sharing options...
DEWOPA Posted October 8, 2007 Share Posted October 8, 2007 Hey Gang - I have been using CCleaner for a couple of years now and recently updated the client to the most current version. Minutes after installing the new version and running it for the first time, I got the attached McAfee VirusScan Alert. This has never happened before, for me. I have ran everything I can think of and nothing indicates a virus. Suggestions? VIR.doc McAfee_VirusScan_Version.doc VIR.doc McAfee_VirusScan_Version.doc Link to comment Share on other sites More sharing options...
TonyKlein Posted October 8, 2007 Share Posted October 8, 2007 This appears to be McAfee detecting cidaemon.exe as a trojan. This file is not CCleaner related, but, if legitimate, part of Windows, and co-responsible for the Indexing Service Sounds like a coincidence, and possibly a McAfee False Positive. Does the log tell you were the file was originally located? The legitimate one is to be found in your Windows\System32 folder. I'm not familiar with McAfee, but if possible, restore the file from Quarantine, disable McAfee's resident detection, and upload the file at http://www.virustotal.com/ to be scanned. That will give you a host of "second opinions." Tony CLSID List - A Collection of Autostart Locations Link to comment Share on other sites More sharing options...
Recommended Posts