Jump to content
CCleaner Community Forums

Virus scanner reports false positive for CCleaner


Kenward

Recommended Posts

Earlier today, my Sophos anti virus software warned me that it had detected a virus in the "uninstall" bit of CCleaner.

 

I suspect a false positive, so I came here to see what is happening. I see a new version and try to download it, but Sophos tells me that it is infected.

 

Checking the archives here, I find an earlier hot tempered report of this behaviour that went round in circles and did not end up in a satisfactory resolution.

 

As I say, I suspect a false positive. These things happen, but not usually with Sophos, which is better than the usual cowboy stuff from Norton/Symantec. But I am not inclined to install something that is going to deliver these messages.

 

In this case, maybe a "bought in" component, the uninstaller, is responsible.

 

Here is the bit of the AV log that matters:

 

20061112 093251 Virus 'Troj/Zlob-VU' has been detected in "C:\Program Files\CCleaner\uninst.exe"

 

20061112 093251 Infected file "C:\Program Files\CCleaner\uninst.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\uninst.exe.000".

 

20061112 101711 Virus 'Troj/Zlob-VU' has been detected in "C:\Documents and Settings\{username}\Local Settings\Temp\vq4xpv7i.exe"

 

20061112 101711 Infected file "C:\Documents and Settings\{username}\Local Settings\Temp\vq4xpv7i.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\vq4xpv7i.exe.000".

 

The second half is the result of trying to download the latest version of CCleaner.

 

You might like to tell Sophos that you are good guys.

Link to post
Share on other sites

Similar thing happened to me this morning - but not during a download.

 

Sophos just reported this virus in c:\programfiles\ccleaner\uninst.exe troj/zlob-VU

 

I am running ccleaner 1.34.407 (downloaded a while back)

Sophos 6.0.5 last updated this morning.

 

I've never had A/V problems with the ccleaner before so I assume it is the latest Sophos update that has triggered a false positive.

Link to post
Share on other sites

Yes, its just false positive. MrG will have to contact sophos and have the issue fixed. Thanks for the information. :)

 

While it isn't good for you folks, for me at least it is a relief to know that I am not the only one in the same boat!

 

It is, of course, typical that this happened at the weekend!

Link to post
Share on other sites

While it isn't good for you folks, for me at least it is a relief to know that I am not the only one in the same boat!

 

It is, of course, typical that this happened at the weekend!

 

 

May have been fixed in a new Sophos update. It did not object to today's download.

Link to post
Share on other sites
  • 7 months later...
Great work reporting this to Sophos! :)

Hi i've had the same experience twice now and am using cox security suite which I think uses authentium for antivirus.

Hopefully you can e-mail them as well. Thank you for your time.

Link to post
Share on other sites

I have the latest NOD32 & CCleaner and have not had that problem,

You may want to submit a hijack this log in that section of the forum to be sure it wasn't some other hidden malware not just a false positive!

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...