Jump to content

Virus scanner reports false positive for CCleaner

Kenward

By Kenward
in CCleaner

 Share

Recommended Posts

Kenward

Kenward

Posted
Posted

Earlier today, my Sophos anti virus software warned me that it had detected a virus in the "uninstall" bit of CCleaner.

 

I suspect a false positive, so I came here to see what is happening. I see a new version and try to download it, but Sophos tells me that it is infected.

 

Checking the archives here, I find an earlier hot tempered report of this behaviour that went round in circles and did not end up in a satisfactory resolution.

 

As I say, I suspect a false positive. These things happen, but not usually with Sophos, which is better than the usual cowboy stuff from Norton/Symantec. But I am not inclined to install something that is going to deliver these messages.

 

In this case, maybe a "bought in" component, the uninstaller, is responsible.

 

Here is the bit of the AV log that matters:

 

20061112 093251 Virus 'Troj/Zlob-VU' has been detected in "C:\Program Files\CCleaner\uninst.exe"

 

20061112 093251 Infected file "C:\Program Files\CCleaner\uninst.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\uninst.exe.000".

 

20061112 101711 Virus 'Troj/Zlob-VU' has been detected in "C:\Documents and Settings\{username}\Local Settings\Temp\vq4xpv7i.exe"

 

20061112 101711 Infected file "C:\Documents and Settings\{username}\Local Settings\Temp\vq4xpv7i.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\vq4xpv7i.exe.000".

 

The second half is the result of trying to download the latest version of CCleaner.

 

You might like to tell Sophos that you are good guys.

Link to comment
Share on other sites
jgjgjg

jgjgjg

Posted
Posted

Similar thing happened to me this morning - but not during a download.

 

Sophos just reported this virus in c:\programfiles\ccleaner\uninst.exe troj/zlob-VU

 

I am running ccleaner 1.34.407 (downloaded a while back)

Sophos 6.0.5 last updated this morning.

 

I've never had A/V problems with the ccleaner before so I assume it is the latest Sophos update that has triggered a false positive.

Link to comment
Share on other sites
Kenward

Kenward

Posted
  • Author
Posted

Yes, its just false positive. MrG will have to contact sophos and have the issue fixed. Thanks for the information. :)

 

While it isn't good for you folks, for me at least it is a relief to know that I am not the only one in the same boat!

 

It is, of course, typical that this happened at the weekend!

Link to comment
Share on other sites
Kenward

Kenward

Posted
  • Author
Posted

While it isn't good for you folks, for me at least it is a relief to know that I am not the only one in the same boat!

 

It is, of course, typical that this happened at the weekend!

 

 

May have been fixed in a new Sophos update. It did not object to today's download.

Link to comment
Share on other sites
  • 7 months later...
KBG

KBG

Posted
Posted
Great work reporting this to Sophos! :)

Hi i've had the same experience twice now and am using cox security suite which I think uses authentium for antivirus.

Hopefully you can e-mail them as well. Thank you for your time.

Link to comment
Share on other sites
fireryone

fireryone

Posted
Posted

I have the latest NOD32 & CCleaner and have not had that problem,

You may want to submit a hijack this log in that section of the forum to be sure it wasn't some other hidden malware not just a false positive!

fireryone

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept