Jump to content
CCleaner Community Forums
Sign in to follow this  
Kenward

Virus scanner reports false positive for CCleaner

Recommended Posts

Earlier today, my Sophos anti virus software warned me that it had detected a virus in the "uninstall" bit of CCleaner.

 

I suspect a false positive, so I came here to see what is happening. I see a new version and try to download it, but Sophos tells me that it is infected.

 

Checking the archives here, I find an earlier hot tempered report of this behaviour that went round in circles and did not end up in a satisfactory resolution.

 

As I say, I suspect a false positive. These things happen, but not usually with Sophos, which is better than the usual cowboy stuff from Norton/Symantec. But I am not inclined to install something that is going to deliver these messages.

 

In this case, maybe a "bought in" component, the uninstaller, is responsible.

 

Here is the bit of the AV log that matters:

 

20061112 093251 Virus 'Troj/Zlob-VU' has been detected in "C:\Program Files\CCleaner\uninst.exe"

 

20061112 093251 Infected file "C:\Program Files\CCleaner\uninst.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\uninst.exe.000".

 

20061112 101711 Virus 'Troj/Zlob-VU' has been detected in "C:\Documents and Settings\{username}\Local Settings\Temp\vq4xpv7i.exe"

 

20061112 101711 Infected file "C:\Documents and Settings\{username}\Local Settings\Temp\vq4xpv7i.exe" has been moved to "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\vq4xpv7i.exe.000".

 

The second half is the result of trying to download the latest version of CCleaner.

 

You might like to tell Sophos that you are good guys.

Share this post


Link to post
Share on other sites

Similar thing happened to me this morning - but not during a download.

 

Sophos just reported this virus in c:\programfiles\ccleaner\uninst.exe troj/zlob-VU

 

I am running ccleaner 1.34.407 (downloaded a while back)

Sophos 6.0.5 last updated this morning.

 

I've never had A/V problems with the ccleaner before so I assume it is the latest Sophos update that has triggered a false positive.

Share this post


Link to post
Share on other sites

Yes, its just false positive. MrG will have to contact sophos and have the issue fixed. Thanks for the information. :)

Share this post


Link to post
Share on other sites

Yes, its just false positive. MrG will have to contact sophos and have the issue fixed. Thanks for the information. :)

 

While it isn't good for you folks, for me at least it is a relief to know that I am not the only one in the same boat!

 

It is, of course, typical that this happened at the weekend!

Share this post


Link to post
Share on other sites

While it isn't good for you folks, for me at least it is a relief to know that I am not the only one in the same boat!

 

It is, of course, typical that this happened at the weekend!

 

 

May have been fixed in a new Sophos update. It did not object to today's download.

Share this post


Link to post
Share on other sites

Already done Tony and sorted by Sophos with an update.

 

Sophos also flagged AVG antispyware's installer as having the same trojan this morning.

Share this post


Link to post
Share on other sites
Great work reporting this to Sophos! :)

Hi i've had the same experience twice now and am using cox security suite which I think uses authentium for antivirus.

Hopefully you can e-mail them as well. Thank you for your time.

Share this post


Link to post
Share on other sites

I have the latest NOD32 & CCleaner and have not had that problem,

You may want to submit a hijack this log in that section of the forum to be sure it wasn't some other hidden malware not just a false positive!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...