Jump to content

CC Virus...?


Tucson

Recommended Posts

"The on-access scanning engine reported a 'W32/Trojan.MQN' infection in file 'C:\PROGRAMFILES\CCLEANER\UNINST.EXE'

 

I believe the scanning took place when I opened CCleaner.

 

The AV deleted the file.

 

I rarely have viruses. Incoming emails are scanned, filtered, washed, rinsed, and hung out to dry.

 

Any comments on a virus appearing as described above?

 

Regards,

 

Peter

 

Yikes! Just got virus alerts in four more files!

post-9396-1166809443_thumb.jpg

post-9396-1166809443_thumb.jpg

Link to comment
Share on other sites

"The on-access scanning engine reported a 'W32/Trojan.MQN' infection in file 'C:\PROGRAMFILES\CCLEANER\UNINST.EXE'

 

I believe the scanning took place when I opened CCleaner.

 

The AV deleted the file.

 

I rarely have viruses. Incoming emails are scanned, filtered, washed, rinsed, and hung out to dry.

 

Any comments on a virus appearing as described above?

 

Regards,

 

Peter

 

Yikes! Just got virus alerts in four more files!

 

 

I had the same thing happen to me just this morning. Same message popped up with my AV, then 3 or 4 more. The files infected were all updates for CCleaner versions 131, 132, 133 and 134 plus the file mentioned in the above post.

 

I am now running version 130 and all is fine. I have a second computer running version 136 and no sign of virus on that one, but I also did not update that one as often and I believe I went from version 130 to 136 on the second computer.

 

I also am very on top of virus scans, spyware scans etc.

 

Someone suggested that this was a false positive, however right after using CCleaner and apparently launching the virus, my computer became very, very sluggish. Programs wouldn't open, etc.

Link to comment
Share on other sites

  • Moderators

Alright we will just have to report a false positive to them and this should be fixed. :D

 

CCleaner does not contain any virus and/or spyware. Your AV is detecting the installer which is NSIS. This means that anything using this installer would be flagged by your AV.

Link to comment
Share on other sites

Its a false positive as RRidgely said, its just Ccleaners Uninstaller which is run if you remove it from the Add/Remove screen, if the system became unresponsive then thats not connected to the uninst.exe but you should consider contacting the AV's customer support to report the false detection

 

If you do a google search for this you will see other vendors have had similar problems with the uninstaller but when they are notified they soon fix it

 

http://www.google.co.uk/search?hl=en&q...virus&meta=

 

Here's VirusTotal Results for the Uninst.exe file

 

STATUS: FINISHEDComplete scanning result of "uninst.exe", received in VirusTotal at 12.23.2006, 07:00:01 (CET).

 

Antivirus Version Update Result

AntiVir 7.3.0.21 12.22.2006 no virus found

Authentium 4.93.8 12.22.2006 no virus found

Avast 4.7.892.0 12.21.2006 no virus found

AVG 386 12.22.2006 no virus found

BitDefender 7.2 12.23.2006 no virus found

CAT-QuickHeal 8.00 12.22.2006 no virus found

ClamAV devel-20060426 12.23.2006 no virus found

DrWeb 4.33 12.22.2006 no virus found

eSafe 7.0.14.0 12.21.2006 no virus found

eTrust-InoculateIT 23.73.97 12.23.2006 no virus found

eTrust-Vet 30.3.3271 12.23.2006 no virus found

Ewido 4.0 12.22.2006 no virus found

Fortinet 2.82.0.0 12.23.2006 suspicious

F-Prot 3.16f 12.22.2006 no virus found

F-Prot4 4.2.1.29 12.22.2006 no virus found

Ikarus T3.1.0.27 12.23.2006 no virus found

Kaspersky 4.0.2.24 12.23.2006 no virus found

McAfee 4925 12.22.2006 no virus found

Microsoft 1.1904 12.23.2006 no virus found

NOD32v2 1935 12.22.2006 no virus found

Norman 5.80.02 12.22.2006 no virus found

Panda 9.0.0.4 12.22.2006 no virus found

Prevx1 V2 12.23.2006 no virus found

Sophos 4.12.0 12.22.2006 no virus found

Sunbelt 2.2.907.0 12.18.2006 no virus found

TheHacker 6.0.3.135 12.20.2006 no virus found

UNA 1.83 12.22.2006 no virus found

VBA32 3.11.1 12.22.2006 no virus found

VirusBuster 4.3.19:9 12.22.2006 no virus found

 

Aditional Information

File size: 103230 bytes

MD5: 33829fbbb9cdc957cfc23c748d51c40b

SHA1: 2847f306dc5b33dbde3ca7c4826dbbe46a601b2d

packers: BINARYRES

Link to comment
Share on other sites

Thanks for the replies, folks. My observations were much as described by others. The AV is an in-house furnished by my ISP, Cox.net. Not sure what it's based on.

 

I should also mention that a Google search found no virus of that name.

 

Happy Holidays,

 

Peter

Link to comment
Share on other sites

  • Moderators

Rofl, I have never even heard of Telus anti-virus....

 

Telus is a telecommunications company in Canada and they also have ISP services. It's of no surprise that they'd also have security software (anti-virus, etc.,) to protect their customers as many ISP's now provide on some degree either internally or through a third-party! ;)

Link to comment
Share on other sites

The same stuff is happening to me as well, and I also use Telus' security package which includes AV. It's been deleting the uninstall file for CCleaner. and, just recently, it now deleted the uninstall file for FileZilla, detecting the same virus! :blink:

 

But a slight twist is that the filepath points to my D drive (my laptop's HDD is partitioned into 2 separate partitions), but everything runs from my C drive and D drive is just used for storage. What's up with that?

 

Now I gotta go and reinstall CCleaner and FileZilla.

Link to comment
Share on other sites

  • 6 months later...

Today Avira Antivir PersonalEdition Premium keeps flagging CCleaner\uninst.exe as Trojan Downloader Zlob AADO.5. My question is: why today and not before? I've been using both Avira and CCleaner for some time, never got this warning till now.

Link to comment
Share on other sites

Today Avira Antivir PersonalEdition Premium keeps flagging CCleaner\uninst.exe as Trojan Downloader Zlob AADO.5. My question is: why today and not before? I've been using both Avira and CCleaner for some time, never got this warning till now.

 

Same here (i use Antivir Personal Free Edition) :angry:

For your information, it detect as "malaware" also the dialer i'have

in use from ages, for connect my PC to the internet. Just made a report.

 

Why today and not before? Cause the AV signatures change everytime :)

 

 

Just submitted uninst.exe to Avira. :blink:

 

 

------------------------------------------

Thank you for your submission. Below you can see the current status of the uploaded files.

 

A listing of files alongside their results can be found below:

 

File ID Filename Size (Byte) Result

1113316 uninst.exe 103.41 KB FALSE POSITIVE

 

Please find a detailed report concerning each individual sample below:

 

Filename Result

uninst.exe FALSE POSITIVE

 

The file 'uninst.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.

max_sig.gif Guide in italiano per CCleaner - Recuva - Defraggler - Speccy

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.