Vodkasparberry Posted November 12, 2006 Share Posted November 12, 2006 I've just updated my anti-virus and Sophos has detected that CCleaner contains the trojan Zlob-VU Sophos details I initially thought it was because my system had been compromised so I downloaded the file again and it was again detected as the same trojan. I've also downloaded another '.exe' from another website (Mcafee Stinger) to make sure that the file wasn't being infected after being downloaded. I was able to download that file and it did not contain the trojan. Can anyone else verify what I've found or is Sophos wrong? Link to comment Share on other sites More sharing options...
Moderators Andavari Posted November 12, 2006 Moderators Share Posted November 12, 2006 There's another thread about this too, it's located at: http://forum.ccleaner.com/index.php?showtopic=7518 Probably just another false positive! Link to comment Share on other sites More sharing options...
Vodkasparberry Posted November 12, 2006 Author Share Posted November 12, 2006 Yes, I think so too. Sophos reported the same trojan in the Winamp and Inkscape install files. I assume that they're all using the same installer and something in the installer is setting off the anti-virus. I've submitted the CCleaner setup file to Sophos and noted with them that I think it's reporting a false positive. Hopefully they'll sort it out quickly. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted November 12, 2006 Moderators Share Posted November 12, 2006 The same installer you state I think is Nullsoft Scriptable Install System ("NSIS") which recently allot of virus scanners started giving false positives against. Then again it's like the old problem when some virus scanners detect all UPX compressed files as viruses even though they're clean. Link to comment Share on other sites More sharing options...
TheOdds Posted November 12, 2006 Share Posted November 12, 2006 The same installer you state I think is Nullsoft Scriptable Install System ("NSIS") which recently allot of virus scanners started giving false positives against. Then again it's like the old problem when some virus scanners detect all UPX compressed files as viruses even though they're clean. Yes apparently some virus writes wrote viruses what used NSIS component's or source code. As result pretty much every AV in the market started to detect literally tens of thousands NSIS installers as viruses. The biggest AV companys are aware of the problem and doesn't cause much NSIS false positeves anymore, but the smaller AV companys (mainly free AVs) are still producing "tons" of NSIS false positives. As personal opinion I would ditch any AV what still is producing these false positives. Link to comment Share on other sites More sharing options...
Vodkasparberry Posted November 13, 2006 Author Share Posted November 13, 2006 This is the official response that I have received from Sophos. I'm posting it here just so that there is a record of it. /* Start of email */ thank you for your email. The file ccsetup134.exe that you sent to us for analysis was indeed producing a false-positive report and an updated IDE file has been released to correct this. Please do not hesitate to contact me if I can be of any further assistance. /* End of email */ Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now