I am running CCleaner v.2.01.507 in a Terminal Server enviroment. It runs evertime a user logs into the TS.
My eTrust ITM downloaded signatures at 7:45am... At 7:51am, when the next user logged in, the realtime scanner popped the following warnings:
The Win32/FakeAv.CX was detected in C:\PROGRAM FILES\CCleaner\UNINST.EXE. Machine: xxxxx, User: xxxxxx . Status: Infected
and
The Win32/FakeAv.CX was detected in C:\PROGRAM FILES\CCleaner\UNINST.EXE. Machine: xxxxx, User: xxxxxx. Status: File was cured; system cure performed.
Do you all think this is a false positive situation? During my googleing of this, i found some mention of false positives on the file a year or so ago.
2
eTrust false positive?
Started by jonz, Aug 20 2008 02:49 PM
19 replies to this topic
#2 OFFLINE
-
- Members
-
- 4 posts
Newbie
Posted 20 August 2008 - 03:02 PM
Update... Every box on my network is now reporting this...
Piriform should write a thank you note to CA, as they are removing the uninstall files so CCleaner cant be uninstalled =)
Piriform should write a thank you note to CA, as they are removing the uninstall files so CCleaner cant be uninstalled =)
#3 OFFLINE
-
- Members
-
- 4 posts
Newbie
Posted 20 August 2008 - 03:21 PM
Another update!
It thinks that the install file for the newest version is a virus also
Here is the message:
[time 8/20/2008 9:12:11 AM: ID 14: machine xxxxx: response 8/20/2008 9:12:57 AM] The Win32/FakeAv.CX was detected in C:\...\CCSETUP210[1].EXE. Machine: xxxxx, User: xxxxx. Status: File is cured and the machine needs to reboot to complete cure.
I have used CCleaner for a long time, and know for a fact that is far from a virus or trojan. I can only assume that CA has failed me again with a false positive!
It thinks that the install file for the newest version is a virus also
Here is the message:
[time 8/20/2008 9:12:11 AM: ID 14: machine xxxxx: response 8/20/2008 9:12:57 AM] The Win32/FakeAv.CX was detected in C:\...\CCSETUP210[1].EXE. Machine: xxxxx, User: xxxxx. Status: File is cured and the machine needs to reboot to complete cure.
I have used CCleaner for a long time, and know for a fact that is far from a virus or trojan. I can only assume that CA has failed me again with a false positive!
#4 OFFLINE
-
- Members
-
- 6 posts
Newbie
Posted 20 August 2008 - 07:27 PM
I'm getting the same message from eTrust today.
It thinks the uninstall program is FakeAV.CX.
I also think it's a false positive, but it would be nice if someone could confirm that. I'm going to check the forums at CA.
It thinks the uninstall program is FakeAV.CX.
I also think it's a false positive, but it would be nice if someone could confirm that. I'm going to check the forums at CA.
#5 OFFLINE
-
- Members
-
- 6 posts
Newbie
Posted 20 August 2008 - 07:35 PM
Can't see anything on the CA eTrust forums, but there is very little activity there and you can't post until you get approval.
#6 OFFLINE
-
- Members
-
- 3 posts
Newbie
Posted 20 August 2008 - 07:46 PM
I'm getting the same mesage from CA eTrust antivirus. I've tried downloading previous versions of CCleaner, but whenever the setup file is downloaded CA eTrust antivirus deletes it...
#7 OFFLINE
-
- Members
-
- 6 posts
Newbie
Posted 20 August 2008 - 07:48 PM
I've submitted a question to the CA free email support. It may take a while to get a response.
#8 OFFLINE
-
- Members
-
- 3 posts
Newbie
Posted 20 August 2008 - 08:00 PM
OK. I've added a topic on CA forum. Track it here:
http://caforums.ca.com/ca/board/message?bo...p;message.id=19
http://caforums.ca.com/ca/board/message?bo...p;message.id=19
#9 OFFLINE
-
- Members
-
- 6 posts
Newbie
Posted 20 August 2008 - 08:43 PM
Zaur, on Aug 20 2008, 04:00 PM, said:
OK. I've added a topic on CA forum. Track it here:
http://caforums.ca.com/ca/board/message?bo...p;message.id=19
http://caforums.ca.com/ca/board/message?bo...p;message.id=19
Great, thanks.
Also, on a related note, while I was poking around the Piriform site I noticed that they now have a defragmenting program. I thought I would try it, but when I downloaded the installer, I got the same FakeAV message! So it's not just CCleaner.
#10 OFFLINE
-
- Members
-
- 3 posts
Newbie
Posted 20 August 2008 - 09:59 PM
Matt B., on Aug 20 2008, 09:43 PM, said:
Great, thanks.
Also, on a related note, while I was poking around the Piriform site I noticed that they now have a defragmenting program. I thought I would try it, but when I downloaded the installer, I got the same FakeAV message! So it's not just CCleaner.
Also, on a related note, while I was poking around the Piriform site I noticed that they now have a defragmenting program. I thought I would try it, but when I downloaded the installer, I got the same FakeAV message! So it's not just CCleaner.
right! Same thing with daemon4300-LITE.exe (Daemon-Tools). I've updated the thread at CA forum.
#11 OFFLINE
-
- Moderators
-
- 13,324 posts
Captain Spectacular
- Gender:Male
- Location:Shadow Moses
Posted 20 August 2008 - 11:13 PM
Probably just another false positive!
Files can be verified using two free online single file virus scanning services that use multiple virus scanners, there's nothing to install as you only upload the files to them:
* http://virusscan.jotti.org/
* http://www.virustotal.com/
This post has been reported to the owner of Piriform, so that something can be done.
Files can be verified using two free online single file virus scanning services that use multiple virus scanners, there's nothing to install as you only upload the files to them:
* http://virusscan.jotti.org/
* http://www.virustotal.com/
This post has been reported to the owner of Piriform, so that something can be done.
#12 OFFLINE
-
- Members
-
- 1 posts
Newbie
Posted 21 August 2008 - 01:30 AM
I am getting this same error in several uninstall.exe programs on my machine. It's likely a problem with CA's detection engine.
#13 OFFLINE
-
- Members
-
- 1 posts
Newbie
Posted 21 August 2008 - 01:36 AM
jonz, on Aug 20 2008, 10:21 AM, said:
Another update!
It thinks that the install file for the newest version is a virus also
Here is the message:
[time 8/20/2008 9:12:11 AM: ID 14: machine xxxxx: response 8/20/2008 9:12:57 AM] The Win32/FakeAv.CX was detected in C:\...\CCSETUP210[1].EXE. Machine: xxxxx, User: xxxxx. Status: File is cured and the machine needs to reboot to complete cure.
I have used CCleaner for a long time, and know for a fact that is far from a virus or trojan. I can only assume that CA has failed me again with a false positive!
It thinks that the install file for the newest version is a virus also
Here is the message:
[time 8/20/2008 9:12:11 AM: ID 14: machine xxxxx: response 8/20/2008 9:12:57 AM] The Win32/FakeAv.CX was detected in C:\...\CCSETUP210[1].EXE. Machine: xxxxx, User: xxxxx. Status: File is cured and the machine needs to reboot to complete cure.
I have used CCleaner for a long time, and know for a fact that is far from a virus or trojan. I can only assume that CA has failed me again with a false positive!
I got the same thing too, it deleted the install and uninstall files on my system tonight.
Roland, NK2U
#14 OFFLINE
-
- Members
-
- 1 posts
Newbie
Posted 21 August 2008 - 02:29 AM
Matt B., on Aug 20 2008, 01:27 PM, said:
I'm getting the same message from eTrust today.
It thinks the uninstall program is FakeAV.CX.
I also think it's a false positive
It thinks the uninstall program is FakeAV.CX.
I also think it's a false positive
I'm glad that I'm not the only one! I had to lower my firewall briefly and thought I picked up a virus! LOL
Given the fact that so many are having the same problem with the same file after a recent anti virus update, it's obvious that it's a false positive due to the updated signature from CA Antivirus. It isn't the first time they've messed up. At least this time they aren't flagging valid Window System files like they did a month ago!
#15 OFFLINE
-
- Members
-
- 2,874 posts
Super Power User
- Gender:Male
- Location:Oshawa, Ont. Canada
- Interests:Helping people get rid of malware on their systems then showing them how not to get re-infected again
Posted 21 August 2008 - 08:18 AM
Natalie_ca, on Aug 20 2008, 10:29 PM, said:
I'm glad that I'm not the only one! I had to lower my firewall briefly and thought I picked up a virus! LOL
Given the fact that so many are having the same problem with the same file after a recent anti virus update, it's obvious that it's a false positive due to the updated signature from CA Antivirus. It isn't the first time they've messed up. At least this time they aren't flagging valid Window System files like they did a month ago!
Given the fact that so many are having the same problem with the same file after a recent anti virus update, it's obvious that it's a false positive due to the updated signature from CA Antivirus. It isn't the first time they've messed up. At least this time they aren't flagging valid Window System files like they did a month ago!
"Education is what remains after one has forgotten everything he learned in school." - Albert Einstein
IE7Pro user
IE7Pro user
#16 OFFLINE
-
- Members
-
- 2,235 posts
Keep it simple !
- Gender:Male
- Location:Maryland U.S.A.
Posted 21 August 2008 - 09:10 AM
Zaur, on Aug 20 2008, 04:00 PM, said:
OK. I've added a topic on CA forum. Track it here:
http://caforums.ca.com/ca/board/message?bo...p;message.id=19
http://caforums.ca.com/ca/board/message?bo...p;message.id=19
Situation resolved with fix from CA. Ca users must update.
davey
#17 OFFLINE
-
- Members
-
- 6 posts
Newbie
Posted 21 August 2008 - 12:44 PM
davey, on Aug 21 2008, 05:10 AM, said:
Update from MrG here. http://forum.pirifor...topic=17335&hl=
Situation resolved with fix from CA. Ca users must update.
davey
Situation resolved with fix from CA. Ca users must update.
daveyYes, I think we're in the clear now. Today I downloaded the install program for Defraggler and did NOT get the virus alert. Whew! I had some worried moments yesterday when these alerts were popping up all over.
#18 OFFLINE
-
- Members
-
- 2 posts
Newbie
Posted 22 August 2008 - 07:44 PM
YoKenny, on Aug 21 2008, 01:18 AM, said:
I never did like anything from CA.
I'm new to this Forum and registered because of the Trojan detection by my CA security suite. I rarely download software, and hardly ever 'free' software, but I did download CCleaner because of Kim Komando endorsements and other reviews I have read. I was very distressed by the Trojan detection notice/cleanup. While I am now somewhat relieved to learn this was a false positive situation, I'm even more relieved that my CA security software errs on the side of caution.
Everyone has their own likes and dislikes; I'd rather have a security product that makes a mistake to protect me, rather than one which fails to do so.
Savor life, and smile...
#19 OFFLINE
-
- Moderators
-
- 9,451 posts
try to stay calm
- Gender:Female
- Location:Huddersfield uk
Posted 22 August 2008 - 07:48 PM
Welcome to the forum AZMoosie
CCLEANER, RECUVA, DEFRAGGLER AND SPECCY DOCUMENTATION CAN BE FOUND HERE
http://www.piriform.com/docs
http://www.piriform.com/docs
#20 OFFLINE
-
- Moderators
-
- 13,324 posts
Captain Spectacular
- Gender:Male
- Location:Shadow Moses
Posted 22 August 2008 - 09:52 PM
AZMoosie, on Aug 22 2008, 01:44 PM, said:
I'd rather have a security product that makes a mistake to protect me, rather than one which fails to do so.
I personally would rather never have a false positive from anti-malware software. If they're falsely detecting program files those are surely easy to reinstall, however; if and when they start falsely targeting Windows OS files themselves that's where a serious problem could arise.
Back when I used eTrust Antivirus (and I used it for years) I did like it allot until they started bloating it with the control center, bugs, etc., then the appeal was completely lost.
