14 replies to this topic

[Phoenix388]

I am very disappointed and angry that while doing a virus scan on my desktop last night, a Trojan virus was detected in the CCleaner.exe file and in the CCleaner uninstall file. My ISP suggested that I download this program and now I am screwed!! Has anyone else had this problem? Does anyone have any suggestions on how to fix this besides taking it to the shop?
Phoenix388

[Glenn]

My copy is clean.

From where did you download? What anti-virus are you using? What trojan did it identify?

[Andavari]

Scanning of CCleaner with the Toolbar which is the most likely one to trigger a false positive comes up completely clean on VirusTotal, as seen here.

Only download CCleaner from the CCleaner homepage, or from FileHippo.com here.

[fireryone]

So if you want to check for a virus without taking it to the shop,

Post in the "Spyware Hell" after following the "before you post" topic and a helpful mod will help you out.

As downloading CCleaner from the official sites (see above post) is completely clean (i'm using it now),
It is possible you picked up the virus from a non-authorized download.

[Keithuk]

Welcome to Piriform Phoenix.

Phoenix388, on Sep 3 2009, 01:16 AM, said:

I am very disappointed and angry that while doing a virus scan on my desktop last night, a Trojan virus was detected in the CCleaner.exe file and in the CCleaner uninstall file. My ISP suggested that I download this program and now I am screwed!! Has anyone else had this problem? Does anyone have any suggestions on how to fix this besides taking it to the shop?

What you haven't said is where you downloaded CC from. I personally wouldn't trust any site apart from the ones in Andavari post, CCleaner homepage, or from FileHippo.com.

We've never had this problem because we ALWAYS use the CCleaner homepage or FileHippo.

[eloboeb]

This is what I receive when I try downloading CCleaner from Filehippo:


Access to the page:
http://fs2.filehippo.com/4364/d710a676e6e1.../ccsetup223.exe

has been denied for the following reason:

Virus or bad content detected. Trojan.Fraudload-2264

[hazelnut]

eloboeb, on Sep 3 2009, 03:07 PM, said:

This is what I receive when I try downloading CCleaner from Filehippo:


Access to the page:
http://fs2.filehippo.com/4364/d710a676e6e1.../ccsetup223.exe

has been denied for the following reason:

Virus or bad content detected. Trojan.Fraudload-2264

Which program tells you this please?

If it is your av, can you please report it to them as a false positive and they should fix it quickly.

[ident]

there is no infection what so ever in that link

[hazelnut]

ident, on Sep 3 2009, 03:35 PM, said:

there is no infection what so ever in that link

We know that ident, we are waiting for the poster to let us know which av is giving the FP so they can be informed.

[fireryone]

Just did a quick Google and it might be ClamAV:
http://www.virustotal.com/analisis/8168387...4af5-1251795236

and here (translated)

[Andavari]

fireryone, on Sep 3 2009, 10:32 AM, said:

Just did a quick Google and it might be ClamAV:
http://www.virustotal.com/analisis/8168387...4af5-1251795236

Ah that explains why the link I gave above is dead, someone re-scanned it.

Yes ClamAV definitions are having some serious false positives lately and against perfectly clean software, and it isn't against just CCleaner. I was a former ClamWin Portable user until I witnessed a massive amount of FP's it produced.

[Phoenix388]

it was ClamWin Free AV that i was using to scan my system that gave me the virus message. this is one of the viruses:
ccsetup222.exe: Trojan.Fraudload-2264 FOUND
the second one is:CCleaner\uninst.exe: Trojan.Fraudload-2264 FOUND
this is the site i downloaded it from: http://www.ccleaner.com/
Please advise.

[hazelnut]

This is a false positive on the part of ClamWin (as worked out by posters above)

Info is given in one of the posts on this page here on their forum about how to report things like this.

http://forums.clamwi...opic.php?t=2496

Also here

http://www.clamwin.c...ent/view/40/27/

[Phoenix388]

Thanks very much!!

[Keithuk]

Yes I wasn't to impressed with ClamWin when I tried it for 6 months. It kept saying I had a batch file that was a virus. How can a batch file be a virus it just a set of instructions to be followed by code. It may execute an exe to carry out these instructions in the code but thats all.

But what do you expect for free?