Jump to content

Return to Piriform.com

Photo

CCleaner setup


  • Please log in to reply
5 replies to this topic

#1 OFFLINE Vodkasparberry

Vodkasparberry

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 12 November 2006 - 08:01 AM

I've just updated my anti-virus and Sophos has detected that CCleaner contains the trojan
Zlob-VU Sophos details

I initially thought it was because my system had been compromised so I downloaded the file
again and it was again detected as the same trojan. I've also downloaded another '.exe' from
another website (Mcafee Stinger) to make sure that the file wasn't being infected after being downloaded.
I was able to download that file and it did not contain the trojan.

Can anyone else verify what I've found or is Sophos wrong?

#2 OFFLINE Andavari

Andavari

    .

  • Moderators
  • 16,086 posts
  • Gender:Male
  • Location:U.S.A.

Posted 12 November 2006 - 09:01 AM

There's another thread about this too, it's located at:
http://forum.ccleane...?showtopic=7518

Probably just another false positive! ;)

Piriform software help documentation is available at: http://www.piriform.com/docs

 

Don't PM me for advice! I'll only ask you to read forum rule #15.


#3 OFFLINE Vodkasparberry

Vodkasparberry

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 12 November 2006 - 09:08 AM

Yes, I think so too.
Sophos reported the same trojan in the Winamp and Inkscape install files.
I assume that they're all using the same installer and something in the installer
is setting off the anti-virus.

I've submitted the CCleaner setup file to Sophos and noted with them
that I think it's reporting a false positive. Hopefully they'll sort
it out quickly.

#4 OFFLINE Andavari

Andavari

    .

  • Moderators
  • 16,086 posts
  • Gender:Male
  • Location:U.S.A.

Posted 12 November 2006 - 09:11 AM

The same installer you state I think is Nullsoft Scriptable Install System ("NSIS") which recently allot of virus scanners started giving false positives against. Then again it's like the old problem when some virus scanners detect all UPX compressed files as viruses even though they're clean.

Piriform software help documentation is available at: http://www.piriform.com/docs

 

Don't PM me for advice! I'll only ask you to read forum rule #15.


#5 OFFLINE TheOdds

TheOdds

    Advanced Member

  • Members
  • PipPipPip
  • 74 posts
  • Gender:Male

Posted 12 November 2006 - 11:53 AM

The same installer you state I think is Nullsoft Scriptable Install System ("NSIS") which recently allot of virus scanners started giving false positives against. Then again it's like the old problem when some virus scanners detect all UPX compressed files as viruses even though they're clean.

Yes apparently some virus writes wrote viruses what used NSIS component's or source code. As result pretty much every AV in the market started to detect literally tens of thousands NSIS installers as viruses. The biggest AV companys are aware of the problem and doesn't cause much NSIS false positeves anymore, but the smaller AV companys (mainly free AVs) are still producing "tons" of NSIS false positives.

As personal opinion I would ditch any AV what still is producing these false positives.

#6 OFFLINE Vodkasparberry

Vodkasparberry

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 13 November 2006 - 04:37 AM

This is the official response that I have received from Sophos.
I'm posting it here just so that there is a record of it.

/* Start of email */
thank you for your email. The file ccsetup134.exe that you sent to us
for analysis was indeed producing a false-positive report and an
updated IDE file has been released to correct this. Please do not
hesitate to contact me if I can be of any further assistance.
/* End of email */