14 replies to this topic

[Bollen]

Well I read about this earlier and its not the first time uninstallers has been false flagged as trojans. This time its from the program Spyware Doctor from PC Tools. Maybe you should contact them, since its really not good if CCleaner get a reputation for having a trojan in it.
Anyways love the program and I just wanted to report this

Added a picture what Spyware Doctor said.

 ccleaner_trojan.JPG   78.15K   159 downloads

[TheFiresInTheSky]

welcome bollen
are you sure you have the latest version?
my dad has spyware doctor and also ccleaner, no problems.
-aaron

[Andavari]

I'll check it out to see if I can confirm it with the newest version which is 4.0 - been meaning to try out the program anyways.

[Andavari]

I just scanned with Spyware Doctor 4.0 and it didn't detect any CCleaner files as infected.

Make sure your Spyware Doctor is up-to-date.

[heinzhonk]

hi, i got the same message by ccleaner. to be absolutly sure, can anyone give me his/her md5-checksum?

best regards

[Andavari]

To be absolutely sure you can always do the normal which is upload for malware scanning to these two malware scanners:

• http://virusscan.jotti.org/
  
• http://www.virustotal.com/

[TonyKlein]

heinzhonk, on Dec 3 2006, 08:05 PM, said:

hi, i got the same message by ccleaner. to be absolutly sure, can anyone give me his/her md5-checksum?

5bb116b6b982f79626fcea7ccee9d8c0

[heinzhonk]

I got another one, but i think, to installdir should be saved in the exe-file. so, there is a different checksum.

or is there anybody, who got the same checksum as tonyklein (5bb116b6b982f79626fcea7ccee9d8c0) or me (0783a79ef1b9948718d04737cf49ae3f) ?

[Andavari]

How are you getting the checksums?

MrG the CCleaner developer added a VeriSign Digital Signature to the CCleaner setup file!

You can view it by right clicking the setup file and selecting Properties->Digital Signatures->hightlight Pirform Ltd->click Details

Now you can click View Certificate->Certificate Path to see the Certificate Status. It should read: This certificate is OK.

[TonyKlein]

Andavari, on Dec 4 2006, 05:29 PM, said:

How are you getting the checksums?

Personally, I'm using Summerproperties, a nice little shell extension which adds a 'Checksums" tab to your file's properties. Very handy.

http://www.earthmagic.org/?software

Attached Files

•  Sum.gif   15.65K   38 downloads

[Andavari]

Using the tool TK linked to this is what I got, text and screenshot included:

CCleaner Version (Slim Install): 1.35.424
File: C:\Program Files\CCleaner\uninst.exe
CRC16: 255a
CBR32: 2cb86e75
MD5: 80b4f6b6955fc10fc804efadc4be2688
SHA1: ec1c6be1bc5e8f7bce65bbabb7fd835824972805

[TonyKlein]

LOL!

This is using Patrick Kolla's FileAlyzer. Not unexpectedly identical to what I got before.

There seem to be numerous legitimate versions of this file...

Attached Files

•  FileAl.gif   16.47K   28 downloads

[Andavari]

TonyKlein, on Dec 5 2006, 12:17 AM, said:

There seem to be numerous legitimate versions of this file...

So what are you saying, is it just some generic uninstall routine? Sort of like what Inno Setup has (well at least Inno Setup's uninstaller has matching checksums.)

[TonyKlein]

Andavari, on Dec 5 2006, 07:36 AM, said:

So what are you saying?

I wish I knew what I was saying...

I guess MrG is the only one who can answer this question.

[MrG]

I've received confirmation that the latest definitions for Spyware Doctor have fixed this false positive detection. So hopefully this won't happen again.

I'm pretty sure the installer engine (NSIS) creates the uninstaller dynamically during the installation process. So it's not possible to digitally sign this file or guarantee what it's MD5 sig will be.

MrG