12 replies to this topic

[Tucson]

"The on-access scanning engine reported a 'W32/Trojan.MQN' infection in file 'C:\PROGRAMFILES\CCLEANER\UNINST.EXE'

I believe the scanning took place when I opened CCleaner.

The AV deleted the file.

I rarely have viruses. Incoming emails are scanned, filtered, washed, rinsed, and hung out to dry.

Any comments on a virus appearing as described above?

Regards,

Peter

Yikes! Just got virus alerts in four more files!

Attached Files

•  cc_virus.jpg   28.33K   103 downloads

[rridgely]

What AV is that?
Its just a false positive and will need to be reported to the AV company to be fixed.

[masterone]

Tucson, on Dec 22 2006, 09:44 AM, said:

"The on-access scanning engine reported a 'W32/Trojan.MQN' infection in file 'C:\PROGRAMFILES\CCLEANER\UNINST.EXE'

I believe the scanning took place when I opened CCleaner.

The AV deleted the file.

I rarely have viruses. Incoming emails are scanned, filtered, washed, rinsed, and hung out to dry.

Any comments on a virus appearing as described above?

Regards,

Peter

Yikes! Just got virus alerts in four more files!

I had the same thing happen to me just this morning. Same message popped up with my AV, then 3 or 4 more. The files infected were all updates for CCleaner versions 131, 132, 133 and 134 plus the file mentioned in the above post.

I am now running version 130 and all is fine. I have a second computer running version 136 and no sign of virus on that one, but I also did not update that one as often and I believe I went from version 130 to 136 on the second computer.

I also am very on top of virus scans, spyware scans etc.

Someone suggested that this was a false positive, however right after using CCleaner and apparently launching the virus, my computer became very, very sluggish. Programs wouldn't open, etc.

[rridgely]

What antivirus do you use masterone?

[masterone]

rridgely, on Dec 22 2006, 07:19 PM, said:

What antivirus do you use masterone?

I use Telus Security Service. I think they use Freedom and Zero Knowledge. I used to be a "die-hard" Norton user but their program just isn't what it used to be. So far Telus has been great.

[rridgely]

Alright we will just have to report a false positive to them and this should be fixed.

CCleaner does not contain any virus and/or spyware. Your AV is detecting the installer which is NSIS. This means that anything using this installer would be flagged by your AV.

[AndyManchesta]

Its a false positive as RRidgely said, its just Ccleaners Uninstaller which is run if you remove it from the Add/Remove screen, if the system became unresponsive then thats not connected to the uninst.exe but you should consider contacting the AV's customer support to report the false detection

If you do a google search for this you will see other vendors have had similar problems with the uninstaller but when they are notified they soon fix it

http://www.google.co.uk/search?hl=en&q...virus&meta=

Here's VirusTotal Results for the Uninst.exe file

Quote

STATUS: FINISHEDComplete scanning result of "uninst.exe", received in VirusTotal at 12.23.2006, 07:00:01 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 12.22.2006 no virus found
Authentium 4.93.8 12.22.2006 no virus found
Avast 4.7.892.0 12.21.2006 no virus found
AVG 386 12.22.2006 no virus found
BitDefender 7.2 12.23.2006 no virus found
CAT-QuickHeal 8.00 12.22.2006 no virus found
ClamAV devel-20060426 12.23.2006 no virus found
DrWeb 4.33 12.22.2006 no virus found
eSafe 7.0.14.0 12.21.2006 no virus found
eTrust-InoculateIT 23.73.97 12.23.2006 no virus found
eTrust-Vet 30.3.3271 12.23.2006 no virus found
Ewido 4.0 12.22.2006 no virus found
Fortinet 2.82.0.0 12.23.2006 suspicious
F-Prot 3.16f 12.22.2006 no virus found
F-Prot4 4.2.1.29 12.22.2006 no virus found
Ikarus T3.1.0.27 12.23.2006 no virus found
Kaspersky 4.0.2.24 12.23.2006 no virus found
McAfee 4925 12.22.2006 no virus found
Microsoft 1.1904 12.23.2006 no virus found
NOD32v2 1935 12.22.2006 no virus found
Norman 5.80.02 12.22.2006 no virus found
Panda 9.0.0.4 12.22.2006 no virus found
Prevx1 V2 12.23.2006 no virus found
Sophos 4.12.0 12.22.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.135 12.20.2006 no virus found
UNA 1.83 12.22.2006 no virus found
VBA32 3.11.1 12.22.2006 no virus found
VirusBuster 4.3.19:9 12.22.2006 no virus found

Aditional Information
File size: 103230 bytes
MD5: 33829fbbb9cdc957cfc23c748d51c40b
SHA1: 2847f306dc5b33dbde3ca7c4826dbbe46a601b2d
packers: BINARYRES

[Tucson]

Thanks for the replies, folks. My observations were much as described by others. The AV is an in-house furnished by my ISP, Cox.net. Not sure what it's based on.

I should also mention that a Google search found no virus of that name.

Happy Holidays,

Peter

[DJpailo]

Rofl, I have never even heard of Telus anti-virus....

Ccleaner is not a virus, just add these false positives to your ignore list. It's funny how some companies who think they are so great, try to discredit the free utilities, such as symantec and spybot..

[Andavari]

DJpailo, on Dec 24 2006, 03:42 PM, said:

Rofl, I have never even heard of Telus anti-virus....

Telus is a telecommunications company in Canada and they also have ISP services. It's of no surprise that they'd also have security software (anti-virus, etc.,) to protect their customers as many ISP's now provide on some degree either internally or through a third-party!

[Icemann]

The same stuff is happening to me as well, and I also use Telus' security package which includes AV. It's been deleting the uninstall file for CCleaner. and, just recently, it now deleted the uninstall file for FileZilla, detecting the same virus!

But a slight twist is that the filepath points to my D drive (my laptop's HDD is partitioned into 2 separate partitions), but everything runs from my C drive and D drive is just used for storage. What's up with that?

Now I gotta go and reinstall CCleaner and FileZilla.

[Francisco]

Today Avira Antivir PersonalEdition Premium keeps flagging CCleaner\uninst.exe as Trojan Downloader Zlob AADO.5. My question is: why today and not before? I've been using both Avira and CCleaner for some time, never got this warning till now.

[Whiteshark]

Francisco, on Jul 23 2007, 10:00 PM, said:

Today Avira Antivir PersonalEdition Premium keeps flagging CCleaner\uninst.exe as Trojan Downloader Zlob AADO.5. My question is: why today and not before? I've been using both Avira and CCleaner for some time, never got this warning till now.

Same here (i use Antivir Personal Free Edition)
For your information, it detect as "malaware" also the dialer i'have
in use from ages, for connect my PC to the internet. Just made a report.

Why today and not before? Cause the AV signatures change everytime


Just submitted uninst.exe to Avira.


------------------------------------------
Thank you for your submission. Below you can see the current status of the uploaded files.

A listing of files alongside their results can be found below:

File ID Filename Size (Byte) Result
1113316 uninst.exe 103.41 KB FALSE POSITIVE

Please find a detailed report concerning each individual sample below:

Filename Result
uninst.exe FALSE POSITIVE

The file 'uninst.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.