64bit Grunge

Hmmm... Mysteryousandmysterous... I'll recheck my system tonight just in case another virus has got through.. :-( Sorry in advance if I've made a mistake... I'll get back to you guys Thanks Mr G

Hi, (Apologies if this has arisen before or is in the wrong forum, please move it appropriately to the appropriate forum.) I downloaded CCleaner on the 16th June 2010 from Filehippo. (ccsetup232.exe) Because I strive to run a clean system, my anti virus program picked up Mal/Generic-L when installing CCleaner. The virus is in s415log.exe which is produced by CCleaner in the temp folder. I thought it was my mistake, and I thought this was a case of a false positive warning, but just to check I sent the file to Sophos for analysis and they confirmed that it does indeed contain a virus. Although there is the possibility that the FileHippo Server may have introduced the virus, the fact that it did not appear until after unzipping makes me think that the virus was present at the time of creation. I thought it sensible to contact you and advise you, as it may affect everyone who has downloaded this file. Grunge ------------ CONFIRMATION CORRESPONDENCE WITH SOPHOS ------------ To Sophos: Here's an extract from my Sophos log file.. ... 20100611 130244 File "C:\Documents and Settings\Surfer\Local Settings\Temp\s415log.exe" belongs to virus/spyware 'Mal/Generic-L'. 20100611 130244 On-access scanner has denied access to location "C:\Documents and Settings\Surfer\Local Settings\Temp\s415log.exe" for user THINGT-XP\Surfer ..... 20100611 132004 Using detection data version 4.54G (detection engine 3.7.1). This version can detect 1711507 items. .... I also include the actual file I downloaded - ccsetup232.exe - (incl. some screen dumps of what I clicked on), and which was the executable run. I have zipped this, password = *** ..... Hope this is of help. Your advice is appreciated. Regards Grunge ----------- On 18 Jun 2010, at 08:57, <support@sophos.com> wrote: Hi Grunge, Our labs have just finished going through the samples you provided - please see the results below: - ccsetup232.exe is only detected under Application Control as Yahoo! Messenger - s415log.exe is detected as Mal/Generic-L - the file copies itself into C:\Documents and Settings\support\Local Settings\Temp\s209log.exe and has been identified as a Trojan downloader Hope it helps - please let me know if you have any questions. Regards, Jacek Majewski Sophos Technical Support http://www.sophos.com/support'>http://www.sophos.com/support/services/technical.html'>http://www.sophos.com/support/services/technical.html Support knowledgebase: http://www.sophos.com/support Subscribe to email notifications: http://www.sophos.com/security/notifications'>http://www.sophos.com/security/notifications New! SophosTalk community (discussion forums): http://community.sophos.com'>http://community.sophos.com SOPHOS - simply secure -----Original Message----- From: support@sophos.com Sent: 2010-06-17 12:01 PM To: grunge Cc: Hi Grunge, Can you please send the file to the labs following the information below: http://www.sophos.com/support/knowledgebase/article/11490.html suspicious files sent to support are simply removed. Please let me know when you have had a chance to go through this. Regards, Jacek Majewski Sophos Technical Support http://www.sophos.com/support/services/technical.html Support knowledgebase: http://www.sophos.com/support Subscribe to email notifications: http://www.sophos.com/security/notifications New! SophosTalk community (discussion forums): http://community.sophos.com SOPHOS - simply secure -----Original Message----- From: grunge Sent: 2010-06-17 11:44 AM To: supportuk@Sophos.com, Cc: ________________________________ WARNING: One or more of the attachments (s415log.zip, ccsetup232.zip) in this e-mail have been removed because they might exhibit potentially malicious behaviour. The original attachments have been automatically sent to Sophos Labs for analysis. If the attachments are clean, you should receive them within 30 minutes of this e-mail.