Jump to content

Zone Alarm found a trojan in CCleaner


Recommended Posts

Help! My ZoneAlarm Pro just completed a scan and reported a trojan in CCleaner.exe . The name listed in my ZoneAlarmPro associated with the trojan is "Win32.Backdoor.Delf.cir". I quarantines it, which removed CCleaner.exe and my desktop icon for CCleaner. Has anyone else had a problem? I haven't looked at the Zone Alarm forums to see if there's information about it there.

 

David

Link to comment
Share on other sites

Help! My ZoneAlarm Pro just completed a scan and reported a trojan in CCleaner.exe . The name listed in my ZoneAlarmPro associated with the trojan is "Win32.Backdoor.Delf.cir". I quarantines it, which removed CCleaner.exe and my desktop icon for CCleaner. Has anyone else had a problem? I haven't looked at the Zone Alarm forums to see if there's information about it there.

 

David

It's 99.99% chance that you've just witnessed a "false positive". Make sure you download the CCleaner program from a known good site like Major Geeks and reinstall it. If ZoneAlarm sees it as a trojan again then you need to tell the program that it is safe and to ignore it in the future scans.

 

http://www.majorgeeks.com/CCleaner_Slim_No...lish_d4191.html

 

http://www.viclovan.com/ccleaner2settings.htm

 

Good Luck!

Vic

VicLovan.com

Link to comment
Share on other sites

Help! My ZoneAlarm Pro just completed a scan and reported a trojan in CCleaner.exe . The name listed in my ZoneAlarmPro associated with the trojan is "Win32.Backdoor.Delf.cir". I quarantines it, which removed CCleaner.exe and my desktop icon for CCleaner. Has anyone else had a problem? I haven't looked at the Zone Alarm forums to see if there's information about it there.

 

David

Hello David,

Thank you for your report.

It is like unclebic said in his reply.Follow his suggestion.

Also to get this resolved with Zone Alarm please provide this info.

 

When did you last update ZoneAlarmPro?

 

When did you last install CCleaner?

What version?

Downloaded from where?

 

OS and version ?

Security software and ver?

Other data you think might be relevant?

 

Welcome to the forum!!!

Thanks,

:) davey

Link to comment
Share on other sites

Help! My ZoneAlarm Pro just completed a scan and reported a trojan in CCleaner.exe . The name listed in my ZoneAlarmPro associated with the trojan is "Win32.Backdoor.Delf.cir". I quarantines it, which removed CCleaner.exe and my desktop icon for CCleaner. Has anyone else had a problem? I haven't looked at the Zone Alarm forums to see if there's information about it there.

 

David

I had the exact same issue. Been using CCleaner and Zonealarm for months without issue, so why would this trojan be flagged now if it's a false positive?

Updated CCleaner from filehippo a few days ago. Not 100% sure of details as I have deleted CCleaner as a precaution for now, but it was latest version.

 

Graham

Link to comment
Share on other sites

I had the exact same issue. Been using CCleaner and Zonealarm for months without issue, so why would this trojan be flagged now if it's a false positive?

Updated CCleaner from filehippo a few days ago. Not 100% sure of details as I have deleted CCleaner as a precaution for now, but it was latest version.

 

Graham

Hi Graham,

Did you get the same message or something different?

When did you get it?

 

When did you last update ZoneAlarmPro?

Have you checked Zone Alarm forum?

Thanks

:) davey

Link to comment
Share on other sites

Hi Graham,

Did you get the same message or something different?

When did you get it?

 

When did you last update ZoneAlarmPro?

Have you checked Zone Alarm forum?

Thanks

:) davey

Was the exact same trojan(Win32.Backdoor.Delf.cir) that was flagged.

I have ZAP anti-spy set to update and scan daily, so was flagged on my system this morning.

Have checked the ZA forum and there is one post entered today with same issue, but no replys as yet.

IIRC it was only in past 7-10 days that I updated to latest CCleaner version.

Cheers

Graham

Link to comment
Share on other sites

that's weird i'm using Zone Alarm security suite and it has never found a trojan. :blink: i'm sure that you have encountered a false positive :)

Now, it looks like there are 3 people anyway that have encountered this.

I would expect a lot more if it was a standard false positive as how many people out there are running CCleaner and ZAP with same definition updates?

Better go do some work now.

Cheers

Link to comment
Share on other sites

...Have checked the ZA forum and there is one post entered today with same issue, but no replys as yet. ...

I posted to the ZoneAlarm forum, so that was probably mine.

 

I had originally downloaded it from FileHippo perhaps 6 months ago. About a week ago I accepted an update from within CCleaner.

 

ZoneAlarm Pro is version 7.0

I also use AVG Free edition, AVG Anti-Rootkit, Secunia, Spy Sweeper, Primary Response SafeConnect, and Spybot Search and Destroy.

Using a Gateway XP Media Center.

Link to comment
Share on other sites

Zone Alarm found a trojan in CCleaner.

 

Hi, i have also had exactly the same trojan flagged up by Z A Pro. I downloaded CCleaner from file Hippo about a week ago and have run it 3/4 times. Z A Pro and CCleaner are both the latest versions. Upon deleting the trojan i then noticed that the CCleaner icon had just disappeared from the desktop screen, so decided to check this forum for any info about the problem before i reinstall CCleaner again. Since the original download of of CCleaner a week ago i have probably run the Z A pro scanner (full scan) a dozen or so times before it flagged the trojan up today.

Link to comment
Share on other sites

Zone Alarm found a trojan in CCleaner.

 

Hi, i have also had exactly the same trojan flagged up by Z A Pro. I downloaded CCleaner from file Hippo about a week ago and have run it 3/4 times. Z A Pro and CCleaner are both the latest versions. Upon deleting the trojan i then noticed that the CCleaner icon had just disappeared from the desktop screen, so decided to check this forum for any info about the problem before i reinstall CCleaner again. Since the original download of of CCleaner a week ago i have probably run the Z A pro scanner (full scan) a dozen or so times before it flagged the trojan up today.

Hello uno.imrite,

Thank you for the great report.You provided some good info about this recent history.

I am not familiar with ZAP. Does it do background running real-time or stand alone scanning.

Are any other security programs running at the same time.

 

Thanks again to everybody sending us reports.Keep us filled in.

:) davey

Link to comment
Share on other sites

See Broadband Reports Security forum topic at this link.

 

and Zone Alarm forum topic at this link.

 

HTH

 

EG

Hi egeezer,

Thanks for filling us in.

 

So now we know CCleaner will be removed by Microsoft Malicious Malware Tool.

FOR NOW DO NOT USE Microsoft Malicious Malware Tool OR YOU WILL HAVE TO RE-INSTALL CCleaner.

 

FOR NOW DO NOT request that CCleaner be deleted by ZoneAlarmPro OR YOU WILL HAVE TO RE-INSTALL CCleaner.

 

 

It has also been reported as a possible "false positive" to Microsoft

Good to hear from what I would call a Founding Member.

:) davey

Edited by davey
Link to comment
Share on other sites

Help! My ZoneAlarm Pro just completed a scan and reported a trojan in CCleaner.exe . The name listed in my ZoneAlarmPro associated with the trojan is "Win32.Backdoor.Delf.cir". I quarantines it, which removed CCleaner.exe and my desktop icon for CCleaner. Has anyone else had a problem? I haven't looked at the Zone Alarm forums to see if there's information about it there.

 

David

 

Hi David,

I have experienced the same problem as you have. I just installed the last version of CCleaner and it reported this trojan. Surprisingly, it did not report this trojan when I had the previous version. I have uninstalled and reinstalled it several times from various websites and it reports the same problem. I like this programe very much but I also trust the zonealarm which have never reported a false positive until now. I don't know. I might stick with th previous version instead of this one :) MY report found two files:

File: C:\Documents and Settings\Desktop\CCleaner.lnk

File: C:\Program Files\CCleaner\CCleaner.exe

Loren

Link to comment
Share on other sites

Hi David,

I have experienced the same problem as you have. I just installed the last version of CCleaner and it reported this trojan. Surprisingly, it did not report this trojan when I had the previous version. I have uninstalled and reinstalled it several times from various websites and it reports the same problem. I like this programe very much but I also trust the zonealarm which have never reported a false positive until now. I don't know. I might stick with th previous version instead of this one :) MY report found two files:

File: C:\Documents and Settings\Markon Malaj\Desktop\CCleaner.lnk

File: C:\Program Files\CCleaner\CCleaner.exe

Loren

I don't normally respond to posts like this very much once I've had my say, but in this case I have to. I work on a lot of different computers with different setups all the time. I've worked with a lot of antivirus programs and security software in general. All that being said, trusting ANY program to never have false positives, is just silly. THEY ALL DO! It may not happen often, and some are better than others, but there just isn't any perfect software, even CCleaner. However in this case the best bet after seeing it come up on several systems with ZoneAlarm, when we know CCleaner isn't being reported as infected by any other antivirus, then the conclusion is simple, your software is the one that's on the wrong side in this case. You're concluding that every other antivirus vender in the world is missing that CCleaner is infected. That's just not likely.

 

Mark the CCleaner files that have been found by ZoneAlarm as safe, or ignore, whatever is needed and be done with it.

 

Vic

VicLovan.com

http://www.viclovan.com/ccleaner2settings.htm

Link to comment
Share on other sites

Help! My ZoneAlarm Pro just completed a scan and reported a trojan in CCleaner.exe . The name listed in my ZoneAlarmPro associated with the trojan is "Win32.Backdoor.Delf.cir". I quarantines it, which removed CCleaner.exe and my desktop icon for CCleaner. Has anyone else had a problem? I haven't looked at the Zone Alarm forums to see if there's information about it there.

 

David

 

Hi David,

I have the same problem as you have. I uninstalled the latest version of CCleaner and a few days later during a zonealarm scan it reported the backdoor trojan that you have mentioned. I uninstalled and installed it several times but it reported the same trojan. Then I installed the previous version of CCleaner which is version 2.04.543 and then did another scan with zone alarm and surprisingly it did not report any trojan and came out clean. I uninstalled the 2.04.543 version and installed it again and then did another scan and it came up with a clean report. then I uninstalled version 2.04.543 and installed the latest version again 2.05.555 and ran a scan. It showed the same trojan again. So it looks like the latest version has this problem and it has to be taken care of. Right now I think I will use version 2.04.543 until further notice.

Cheers

Loren

Link to comment
Share on other sites

Hi egeezer,

Thanks for filling us in.

 

So now we know CCleaner will be removed by Microsoft Malicious Malware Tool.

FOR NOW DO NOT USE Microsoft Malicious Malware Tool OR YOU WILL HAVE TO RE-INSTALL CCleaner.

 

FOR NOW DO NOT request that CCleaner be deleted by ZoneAlarmPro OR YOU WILL HAVE TO RE-INSTALL CCleaner.

 

 

It has also been reported as a possible "false positive" to Microsoft

Good to hear from what I would call a Founding Member.

:) davey

 

Glad to shed some light on the scope of the situation - I am not a programmer, but could it be that something that was changed in the updater/version checker code might have triggered the FP? Usually a "backdoor" FP alerts on some call-home capabilities or functions of legitimate applications. If the updated code in 2.04.543 was modified as part of the update, that might be someplace to look.

Link to comment
Share on other sites

I just encountered the same trojan and i use ZoneAlarm Internet Security Suite- most updated recent version. I must say that i loved both programs. Since i switched from Norton my computer has been so much better protected. Norton would find the viruses and such but after they had done their damage, Zonealarm catches them as they enter. It has saved me over and over. It is quite slow, but it doesnt miss much if anything. I truly have %100 percent faith in it. Im not saying that it cant make mistakes though.

Now, i recently downloaded and used CCleaner and thought it was great too. I could delete things i never before could get to, and fix the registry for free, gotta love that. But then on my very first scheduled ZA scan, it found what it is saying to be a very serious trojan. In fact this is how it explains it...

 

"This program enables a remote user to control your computer. It runs in the background and opens a back door on your computer. The back door allows an unauthorized remote user to connect to and access your computer, circumventing your computer's security. When you connect to the internet, this program notifies the remote user that your computer is vulnerable. This program may also have built-in tools used to manage your files, run executables on your computer, control your mouse and CD tray, screens, and retrieve passwords, keystroke, and screen shots.

This trojan is frequently disguised as a useful program, or hidden inside other programs to get you to install them."

 

That is scary if you ask me, especially because i do think its a greatly useful program. What better way to gain access? The way the world is today, you can never be too careful.

I will only redownload CCleaner when its assured this trojan problem is gone. Im going to try the previous version as the other commenter stated its free of this problem.

Link to comment
Share on other sites

  • Moderators

It's a false positive. ;)

 

 

Some stuff people can verify to make sure they have matching checksums of CCleaner.exe:

MD5 Checksum: 2b7b12d9549198924a2a842330d00724

SHA1 Checksum: 81f118fa5df48e1f9378a73dc5550f0db360e7d3

 

 

All of these free online single file malware scanners find nothing, and deem CCleaner.exe as clean:

 

 

Link to comment
Share on other sites

Enough is enough!

 

For all you nervous Nellie users, who haven't figured out that this a a false positive.

 

Quickly unplug your computer from then Internet, turn off the power and box up that computer. Then as fast as you can go uncover the doors to that bomb shelter in your backyard and hide until I call you and give you the secret password that the all-clear is given.

 

OK so that's being a bit sarcastic, but do you really think that out of the MILLIONS of other users who have had no sign of infection, or the other programs that are hosted on the the same servers as CCleaner, and out of all of those you'd think there would be a serious call to arms. But there isn't, so don't you think you could just tell your antivirus program to ignore the CCleaner files and have it clean your system better than you could do it yourself? Stop worrying about a program that you really know in your heart is safe.

 

And just for a little run down about me and of what I use. I'm a computer tech who works on other people's computers at their location or back here at my home/shop. About 80% of the time the first thing I look at, regardless of what the call is about, is the security. I use the latest versions of - CCleaner, AVG AntiVirus, SpySweeper (AntiSpyware only), Spyware Doctor (free with the Google Pack), SUPER AntiSpyware, ClamAV, and just for good measure, sometimes Trend Micro House Calls, and my network is run by a SmoothWall 3.0. NONE of the security programs have flagged CCleaner.

 

The following is from Computer Associates (they're the ones who make the antivirus for Zone Alarm).

http://www.ca.com/securityadvisor/glossary.aspx#F

False Positive, False Negative

These terms derive from their use in statistics. If it is claimed that a file or boot sector is infected by a virus when in reality it is clean, a false positive (or Type-I) error is said to have occurred. Conversely, if a file or boot sector that is infected is claimed to not be infected, a false negative (or Type-II) error has been made. From an antivirus perspective, false negatives probably seem more serious than false positives, but both are undesirable. False positives can cause a great deal of down-time and lost productivity because proving a program cannot replicate under some condition or other is generally much more time consuming than discovering the conditions under which a viral program will replicate.

 

With good known-virus scanners, false positives are rare. However, they can arise if the scan string for a virus is poorly chosen, say because it is also present in some benign programs. False negatives are a more common problem with virus scanners because known-virus scanners tend to miss completely new or heavily modified viruses. False positives have, historically, been quite a problem for scanners that make heavy use of heuristic detection mechanisms.

 

Another related, serious problem is the situation where a scanner detects a virus, but incorrectly identifies which. Such misdiagnosed positives can lead to terrible problems if the scanner, or its user, then engages in a virus-specific disinfection routine based on detailed knowledge of the 'detected' virus' characteristics. 'Generic disinfection' procedures are not entirely immune from such problems either.

 

School is out, now run along and play.

 

Good Luck!

Vic

VicLovan.com

http://www.viclovan.com/ccleaner2settings.htm

Link to comment
Share on other sites

Lol, the average computer user depends on their anti-virus and spyware programs to detect just that, viruses and spyware. We are not computer savvy enough to find the things on our own or even know what false negatives or false positives are. When we run into a situation where a trusted AV program tells us that an item is bad, we take heed and even take the time to discuss the problem- if only for assurance- before we delete it permanently, or find out its a false positive. That is what this forum is here for. Being condensending is never a good thing and it most definetly doesnt solve problems. In fact it can only lead to people being reluctant to post future questions or concerns. With that in mind, id like to add this question. I hope the answer doesnt make me feel more stupid.

Do false positives and negatives apply to trojans and/or spyware as well as viruses? The reason i ask is that my AV said that it is a trojan, not a virus as others have implied. And does that make a difference?

I was thinking that if it isnt quite as bad, i maybe can just go to my basement instead of the whole way out to the shelter.

Link to comment
Share on other sites

  • Moderators
Do false positives and negatives apply to trojans and/or spyware as well as viruses?

Yes!

 

Anti-malware programs, i.e.; anti-virus and anti-spyware can give a false positive. For instance some anti-spyware programs may detect perfectly valid entries in the Windows HOSTS file and in Internet Explorer's Restricted Sites as a hijack when in fact they aren't which results into a false positive.

Link to comment
Share on other sites

Help! My ZoneAlarm Pro just completed a scan and reported a trojan in CCleaner.exe . The name listed in my ZoneAlarmPro associated with the trojan is "Win32.Backdoor.Delf.cir". I quarantines it, which removed CCleaner.exe and my desktop icon for CCleaner. Has anyone else had a problem? I haven't looked at the Zone Alarm forums to see if there's information about it there.

 

David

Yes same thing here, over, and over. tried to download it from majorgeeks.com and downloads.com but it always comes with the trojan. At first I quarantied it but then deleeted and yes it shuts down CCleaner but the setup is still left in and just nowwent to add/remove and got rid of it....Too bad because I have used CCleaner for about 3 yrs. I did the deep zonealarm scan on it 4 times with the same result, so I wont be downloading it again.

Link to comment
Share on other sites

Yes same thing here, over, and over. tried to download it from majorgeeks.com and downloads.com but it always comes with the trojan. At first I quarantied it but then deleeted and yes it shuts down CCleaner but the setup is still left in and just nowwent to add/remove and got rid of it....Too bad because I have used CCleaner for about 3 yrs. I did the deep zonealarm scan on it 4 times with the same result, so I wont be downloading it again.

 

Once again, the smart thing to do is submit the file to ZoneAlarm so that they can finally FIX this false positive, which they ought to do in a hurry, at least if they care about their reputation.

 

As Andavari already said, you can upload the installer at Virtustotal, where it will be scanned simultaneously by over 30 different antiviruses, including ALL the top brands, and you'll find that none of them will find anything wrong with it.

Link to comment
Share on other sites

Once again, the smart thing to do is submit the file to ZoneAlarm so that they can finally FIX this false positive, which they ought to do in a hurry, at least if they care about their reputation.

 

I'm running Zone Alarm's Internet Security Suite and I also have been getting a Win32.Backdoor.Delf.cir virus notice. There is no way to go in and exclude this in ZA.

 

Previous versions of CCleaner run fine, it's just this latest version.

 

I'd be happy to submit this to ZA if I knew how, but since it's just this last CC version and other AV programs are showing it as a virus also, shouldn't Piriform do an update to fix the problem?

 

I love CCleaner and don't want to give it up!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.