Jump to content

Zone Alarm found a trojan in CCleaner


Recommended Posts

I'm running Zone Alarm's Internet Security Suite and I also have been getting a Win32.Backdoor.Delf.cir virus notice. There is no way to go in and exclude this in ZA.

 

Previous versions of CCleaner run fine, it's just this latest version.

 

I'd be happy to submit this to ZA if I knew how, but since it's just this last CC version and other AV programs are showing it as a virus also, shouldn't Piriform do an update to fix the problem?

 

I love CCleaner and don't want to give it up!

 

So Gadfly, you are saying that other AVs are reporting it as a virus as well? I thought everyone was saying it was only ZoneAlarm- which i'm running as well and think is the best out there. If other AVs are reporting it too, then of course it would be a Piriform problem, but i think it is only ZoneAlarm. If omeone else has it being detected by another AV please let us know which ones. I hope it gets fixed by someone cause i dont want to lose CCleaner either.

Link to comment
Share on other sites

  • Moderators
If omeone else has it being detected by another AV please let us know which ones.

I agree that if other AV's are detecting it they should be listed as well. However the single file anti-malware scanning sites like Jotti and VirusTotal that use a myriad of scanners detect absolutely nothing.

 

I don't see it as a "Piriform bug" it's just some anti-virus giving a false positive, and who knows what in their definitions are causing it. It's up to the anti-virus vendors to fix false positive detections in their software.

Link to comment
Share on other sites

Here is where to go to report such things to ZoneAlarm...

 

http://smartdefense.zonealarm.com/tmpl/bod...c_reporting.jsp

 

As far as their reputation- It is always rated at the top as far as virus detection goes, it uses the Kapersky engine. And as far as "false positives", ZA encourages them to be sent in.

 

For anyone who may doubt the quality of ZoneAlarms product or their reputation, Id have you read their review by ZDNet... a direct quote...

"Intro of ZoneAlarm Security Suite

ZoneAlarm's Security Suite is one of the best security suites we have seen. Its interface is far easier to use and understand than the competition's, and its feature set puts the comparably priced Norton Internet Security and McAfee Internet Security to shame. Overall, ZoneAlarm Security Suite is the suite to beat for all-around Internet security and privacy, whether you use your PC from home or take the corporate laptop out on the road."

 

I just feel its sometimes good to mention some positive things about a product when conversation arises about possible negatives. Basically false positives happen to the best AV programs out there, but when they do, consideration should be looked at both ways until it is confirmed. There is such a thing as missed detections as well. It is very unlikely, but maybe the other AVs just are not up to par on the newest threats such as this one. To suggest people should overlook any threat before its properly researched is simply not a good practice. The file could have been added to the program by the download site for all we know. I will wait until its resolved before i just ignore it or put in an exception to the search. Its truly better to be safe than sorry.

Link to comment
Share on other sites

this really getting weirder and weirder i am using ZA security suite here..and since you guys posted these issue here it hasn't found a trojan. i have the latest virus and program updates and im wondering why you guys kept getting these 'false positives". :o

Link to comment
Share on other sites

this really getting weirder and weirder i am using ZA security suite here..and since you guys posted these issue here it hasn't found a trojan. i have the latest virus and program updates and im wondering why you guys kept getting these 'false positives". :o

 

If what you are saying is true than it suggests the possibility that the file could have been added to the program by certain download sites or somewhere in between. I mean, how could the same antivirus find a file in my CCleaner but not yours??? I dont fully understand this, so again, i am definetly waiting for a response by ZoneAlarm.

Link to comment
Share on other sites

putting this here to get it into the discussion.

 

everything in this discussion happened several times here too.

 

also

 

o i got a report at the same time on za and spyware doctor.

 

the CCleaner on my other machine is current, but downloadd earlier.

 

the problems reappears on my laptop.

 

please send a general response to all members when the truth is finally established so i can put CCleaner back on my laptop safely.

 

 

Tonyd

Link to comment
Share on other sites

Hi egeezer,

Thanks for filling us in.

 

So now we know CCleaner will be removed by Microsoft Malicious Malware Tool.

FOR NOW DO NOT USE Microsoft Malicious Malware Tool OR YOU WILL HAVE TO RE-INSTALL CCleaner.

 

FOR NOW DO NOT request that CCleaner be deleted by ZoneAlarmPro OR YOU WILL HAVE TO RE-INSTALL CCleaner.

 

 

It has also been reported as a possible "false positive" to Microsoft

Good to hear from what I would call a Founding Member.

:) davey

 

Latest Updates

http://forums.zonelab.com/zonelabs/board/m...essage.id=27695

Zone Alarm technical says it is a confirmed "false positive".

Broadband Reports: Microsoft reports it is clean and a "false positive".

http://www.dslreports.com/forum/r20194772-

Link to comment
Share on other sites

Enough is enough!

 

For all you nervous Nellie users, who haven't figured out that this a a false positive.

 

Quickly unplug your computer from then Internet, turn off the power and box up that computer. Then as fast as you can go uncover the doors to that bomb shelter in your backyard and hide until I call you and give you the secret password that the all-clear is given.

 

OK so that's being a bit sarcastic, but do you really think that out of the MILLIONS of other users who have had no sign of infection, or the other programs that are hosted on the the same servers as CCleaner, and out of all of those you'd think there would be a serious call to arms. But there isn't, so don't you think you could just tell your antivirus program to ignore the CCleaner files and have it clean your system better than you could do it yourself? Stop worrying about a program that you really know in your heart is safe.

 

And just for a little run down about me and of what I use. I'm a computer tech who works on other people's computers at their location or back here at my home/shop. About 80% of the time the first thing I look at, regardless of what the call is about, is the security. I use the latest versions of - CCleaner, AVG AntiVirus, SpySweeper (AntiSpyware only), Spyware Doctor (free with the Google Pack), SUPER AntiSpyware, ClamAV, and just for good measure, sometimes Trend Micro House Calls, and my network is run by a SmoothWall 3.0. NONE of the security programs have flagged CCleaner.

 

The following is from Computer Associates (they're the ones who make the antivirus for Zone Alarm).

http://www.ca.com/securityadvisor/glossary.aspx#F

 

 

School is out, now run along and play.

 

Good Luck!

Vic

VicLovan.com

http://www.viclovan.com/ccleaner2settings.htm

 

I also have been running Zone Alarm and CCleaner for some time. The last version is when the Trojan message started. I also have Spywaredoctor fro PCTools and it also detects the same in CCleaner.

 

It is a pain because I have to keep re-installing CCleaner.

 

I will re-update everything on a different PC and try again.

 

I m runnng XP Pro on each PC.

Link to comment
Share on other sites

I also have been running Zone Alarm and CCleaner for some time. The last version is when the Trojan message started. I also have Spywaredoctor fro PCTools and it also detects the same in CCleaner.

 

It is a pain because I have to keep re-installing CCleaner.

 

I will re-update everything on a different PC and try again.

 

I m runnng XP Pro on each PC.

Hi Laverne,

I am not familiar with the either Zone Alarm or Spywaredoctor.

Don't these give you the option to Exclude or Ignore rather than automatically removing CCleaner.

This is the first I have seen anywhere reporting that Spywaredoctor detects this.

What does it report and when?

Have you tried the latest CCleaner version v2.06 .

:) davey

Link to comment
Share on other sites

This is how to rid yourself of the problem...

 

#1. Make sure you got the newest updated CCleaner 2.06.567

 

#2. Make sure you update ZoneAlarm to their most recent 7.0.470.000

 

*** You may think your updated just by running the update feature under the Anti-virus spyware tab- that just updates the definitions, well you need to go to Overview and click on the Preferences tab to update the actual Anti-virus and spyware engines.***

 

Do both and it eliminates the problem and CCleaner is back in use.

 

One interesting note is that after i then ran the virus scan it found a new virus...Backdoor.win32.Radmin.ag... but upon deletion it did not eliminate CCleaner. Let me know if anyone else gets the same response.

 

Also, just for information purposes, i seen it asked several times but never answered...if anyone ever needs to exclude items from future searches-

 

Under the Anti-virus/ Anti-spyware heading, click the Main tab and at the bottom click on Advanced Options. When the box pops up click on Eceptions in the left pane of options, then just add whatever it is you want.

--------------------------------------------------------------------------------------------------

UPDATE

 

2 more viruses caught since the new update, backdoor.win32.Zlob.jpu and backdoor.win32.Zlob.ius. I wasnt even scanning, Zonealarm jus popped up a window saying they were caught after attempting to run scripts or something. They were not caught while they were dormant during the scan a few hours ago.

 

all 3 are quaranteened and CCleaner is still available, thats a good sign i guess.

 

Please tell me if anyone else gets all these new ones as well.

Link to comment
Share on other sites

  • 2 weeks later...
This is how to rid yourself of the problem...

 

#1. Make sure you got the newest updated CCleaner 2.06.567

 

#2. Make sure you update ZoneAlarm to their most recent 7.0.470.000

 

*** You may think your updated just by running the update feature under the Anti-virus spyware tab- that just updates the definitions, well you need to go to Overview and click on the Preferences tab to update the actual Anti-virus and spyware engines.***

 

Do both and it eliminates the problem and CCleaner is back in use.

...

 

I linked the above post to Broadbandreports topic for more exposure - See

 

http://www.dslreports.com/forum/r20276381-Update

 

I'm guessing changes were made in CC's as well as ZA's application - Possibly having to do with the CC updater piece being the trigger. I''m sure the CCleaner developers can elaborate, confirm or correct this.

 

Based on your AV detection results, I'd say you're surfing in some interesting territory and/or downloading some dodgy CODECs.

Link to comment
Share on other sites

  • 4 weeks later...

My Zone Alarm warns me of 'Suspicious Behavior" when I try to use my new version of CCleaner v.2.07.575. It says CCleaner is trying to launch C:\WINDOWS\system32\rundll32.exe, or use another program to gain access to privileged resources.

 

I am ignorant of all the computer technology. I have no idea if this is concerning some sort of trojan or not. I was simply concerned since I have been using CCleaner for a long time without anything like this appearing.

 

I use CCleaner several times every day.

 

Thank you.

Link to comment
Share on other sites

  • Moderators
My Zone Alarm warns me of 'Suspicious Behavior" when I try to use my new version of CCleaner v.2.07.575. It says CCleaner is trying to launch C:\WINDOWS\system32\rundll32.exe, or use another program to gain access to privileged resources.

This is just a guess on my part, however do you have this setting enabled in CCleaner's Options->Settings:

Automatically check for updates to CCleaner

Link to comment
Share on other sites

This is just a guess on my part, however do you have this setting enabled in CCleaner's Options->Settings:

Automatically check for updates to CCleaner

No sir. I prefer not to use automatic updates because often the update comes at an inconvenient time no matter what time I select.

Link to comment
Share on other sites

No sir. I prefer not to use automatic updates because often the update comes at an inconvenient time no matter what time I select.

Hello anthro,

CCleaner does things things that most programs don't do.Many anti-virus programs get "suspicious" about it.As you can tell from this thread,sometimes there are "false positives" and sometimes CCleaner gets deleted or quarantined.

Zone Alarm will probably make some tweaks to adjust for this.

No one has reported an actual infection caused by CCleaner as long as you only download from Filehippo.com or Alternative download.

I wouldn't worry at all.

:) davey

Link to comment
Share on other sites

Hello anthro,

CCleaner does things things that most programs don't do.Many anti-virus programs get "suspicious" about it.As you can tell from this thread,sometimes there are "false positives" and sometimes CCleaner gets deleted or quarantined.

Zone Alarm will probably make some tweaks to adjust for this.

No one has reported an actual infection caused by CCleaner as long as you only download from Filehippo.com or Alternative download.

I wouldn't worry at all.

:) davey

 

Thank you, davey.

 

When I receive my "suspicious behavior" notice, should I allow opost-16547-1209957878_thumb.jpgr deny access? I have been denying access and CCleaner seens to be working, but am I not permitting access needed for the application to work properly?

post-16547-1209957878_thumb.jpg

Link to comment
Share on other sites

Thank you, davey.

 

When I receive my "suspicious behavior" notice, should I allow opost-16547-1209957878_thumb.jpgr deny access? I have been denying access and CCleaner seens to be working, but am I not permitting access needed for the application to work properly?

You say " I have been denying access and CCleaner seens to be working".I would think it was the other way around. or did you really mean to say "allowing" access.I think you should say "allow" and also check the box to "apply this setting to all suspicious behavior by this application.

:) davey

Edited by davey
Link to comment
Share on other sites

You say " I have been denying access and CCleaner seens to be working".I would think it was the other way around. or did you really mean to say "allowing" access.I think you should say "allow" and also check the box to "apply this setting to all suspicious behavior by this application.

:) davey

 

No sir. I have actually been clicking "deny" on the suspicious behavior warning from Zone Alarm. The whole time, CCleaner is going through files and deleting some. I have been afraid to click "allow" until I know for certain it is safe.

 

Every time I start using CCleaner, that same warning comes up, and I click "deny"..

 

Thank you

Link to comment
Share on other sites

No sir. I have actually been clicking "deny" on the suspicious behavior warning from Zone Alarm. The whole time, CCleaner is going through files and deleting some. I have been afraid to click "allow" until I know for certain it is safe.

 

Every time I start using CCleaner, that same warning comes up, and I click "deny"..

 

Thank you

I thought you might say that.

If you have the option checked at Options > Settings > Automatically check for updates to CCleaner,turn that option off.I suspect the CCleaner program is trying to connect to the Internet.

This may be the suspicious behavior that Zone Alarm is responding to.

What is happening on the Zone Alarm forum regarding this?

Have you reported it there also?

:) davey

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.