Jump to content

CCleaner Trojans


walsh2509

Recommended Posts

Hi ,

I had a problem with my Disk Cleanup sticking , and was told that CCleaner was the appilcation to go for. So last night I installed CCleaner and ran it , seemed to be fine cleaning my registry and other older files.

 

I came in tonight to see that my AVG anti-virus was running on a pre-set scan, I had a look as I had ran one the day before and to my horror I seen that I had some Trojans.

 

TROJAN HORSE .. SHeur2.EIZ

 

So far the AVG says I have 4 threats.

 

ccsetup214.exe/2009.exe in My Documents

ccsetup214.exe in My Documents

 

And twice in my

System Volume Information/restore .. A0137264.exe/2009.exe

System Volume Information/restore .. A0137264.exe

Link to comment
Share on other sites

Hi!

 

Sounds really weird imo because what I have experienced CCleaner is 100% free from malware. Don't you think it could be false alarms? Upload the "infected" files at www.virustotal.com and you will find the answer. Dont forget to make a short contribution here afterwards! :)

Link to comment
Share on other sites

It sounds more like antivirus2009 infections that are sometimes really nasty and a bit hard to remove.

 

I would download MBAM then update it then run a Quick scan and let it remove what it detects and a reboot may be required to remove locked files:

http://www.malwarebytes.org/mbam.php

"Education is what remains after one has forgotten everything he learned in school." - Albert Einstein

IE7Pro user

Link to comment
Share on other sites

walsh2509, when you downloaded the installer file for CCleaner, did you save it to the "My Documents" folder, ie: the location flagged by AVG? And did you download it from FileHippo?

If so, the first of those entries is almost certainly a FP.

The second...not so certain. Locate that particular file if you can, the "ccsetup214.exe/2009.exe" one. The name is suspicious.Right click it, select properties, then the "version" tab, and report what it is.

It should appear to be similar to the picture. The "File Version" of mine is 2.0.0. The "language" reads "neutral". The "product name" is "CCleaner".

 

The detection is heuristic, so it is more likely to be a fp than if it was detected using signatures. The detections in "system volume information" are probably the same ones, kept in system restore. Not a problem, for now.

 

Incidentally, AVG is starting to get itself quite a reputation for its false positives, so far.

post-8115-1229331965_thumb.jpg

post-8115-1229331965_thumb.jpg

Link to comment
Share on other sites

Be very careful of AVG. I've used it for years but in the last few months it has deleted - yes, DELETED - no less than 4 programs that were NOT infected with anything. Digging around in Windows Explorer one day I found an Access file that is the whole year's accounting for my husband's business for 2002 in AVG's Virus vault. I'm just lucky it didn't delete that too. I'm afraid to let AVG run. Time to get something else. <_<

Link to comment
Share on other sites

As you can see in the message from AVG, this detection was not an exact one but only by heuristics... heuristics are not precise and may yield false positives.

 

--panoramacat.

 

 

I have been using CCleaner for a while now,when I updated to 215 last nite I ran a clamwin virus scan on the file and it came up with a trojan and quarantined the file I think its an fp but not sure. any one have any thoughts .

Link to comment
Share on other sites

Try uploading the file to Virus Total for a multi-scanner online analysis. Chances are it has already been examined, if not, wait for the scan to complete, and you'll get a list of results from a large number of popular virus scanners.

Other things to check: does the md5 (electronic fingerprint) of the file match that advertised on the download site? If so, high probability of a FP.

(There are various downloadable tools that can give you the md5 of a file. Some AS scanners have it built in to their toolkits.)

Link to comment
Share on other sites

Try uploading the file to Virus Total for a multi-scanner online analysis. Chances are it has already been examined, if not, wait for the scan to complete, and you'll get a list of results from a large number of popular virus scanners.

Other things to check: does the md5 (electronic fingerprint) of the file match that advertised on the download site? If so, high probability of a FP.

(There are various downloadable tools that can give you the md5 of a file. Some AS scanners have it built in to their toolkits.)

 

Thanks for the help. the md5 matches and only 1/38 came up as suspicious on VIRUS TOTAL scan so it looks to be an fp result.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.