Jump to content
CCleaner Community Forums
joao_gomes

Trojan in version 2.28.1091

Recommended Posts

I've uploaded the version 2.28.1091 instalation file in virustotal.com website and eSafe report "Win32.TrojanHorse" on it.

 

Here's the virustotal scan link:

 

http://www.virustotal.com/en/analisis/16a78d2e40d864f084442a1cddfdf7713ec9346cdfe23688357e5b885157b7c2-1267549933

 

I've download all the files from FileHippo.

 

Can someone help me here?

Tanks in advance

Share this post


Link to post
Share on other sites
I've download all the files from FileHippo.

 

Can someone help me here?

I've never had any problem downloading and installing any Piriform app from FileHippo. Is that the only virus checker you use? ;)

Share this post


Link to post
Share on other sites

As you've probably noticed a 1/40 match isn't exactly an overwhelming result so I think you'll find it's a false positive.

Virustotal uses a detection method called heuristics which I'm sorry to say is frankly overkill and rather unreliable.

 

Richard S.

Share this post


Link to post
Share on other sites
I've uploaded the version 2.28.1091 instalation file in virustotal.com website and eSafe report "Win32.TrojanHorse" on it.

 

Here's the virustotal scan link:

 

http://www.virustotal.com/en/analisis/16a78d2e40d864f084442a1cddfdf7713ec9346cdfe23688357e5b885157b7c2-1267549933

 

I've download all the files from FileHippo.

 

Can someone help me here?

Tanks in advance

Nowadays you're almost guaranteed a false positive or several via virustotal and similar sites. Partly due to the advancements to antivirus software and partly due to advancements to every other piece of software you may have scanned. Many programs utilize code and procedures of similar functionality of identified malware.

Share this post


Link to post
Share on other sites

Also why are you downloading not 2.29?

Share this post


Link to post
Share on other sites
Also why are you downloading not 2.29?

 

Actually all started when I downloaded version 2.29.1111 to upgrade from 2.28.1091.

As I always do I check the file in virustotal and receive a report from "Symantec" named "Suspicious.Insight".

I found that strange because, as far as I could remember, all previous versions of CCleaner reported completely clean from virustotal.

So that's why I decided to check again the 2.28.1091 version.

I am sure that on the first time it came clean, so to my surprise, on the second time it reported the trojan.

I thought the file could became infected on my disk so i decided to download a new one from FileHippo but the report came the same.

I still have the file of the 2.27.1070 version and that one is clean.

Anyway, I've check again the latest 2.29.1111 and now it doesn't report nothing so that's the version I'm using right now.

 

To Lucky10:

The virus checker I have is AVG Free, but since I've found the virustotal website I use it to check the files too.

I guess that having 42 tests is better than just one.

I know that sometimes we have a false positive but, althought it was 1 out of 40, how can we be sure??

 

I think that it was the best interest of all if the guys at Piriform clear this with the antivirus maker, because in the end, if it is not a trojan it should not report as a trojan.

 

Thansk for all of your answers

Best regards

Jo?o Gomes

Share this post


Link to post
Share on other sites

Symantec's Suspicious.Insight means "few people using Norton are using this file". It doesn't mean there's a virus.

Share this post


Link to post
Share on other sites
I know that sometimes we have a false positive but, althought it was 1 out of 40, how can we be sure??

Because it's far more likely the 1 out of 40 is wrong than the other 39 out of 40 are wrong.

Share this post


Link to post
Share on other sites
Because it's far more likely the 1 out of 40 is wrong than the other 39 out of 40 are wrong.

 

Which is exactly the point of using a service like VT to make certain, now if you had 19/34 maybe that would be different;even then though many Virus checker false spot anything that edits/cleans registry and protected folders. to summarize cCleaner is in no way a virus/Trojan/or any other type of malware

Share this post


Link to post
Share on other sites

I have been using Norton Internet Security now for 2 years. I just purchased and installed version 2010. It has NEVER missed a single virus, worm or any type of malware. I also downloads CCleaner 2.28 before downloading version 2.29, and Norton checks every download with all sorts of advanced features, and it found nothing. I agree with several other replies that you received a "False Positive". I have enough faith in my Norton Anti-Everything protection, which replaces Windows Firewall and Windows Defender with its own Firewall and superior features to Defender that are much more reliable, as they interfere with Norton Internet Security running properly.

 

I have checked every file on my computer with "Deep Scans", and I have yet to find anything bad. The only viruses it quarantined were attached to emails that I received from pin heads that have nothing better to do than try to destroy other peoples equipment. Both were Trojan Horse viruses.

 

Sleep tight. I would bet anything that you didn't get a virus in CCleaner 2.28 unless you downloaded it from a questionable Web site, or received it from a friend. Filehippo is the only place to get the program safely in my opinion.

 

pdelta

Share this post


Link to post
Share on other sites

Crappy antivirus software giving false positives? Who would have thought?

 

People need to get a clue... Sorry, don't want to be rude... But something about the people reporting these viruses gives me the idea they're the kind of people who think you can still get a virus even if your computer is disconnected from the internet.

 

Move on already.

Share this post


Link to post
Share on other sites
But something about the people reporting these viruses gives me the idea they're the kind of people who think you can still get a virus even if your computer is disconnected from the internet.

 

I didn't say it was a "virus", only that McAfee reported a Trojan -- I'm only the messenger ;)

Share this post


Link to post
Share on other sites

Virus, trojan, infection, what ever you want to call it.

 

1 of 40 antivirus programs reporting a "trojan" is nothing to be alarmed about. The fact that people would even bother scanning ccleaner with virustotal boggles my mind.

 

But anyway i'm cranky today, so i'll just stop. Carry on with the paranoia. Make sure to check for rootkits and keyloggers!

Share this post


Link to post
Share on other sites

Thank you GraphiteFingers for posting that McAfee was reporting a trojan connected to ccleaner.

 

If you would be kind enough to report this false positive to them I'm sure they will update their definition files quickly as other av companies do in this sort of situation.

 

Welcome to the forum :)

Share this post


Link to post
Share on other sites

I upgraded to the latest version of Cleaner today, no problems with the download whatsoever. Later I ran a full system virus check and McAfee detected and quarantined the EXE file for one of the OLDER versions on my drive.

 

The version was 227.

 

The file was CCSETUP227.EXE.

 

The Trojan detected was: Generic.dx!psw

Share this post


Link to post
Share on other sites

McAfee has obviously got a false positive regarding ccleaner in one of it's definition files.

 

Perhaps you could contact them with this info then they can update their defs to eliminate this false positive.

 

Welcome to the forum GPS :)

Share this post


Link to post
Share on other sites
But something about the people reporting these viruses gives me the idea they're the kind of people who think you can still get a virus even if your computer is disconnected from the internet.

Yep count me in there ... do you think you can't?

Share this post


Link to post
Share on other sites
Yep count me in there ... do you think you can't?

+1 +1 +1

(Floppy, USB, CD, Coughing :blink:;) )

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...