Jump to content
Piriform Community Forums
64bit Grunge

Warning re Virus in CCleaner download

Recommended Posts

Hi,

 

(Apologies if this has arisen before or is in the wrong forum, please move it appropriately to the appropriate forum.)

 

 

I downloaded CCleaner on the 16th June 2010 from Filehippo. (ccsetup232.exe)

 

Because I strive to run a clean system, my anti virus program picked up Mal/Generic-L when installing CCleaner. The virus is in s415log.exe which is produced by CCleaner in the temp folder.

 

I thought it was my mistake, and I thought this was a case of a false positive warning, but just to check I sent the file to Sophos for analysis and they confirmed that it does indeed contain a virus.

 

Although there is the possibility that the FileHippo Server may have introduced the virus, the fact that it did not appear until after unzipping makes me think that the virus was present at the time of creation.

 

I thought it sensible to contact you and advise you, as it may affect everyone who has downloaded this file.

 

Grunge

 

 

------------

CONFIRMATION CORRESPONDENCE WITH SOPHOS

------------

 

To Sophos:

 

 

Here's an extract from my Sophos log file..

 

...

20100611 130244 File "C:\Documents and Settings\Surfer\Local Settings\Temp\s415log.exe" belongs to virus/spyware 'Mal/Generic-L'.

20100611 130244 On-access scanner has denied access to location "C:\Documents and Settings\Surfer\Local Settings\Temp\s415log.exe" for user THINGT-XP\Surfer

..... 20100611 132004 Using detection data version 4.54G (detection engine 3.7.1). This version can detect 1711507 items. ....

 

I also include the actual file I downloaded - ccsetup232.exe - (incl. some screen dumps of what I clicked on), and which was the executable run. I have zipped this, password = *** .....

 

Hope this is of help. Your advice is appreciated.

 

Regards

 

Grunge

 

-----------

 

 

On 18 Jun 2010, at 08:57, <support@sophos.com> wrote:

 

Hi Grunge,

 

Our labs have just finished going through the samples you provided - please see the results below:

 

- ccsetup232.exe is only detected under Application Control as Yahoo! Messenger

- s415log.exe is detected as Mal/Generic-L - the file copies itself into C:\Documents and Settings\support\Local Settings\Temp\s209log.exe and has been identified as a Trojan downloader

 

Hope it helps - please let me know if you have any questions.

 

Regards,

 

Jacek Majewski

Sophos Technical Support

http://www.sophos.com/support'>http://www.sophos.com/support/services/technical.html'>http://www.sophos.com/support/services/technical.html

 

Support knowledgebase: http://www.sophos.com/support

Subscribe to email notifications: http://www.sophos.com/security/notifications'>http://www.sophos.com/security/notifications

New! SophosTalk community (discussion forums): http://community.sophos.com'>http://community.sophos.com

 

SOPHOS - simply secure

 

 

-----Original Message-----

From: support@sophos.com

Sent: 2010-06-17 12:01 PM

To: grunge

Cc:

 

Hi Grunge,

 

Can you please send the file to the labs following the information below:

 

http://www.sophos.com/support/knowledgebase/article/11490.html

 

suspicious files sent to support are simply removed.

Please let me know when you have had a chance to go through this.

 

 

Regards,

 

Jacek Majewski

Sophos Technical Support

http://www.sophos.com/support/services/technical.html

 

Support knowledgebase: http://www.sophos.com/support

Subscribe to email notifications: http://www.sophos.com/security/notifications

New! SophosTalk community (discussion forums): http://community.sophos.com

 

SOPHOS - simply secure

 

 

-----Original Message-----

From: grunge

Sent: 2010-06-17 11:44 AM

To: supportuk@Sophos.com,

Cc:

________________________________

 

WARNING: One or more of the attachments (s415log.zip, ccsetup232.zip) in this e-mail have been removed because they might exhibit potentially malicious behaviour.

 

The original attachments have been automatically sent to Sophos Labs for analysis. If the attachments are clean, you should receive them within 30 minutes of this e-mail.

post-38250-127686671867_thumb.jpg

Share this post


Link to post
Share on other sites

We've rechecked all our installers, and they're all fine and virus free.

My guess is that the s415log.exe file came from another installer.

Share this post


Link to post
Share on other sites

We've rechecked all our installers, and they're all fine and virus free.

My guess is that the s415log.exe file came from another installer.

 

Hmmm... Mysteryousandmysterous...

 

I'll recheck my system tonight just in case another virus has got through.. :-(

 

 

Sorry in advance if I've made a mistake... I'll get back to you guys

 

 

Thanks Mr G

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×