Jump to content
CCleaner Community Forums
Chouette

CCleaner V4.09 contains trojan virus

Recommended Posts

I downloaded and installed the new update v4.09 on 17th December and my anti-virus program detected a trojan virus and deleted the file. This is worrying as I have used CCleaner for quite some time with no issues before. I tried to find a way to contact Piriform but was unsuccessful so have joined this forum for their attention.

Share this post


Link to post
Share on other sites

ive download ccleaner update and my computer now HAS computer has virus too

 

WHY?????????????????????????/

 

im using nod 32 eset is this an actual virus or what??? never had a virus from this software before

Share this post


Link to post
Share on other sites

I also recently installed the version 4.09.4471, am running AVG IS and found no viruses.

It could be a false positive thrown up by NOD32.

 

As @hazelnut asks, where did you get CC from?

What file is NOD32 saying is infected?

What is the infection?

Share this post


Link to post
Share on other sites

I downloaded from Piriform as usual. Antivirus is McAfee VirusScan Enterprise + AntiSpyware Enterprise. The file name msi4142exe detected as RDN/Generic, type Trojan which it deleted. This was found on CCleaner64exe.

 

What is NOD32?

Share this post


Link to post
Share on other sites
It's a false positive!



File Name: ccsetup409.exe
Has valid digital signature, signed: Tuesday, December 17, 2013 8:24:11 AM
MD5 Hash: 90B4989B832A57D261F0AB51F143E97A
SHA-1 Hash: 932E042070F1567ED5A116E98E3C04D7D07E0681


Both Piriform.com and FileHippo.com have matching hashes, i.e.; the downloads are identical.

 

Another site scan result to add to Kroozer's list with 40 antivirus scanners deeming it as 100% clean:


Share this post


Link to post
Share on other sites

Antivirus program, flagging the Google Tool Bar bundle which you can decline, or wait for the slim build.

 

I checked three Security sites and here are the results.

 

http://r.virscan.org/f40fb16cee93a9a67d140997cab90970 1 out of 37 NOD32(which is ESET)

http://virusscan.jotti.org/en/scanresult/e43f2c739376697004cff67739b3ca88318c56c9/9bb4493f10131db7ddfd540b2d5dfec929f3c125 1 out of 23 ESET

https://www.virustotal.com/en/file/522b29f9cae71206a5cd6e28dd0646ab4f57b5fdcedf498f4d78d71ac74030f9/analysis/ 1 out of 49 ESET

 

According to kroozer's results, ESET is the one that consistently flags the Google Tool Bar installer as potential malware. I decided to go to the source, Google, and download the installer by itself ( filename: GoogleToolbarInstaller_en32_signed.exe). Here are the results when running this file through the same three security sites:

 

http://r.virscan.org/report/9e91214349911d3e0b7d33081d141a0d.html 2 out of 37 ClamAV and F-Prot

http://virusscan.jotti.org/en/scanresult/05b8b27ec3e641b9db05cc45ce79beee8758532b/d8c8a77353ca27081765560c2b6d7a7338f77468 1 out of 23 ClamAV

https://www.virustotal.com/en/file/1f85e871db078e45a653ba98dd30c19500191421a7060c4609dd5fa407d82bc5/analysis/1387684029/ 0 out of 49

 

So one version of the Google Toolbar Installer, the one that it is bundled with the CCleaner Installer, is detected only by ESET as malware. But the Google Toolbar Installer, downloaded directly from Google, is ignored by ESET but detected by ClamAV twice and F-Prot once as malware. Anyone care to explain this? It certainly is puzzling to me.

 

kroozer - I hope you don't mind me editing your post, I just wanted to clarify things for everyone. 

Share this post


Link to post
Share on other sites

I'm inclined to think that they are two different versions of the Google Toolbar. Or an earlier and later version perhaps. Maybe I'm trying too hard to be logical here, but if they were exactly the same, then ESET either should have flagged both, or ignored both.

Share this post


Link to post
Share on other sites

According to kroozer's results, ESET is the one that consistently flags the Google Tool Bar installer as potential malware. I decided to go to the source, Google, and download the installer by itself ( filename: GoogleToolbarInstaller_en32_signed.exe).

 

So one version of the Google Toolbar Installer, the one that it is bundled with the CCleaner Installer, is detected only by ESET as malware. But the Google Toolbar Installer, downloaded directly from Google, is ignored by ESET but detected by ClamAV twice and F-Prot once as malware. Anyone care to explain this? It certainly is puzzling to me.

 

kroozer - I hope you don't mind me editing your post, I just wanted to clarify things for everyone. 

 

ESET via the scan here states it's clean (it doesn't say NOD or anything, just ESET the vendor company/name). Although the difference between Windows and Linux versions of antivirus scanners can give different results.

 

As for ClamWin giving false positives on those scanning sites I've personally ignored everything it comes up with on them clean or infected for months now, also the Zillya scanner some use is also very prone to false positives.

Share this post


Link to post
Share on other sites

Concerned (not really understanding all this, just reporting) I ran a full scan last night with the following results:

 

msafpe.exe          prog data                                               RDN Generic back door!vu                      Trojan                Deleted

 

msafpe.exe          Documents and settings/All users          Ditto                                                         ditto                    Ditto

Share this post


Link to post
Share on other sites

My bank account has been hacked and someone has tried to collect a large amount of money out of it. Bank says that virus remains and to do another full scan straight away. I logged in to my account and the page looked perfectly normal.

Share this post


Link to post
Share on other sites

My bank account has been hacked and someone has tried to collect a large amount of money out of it. Bank says that virus remains and to do another full scan straight away. I logged in to my account and the page looked perfectly normal.

 

did that happen by downloading c cleaner?? :-(

 

You are strongly advised to go immediately to a Malware Removal forum and get help.

 

See item 10 in this link for some recommended sites

 

http://forum.piriform.com/index.php?showannouncement=15&f=4

when the new update be available eset still flags up as virus......................

Share this post


Link to post
Share on other sites

I have ESET nod 32 on Win 7 64bit.

 

I have CCleaner 4.0.9 slim build installed which was downloaded from the builds page

 

https://www.piriform.com/ccleaner/builds

 

ESET did not flag the download. I expect it is flagging the FULL version of CCleaner for you because it includes an option to install a toolbar

Share this post


Link to post
Share on other sites

I have ESET nod 32 on Win 7 64bit.

 

I have CCleaner 4.0.9 slim build installed which was downloaded from the builds page

 

https://www.piriform.com/ccleaner/builds

 

ESET did not flag the download. I expect it is flagging the FULL version of CCleaner for you because it includes an option to install a toolbar

THANKS!!!!

 

THIS VERSION WORKING FINE NOW :rolleyes: :rolleyes: :rolleyes: :rolleyes: :rolleyes: :rolleyes:

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...