Jump to content

CCleaner V4.09 contains trojan virus


Chouette

Recommended Posts

I downloaded and installed the new update v4.09 on 17th December and my anti-virus program detected a trojan virus and deleted the file. This is worrying as I have used CCleaner for quite some time with no issues before. I tried to find a way to contact Piriform but was unsuccessful so have joined this forum for their attention.

Link to comment
Share on other sites

  • Moderators

Which site did you download the file from?

 

Piriforms site

 

https://www.piriform.com/ccleaner

 

or FileHippo

 

http://www.filehippo.com/download_ccleaner/

 

 

What anti virus do you use?

 

Support contact

https://support.ccleaner.com/s/contact-form?language=en_US&form=general

or

support@ccleaner.com

 

Link to comment
Share on other sites

  • Moderators

I also recently installed the version 4.09.4471, am running AVG IS and found no viruses.

It could be a false positive thrown up by NOD32.

 

As @hazelnut asks, where did you get CC from?

What file is NOD32 saying is infected?

What is the infection?

Backup now & backup often.
It's your digital life - protect it with a backup.
Three things are certain; Birth, Death and loss of data. You control the last.

Link to comment
Share on other sites

Link to comment
Share on other sites

  • Moderators
It's a false positive!



File Name: ccsetup409.exe
Has valid digital signature, signed: Tuesday, December 17, 2013 8:24:11 AM
MD5 Hash: 90B4989B832A57D261F0AB51F143E97A
SHA-1 Hash: 932E042070F1567ED5A116E98E3C04D7D07E0681


Both Piriform.com and FileHippo.com have matching hashes, i.e.; the downloads are identical.

 

Another site scan result to add to Kroozer's list with 40 antivirus scanners deeming it as 100% clean:


Link to comment
Share on other sites

Antivirus program, flagging the Google Tool Bar bundle which you can decline, or wait for the slim build.

 

I checked three Security sites and here are the results.

 

http://r.virscan.org/f40fb16cee93a9a67d140997cab90970 1 out of 37 NOD32(which is ESET)

http://virusscan.jotti.org/en/scanresult/e43f2c739376697004cff67739b3ca88318c56c9/9bb4493f10131db7ddfd540b2d5dfec929f3c125 1 out of 23 ESET

https://www.virustotal.com/en/file/522b29f9cae71206a5cd6e28dd0646ab4f57b5fdcedf498f4d78d71ac74030f9/analysis/ 1 out of 49 ESET

 

According to kroozer's results, ESET is the one that consistently flags the Google Tool Bar installer as potential malware. I decided to go to the source, Google, and download the installer by itself ( filename: GoogleToolbarInstaller_en32_signed.exe). Here are the results when running this file through the same three security sites:

 

http://r.virscan.org/report/9e91214349911d3e0b7d33081d141a0d.html 2 out of 37 ClamAV and F-Prot

http://virusscan.jotti.org/en/scanresult/05b8b27ec3e641b9db05cc45ce79beee8758532b/d8c8a77353ca27081765560c2b6d7a7338f77468 1 out of 23 ClamAV

https://www.virustotal.com/en/file/1f85e871db078e45a653ba98dd30c19500191421a7060c4609dd5fa407d82bc5/analysis/1387684029/ 0 out of 49

 

So one version of the Google Toolbar Installer, the one that it is bundled with the CCleaner Installer, is detected only by ESET as malware. But the Google Toolbar Installer, downloaded directly from Google, is ignored by ESET but detected by ClamAV twice and F-Prot once as malware. Anyone care to explain this? It certainly is puzzling to me.

 

kroozer - I hope you don't mind me editing your post, I just wanted to clarify things for everyone. 

Start every day with a smile and get it over with. - W.C. Fields

Link to comment
Share on other sites

I'm inclined to think that they are two different versions of the Google Toolbar. Or an earlier and later version perhaps. Maybe I'm trying too hard to be logical here, but if they were exactly the same, then ESET either should have flagged both, or ignored both.

Start every day with a smile and get it over with. - W.C. Fields

Link to comment
Share on other sites

  • Moderators

According to kroozer's results, ESET is the one that consistently flags the Google Tool Bar installer as potential malware. I decided to go to the source, Google, and download the installer by itself ( filename: GoogleToolbarInstaller_en32_signed.exe).

 

So one version of the Google Toolbar Installer, the one that it is bundled with the CCleaner Installer, is detected only by ESET as malware. But the Google Toolbar Installer, downloaded directly from Google, is ignored by ESET but detected by ClamAV twice and F-Prot once as malware. Anyone care to explain this? It certainly is puzzling to me.

 

kroozer - I hope you don't mind me editing your post, I just wanted to clarify things for everyone. 

 

ESET via the scan here states it's clean (it doesn't say NOD or anything, just ESET the vendor company/name). Although the difference between Windows and Linux versions of antivirus scanners can give different results.

 

As for ClamWin giving false positives on those scanning sites I've personally ignored everything it comes up with on them clean or infected for months now, also the Zillya scanner some use is also very prone to false positives.

Link to comment
Share on other sites

Concerned (not really understanding all this, just reporting) I ran a full scan last night with the following results:

 

msafpe.exe          prog data                                               RDN Generic back door!vu                      Trojan                Deleted

 

msafpe.exe          Documents and settings/All users          Ditto                                                         ditto                    Ditto

Link to comment
Share on other sites

  • Moderators

You are strongly advised to go immediately to a Malware Removal forum and get help.

 

See item 10 in this link for some recommended sites

 

http://forum.piriform.com/index.php?showannouncement=15&f=4

 

Support contact

https://support.ccleaner.com/s/contact-form?language=en_US&form=general

or

support@ccleaner.com

 

Link to comment
Share on other sites

My bank account has been hacked and someone has tried to collect a large amount of money out of it. Bank says that virus remains and to do another full scan straight away. I logged in to my account and the page looked perfectly normal.

 

did that happen by downloading c cleaner?? :-(

 

You are strongly advised to go immediately to a Malware Removal forum and get help.

 

See item 10 in this link for some recommended sites

 

http://forum.piriform.com/index.php?showannouncement=15&f=4

when the new update be available eset still flags up as virus......................

Link to comment
Share on other sites

  • Moderators

I have ESET nod 32 on Win 7 64bit.

 

I have CCleaner 4.0.9 slim build installed which was downloaded from the builds page

 

https://www.piriform.com/ccleaner/builds

 

ESET did not flag the download. I expect it is flagging the FULL version of CCleaner for you because it includes an option to install a toolbar

 

Support contact

https://support.ccleaner.com/s/contact-form?language=en_US&form=general

or

support@ccleaner.com

 

Link to comment
Share on other sites

I have ESET nod 32 on Win 7 64bit.

 

I have CCleaner 4.0.9 slim build installed which was downloaded from the builds page

 

https://www.piriform.com/ccleaner/builds

 

ESET did not flag the download. I expect it is flagging the FULL version of CCleaner for you because it includes an option to install a toolbar

THANKS!!!!

 

THIS VERSION WORKING FINE NOW :rolleyes: :rolleyes: :rolleyes: :rolleyes: :rolleyes: :rolleyes:

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.