win32.trojandownloader.Zlob

[yelloweye]

18Oct06

 

win32.trojandownloader.Zlob

 

I paid $20.00 paypal for donation and accepted the download. I started the install and my antivirus

quarantined the above malware. It nearly cratered my computer. A reset recovered and a rescan showed

no malware. I believe that I will cancel my paypal donation and wait for cctech support. I am pissed off

enough not to ask so feel free to post your comments here.

[rridgely]

I'm confused... you made a paypal donation but what did you download? Donations don't require any downloads. If its ccleaner that you downloaded where did you download it from?

 

I think its more likely you have some adware/spyware that popped up a box and you installed something from that. I would be more then happy to help you clean up your pc. Just post a hijackthis log.

 

I promise you though its not ccleaner that gave you the virus. Not only is it certified as clean on all the major download sites.(although some say adware because of the yahoo toolbar.), but we have a virus support section on our forum, which wouldn't make much since if we were infecting people.

[yelloweye]

I'm confused... you made a paypal donation but what did you download? Donations don't require any downloads. If its ccleaner that you downloaded where did you download it from?

 

I think its more likely you have some adware/spyware that popped up a box and you installed something from that. I would be more then happy to help you clean up your pc. Just post a hijackthis log.

 

I promise you though its not ccleaner that gave you the virus. Not only is it certified as clean on all the major download sites.(although some say adware because of the yahoo toolbar.), but we have a virus support section on our forum, which wouldn't make much since if we were infecting people.

 

 

 

www.cccleaner.com/download/

 

Download from filehippo.com .

[rridgely]

Sorry but its not possible that the file from filehippo is infected. People download it every day and I just downloaded it now and scanned it with etrust antivirus and ewido.

 

There is a good chance that you have a trojan/backdoor infection on your computer. I can help you with that though.

 

Download and install this:

http://www.thespykiller.co.uk/files/HJTSetup.exe

 

Open it up and choose to scan and save log file. A text file will appear.

Copy and paste that text file onto the forum.

[yelloweye]

Sorry but its not possible that the file from filehippo is infected. People download it every day and I just downloaded it now and scanned it with etrust antivirus and ewido.

 

There is a good chance that you have a trojan/backdoor infection on your computer. I can help you with that though.

 

Download and install this:

http://www.thespykiller.co.uk/files/HJTSetup.exe

 

Open it up and choose to scan and save log file. A text file will appear.

Copy and paste that text file onto the forum.

 

 

 

 

 

 

" http//download.ccleaner.com/ccsetup133.exe "

 

regards

The ccleaner team

Piriform Ltd.

 

is the source of my second download, and that's right you guessed it.

The ccsetup.exe file is infected.

 

This is my second attempt to edit this post and it appears that a mod is editing as I write.

If you download from either of the sites that I have listed and install and open the exe file, then

you will see the malware that I have listed. My software quaratined it and when I deleted it the

first page of the setup installation was removed in otherwords the installation was aborted. There

is no doubt that the ccsetup133.exe is infected.

[rridgely]

Believe me I'm not trying to come across rude in anyway.

We get all sorts of crazy claims that 99% of the time turn out to be false. Most of the time its from inexperienced users who honestly don't know what happened so we just try to help. Usually when someone thinks that they got a virus from ccleaner we can have them post a hijackthis log and see whats really happening and we then help them clean it up.

 

I got a 404 error when I clicked your link. Is this what you downloaded?

http://www.ccleaner.com/download/downloadpage.aspx?1

 

I just downloaded and scanned that file and it came up clean.

[yelloweye]

Believe me I'm not trying to come across rude in anyway.

We get all sorts of crazy claims that 99% of the time turn out to be false. Most of the time its from inexperienced users who honestly don't know what happened so we just try to help. Usually when someone thinks that they got a virus from ccleaner we can have them post a hijackthis log and see whats really happening and we then help them clean it up.

 

I got a 404 error when I clicked your link. Is this what you downloaded?

http://www.ccleaner.com/download/downloadpage.aspx?1

 

I just downloaded and scanned that file and it came up clean.

 

 

 

 

I scanned it and it came up clean. I double clicked it and ..... dirty, rude, ugly, and infected.

 

The url that I listed is not complete therefore it is not hot. I did that intentionally. Comprehende?

[rridgely]

Sorry but its not possible. We have thousands of users who download and install this software every day.

 

May I ask what program is detecting ccleaner? Its possible its just a false detection. Also please post a hijackthis log.

[Andavari]

You have to right click and save as to get the file ccsetup.exe which isn't even an .exe file it's an .html file stating no such page exists and here's exactly what it looks like.

 

It's contents aren't infected with anything. Your installed anti-malware software is just producing a false positive maybe because it's detecting a renamed file extension e.g.; it probably knows it's an .html document that's been renamed to .exe. Also none of the CCleaner downloads on CCleaner.com are simply named ccsetup.exe they have the version number included in them, e.g.; ccsetup133.exe, etc.

[yelloweye]

Believe me I'm not trying to come across rude in anyway.

We get all sorts of crazy claims that 99% of the time turn out to be false. Most of the time its from inexperienced users who honestly don't know what happened so we just try to help. Usually when someone thinks that they got a virus from ccleaner we can have them post a hijackthis log and see whats really happening and we then help them clean it up.

 

I got a 404 error when I clicked your link. Is this what you downloaded?

http://www.ccleaner.com/download/downloadpage.aspx?1

 

I just downloaded and scanned that file and it came up clean.

 

 

I do not believe you. You are not paying attention to what I am saying.

 

You have to right click and save as to get the file ccsetup.exe which isn't even an .exe file it's an .html file stating no such page exists and here's exactly what it looks like.

 

It's contents aren't infected with anything. Your installed anti-malware software is just producing a false positive maybe because it's detecting a renamed file extension e.g.; it probably knows it's an .html document that's been renamed to .exe. Also none of the CCleaner downloads on CCleaner.com are simply named ccsetup.exe they have the version number included in them, e.g.; ccsetup133.exe, etc.

 

 

 

You do not have to right click anything.

 

Sorry but its not possible. We have thousands of users who download and install this software every day.

 

May I ask what program is detecting ccleaner? Its possible its just a false detection. Also please post a hijackthis log.

 

 

No not until you figure out what I am saying or at least what the possibilities are. Why? Because I do not trust you.

 

Sorry but its not possible. We have thousands of users who download and install this software every day.

 

May I ask what program is detecting ccleaner? Its possible its just a false detection. Also please post a hijackthis log.

 

 

 

 

Thousands a day? Ummmmm

[Andavari]

I don't know if I'm seeing things or what.

I'm not accussing you of anything but did you edit your post to have http//download.ccleaner.com/ccsetup133.exe in it or was it already like that?

[Andavari]

Well Dr.Web online scan, and Jotti's online malware scan didn't find any infection. The only thing Jotti ever mentions about CCleaner is the packer used, yet no antivirus detected any infection.

 

It's just a false positive you're getting plain and simple, nothing else.

 

You haven't stated what antimalware software (e.g.; anti-virus, anti-spyware, anti-trojan) you're using that states it's infected?

It would help the CCleaner development team to know so they can contact the vendor so that they can update their definition files to remove the false positive.

[yelloweye]

I don't know if I'm seeing things or what.

I'm not accussing you of anything but did you edit your post to have http//download.ccleaner.com/ccsetup133.exe in it or was it already like that?

 

 

This is the second time that I have replied to your post. The first time I was kicked off when I entered "add

reply" . I will try again.

 

Yes I edited the post three times. My first statement did not include a hot url. It was mistaken for one. Someone edited it and did not get it right. I quoted the complete url later but again it was not hot. I do not feel that this is a confusing issue but someone is editing my posts as I type and it is beginning to appear

that the issue is confusing.

 

The point is. When I download the ccsetup133.exe file I put it in a new folder. When I double click on the file,

it is the only file downloaded, the setup begins with a english setup window. the next click innitiates a

quaratine and my software will not allow me to install without deleting the malware. When I delete the file

the installation window is closed and the installation is aborted.

[Andavari]

This is the second time that I have replied to your post. The first time I was kicked off when I entered "add

reply" . I will try again.

 

Yes I edited the post three times. My first statement did not include a hot url. It was mistaken for one. Someone edited it and did not get it right. I quoted the complete url later but again it was not hot. I do not feel that this a confusing issue but someone is editing my posts as I type and it is beginning to appear

that the issue is confusing.

 

The forum sometimes get's unresponsive and has been for the last year or so.

 

Ahh that explains the editing: "hot linking." Oops I posted the direct download too.

[yelloweye]

Well Dr.Web online scan, and Jotti's online malware scan didn't find any infection. The only thing Jotti ever mentions about CCleaner is the packer used, yet no antivirus detected any infection.

 

It's just a false positive you're getting plain and simple, nothing else.

 

You haven't stated what antimalware software (e.g.; anti-virus, anti-spyware, anti-trojan) you're using that states it's infected?

It would help the CCleaner development team to know so they can contact the vendor so that they can update their definition files to remove the false positive.

 

 

 

Try to execute the setup file with f secure loaded.

[Finflash]

Same thing whit F-secure.

 

My laptop F-secure didn?t alert when I installed CCleaner 133 few days ago. Now I download CCleaner again to my desktop and now F-secure did that alert of trojan. I try to install that copy from my laptop and again desktop F-secure find trojan (same copy in laptop didn't done that).

I scan my laptop, but it was clean. I don't know is there win32.trojandownloader.Zlob in that setup file or is this F-secure false alert????????????????????

[yelloweye]

Same thing whit F-secure.

 

My laptop F-secure didn?t alert when I installed CCleaner 133 few days ago. Now I download CCleaner again to my desktop and now F-secure did that alert of trojan. I try to install that copy from my laptop and again desktop F-secure find trojan (same copy in laptop didn't done that).

I scan my laptop, but it was clean. I don't know is there win32.trojandownloader.Zlob in that setup file or is this F-secure false alert????????????????????

 

 

 

Good question. For now let us drop this false alert, false positive bulls**t and call malware, malware because

f secure has. Next it would be reasonable to call in a "third party" to define and clear the issue, malware or

no malware. Previous posts here have been nonfactual. Sorting out the positive insights is difficult.

 

so... call malware malware and get it on...

[Finflash]

Little more.

I scanned setup-file whit F-secure and report was clear, but when I execute that same setup-file, alert come's ??

[hazelnut]

To try and sort this out I have e-mailed f-secure.

 

It may be of interest for people to read this thread particularly the Sept 13 entries near the bottom

 

http://portableapps.com/node/2939

[MrG]

Hi there,

 

The virus or malware detection is false, we very carefully scan each release before it goes out.

There are known issues that occur from time-to-time with antivirus products where they detect CCleaner and many other products as viruses or as containing malware. If these detections affect a lot of people then I post a message on the homepage highlighting the known issue and hopefully calming users worries.

 

If your computer has been infected with a virus, then I can confidently say that it came from another source and not the CCleaner installer.

 

MrG

[yelloweye]

To try and sort this out I have e-mailed f-secure.

 

It may be of interest for people to read this thread particularly the Sept 13 entries near the bottom

 

http://portableapps.com/node/2939

 

 

 

Thank you for your response. It is interesting to me that several days ago I loaded AVG. It started to corrupt my OS. Once stopped it was easy to remove. I do not believe that this is coincedence. I have seen the same thing happen with freeware downloads spyware and hijacking claims. For some reason I always end up with spyware or hijacks after I uninstall these programs.

 

f secure positively identified the malware immediately after the keystroke to run ccleaner install from the ccleaner menu.

 

yelloweye

[yelloweye]

20oct06

error using reply.

[pudelein]

It occurs to me to ask if the OP knows that the distribution file ccsetup133.exe is the one that contains Yahoo toolbar. He could check by downloading ccsetup133_slim.exe and trying that instead. It would be quaint if the issue were actually in that toolbar!

[hazelnut]

Yelloweye.

 

I have just had an email from the f-secure virus people. They have fully examined the setup.exe and opened the files and can find NO trace of any trojan or virus, and are using all the latest definitions.

 

They have asked if I would pass on their advice which is to make sure you have all the latest f-secure virus definitions installed. Also if you try again and anything happened to send them a screenshot of the alert or a scanning report

file FSAV_REP.HTM.

 

I think yelloweye we have done all we can to try and assure you that this problem is not one caused by ccleaner. I honestly think you would benefit from posting a Hijackthis Log on the relevant part of this forum as some of the problems you seem to have encountered ( such as AVG causing corruptions) can be caused by malware.

Instructions can be found here.

 

http://forum.ccleaner.com/index.php?showtopic=1720

[iamjumpinjeff]

Greetings

 

I don't know what the hostility was about BUT, I have the same problem. I rcvd my notication from ccleaner regarding the update. Downloaded it as I have previous updates, and I received the same warning and that the Zlob is now quarantined. HOWEVER IT CAME DURING THE DOWNLOAD PROCEDURE. F-Secure jumped all over it. But to tell someone it didn't happen is no help at all.

 

So now that I got this crap, do I go back and download my upgrade again etc. This is not giving me a whole lot of confidence at this time.

 

Iamjumpinjeff