[gagelle]

My Kaspersky anti-virus picked up a trojan downloader file win32.zlob.kz in several CCcleaner files including ccsetup133.exe and uninst.exe. I had Kaspersky delete these files. Does anyone know if this is a false alarm? When I go on the CCcleaner web site and try to download the program again, I get an alert that the installation program is infected with this same trojan.

[Eldmannen]

Could be a false positive.

You can upload the file to an online scanner.
http://forum.ccleane...?showtopic=5496

[TonyKlein]

Hi and welcome.

It's either a false positive or ALL of us are now infected... LOL!

... just kidding of course, and I'm unable to duplicate that. I just downloaded the latest version from here:

http://www.ccleaner.com/download/

I uploaded the installer to be tested at http://www.virustota...h/index_en.html , a site which uses a number of different AVs, including Kaspersky, to scan a file, and the results were negative, as is to be expected.

Not sure what exactly it was you downloaded, or where you found it...

[Tsumana]

The same thing happened to me in the past half hour or so, I use Kaspersky and I downloaded CCleaner from the 'Alternative Download' page. All the online scanners I checked told me it was fine so I think must just be Kaspersky.

[Andavari]

Kaspersky has detected CCleaner before and it's always been a false positive, so this info really isn't anything new. And the last time something was detected called "Not-A-Virus" I think they refused to remove it from their detection.

[TonyKlein]

OK, I downloaded a copy from the Alternative download page and will try to duplicate that.

If so I'll submit the FP in a specialized forum where it ought toi be noticed by the right folks.

[qurks]

Hi,
I'm new to this forum. I've come here because I have the same problem as stated above. Only that as of now, I still haven't decided who to trust, Kaspersky or CCleaner? I have been using both programs for a while now, and they have both always performed very well. Now Kaspersky is telling me to delete Ccleaner, or at least the uninstall.exe file. Any opinions? (I've attached a screenshot, if you'd like to see it)

THANKS!

 kaspersky.png (16.24K)
Number of downloads: 161

Ooops, I guess you guys already posted your opinion while I was typing and taking screenshots...

[TonyKlein]

Well, I'm still unable to duplicate it using the VT scan. Possibly the online scanner isn't using the Extended Virus databases...

Will try http://virusscan.jotti.org/ now...

qurks, on Sep 19 2006, 09:55 PM, said:

Now Kaspersky is telling me to delete Ccleaner, or at least the uninstall.exe file. Any opinions?

I'll post in the specialized forum in question, where it should be noticed by someone from KAV.

But feel free to contact them yourselves as well. It can only be a FP...


....


Well, still unable to duplicate it using either Jotti's or Kaspersky's own online scan:

http://www.kaspersky.../remoteviruschk

It didn't object to my uninst.exe either...

FP Submitted at the board.

[qurks]

TonyKlein, on Sep 19 2006, 10:03 PM, said:

But feel free to contact them yourselves as well. It can only be a FP...

I've sent them an email.

Thanks for your help.

[TonyKlein]

Allrighty, I just read it should be fixed in the next update:

http://forum.kaspers...showtopic=21876

[MrG]

Don't worry it's just another false positive. I think Kaspersky need to improve their QA a little bit.

I'll put a note on the homepage to let people know.

MrG

[qurks]

I have just updated Kaspersky and scanned the whole CCleaner directory again. No problems reported. Everything's solved. thanks.

[TonyKlein]

That's good to hear, thanks for the heads up.

[MrG]

qurks, on Sep 19 2006, 08:16 PM, said:

I have just updated Kaspersky and scanned the whole CCleaner directory again. No problems reported. Everything's solved. thanks.

Great thanks!

[gagelle]

Thank You everone. I think I'll have to reinstall Ccleaner because I used "Your Uninstaller!" to remove the CCleaner registry entries and then manually deleted the rest of the files. I guess I overreacted because I thought other parts of the program might be infected.

[jebwhs87]

I too am getting a virus message on the Uninst.ext file (win32/zlob.oa). I am using F-Prot. This started showing up about a week ago.

[Eldmannen]

This is why CCleaner should have file hashes on the website.

[TonyKlein]

jebwhs87, on Sep 21 2006, 02:23 PM, said:

I too am getting a virus message on the Uninst.ext file (win32/zlob.oa). I am using F-Prot. This started showing up about a week ago.

OK, so please report the False Positive to F-Prot so they can correct this... I'll report it myself as well.


...


done!

[TonyKlein]

OK, according to Frisk/F-Prot's Mike:

Quote

That was fixed already - they should update...

So there ya go...

[DEWOPA]

Hey Gang -

I have been using CCleaner for a couple of years now and recently updated the client to the most current version. Minutes after installing the new version and running it for the first time, I got the attached McAfee VirusScan Alert. This has never happened before, for me. I have ran everything I can think of and nothing indicates a virus. Suggestions?

Attached File(s)

•  McAfee_VirusScan_Version.doc (51.5K)
  Number of downloads: 2
•  VIR.doc (44.5K)
  Number of downloads: 2