Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Jan 8th, 2009, 11:19am
   Mischel Internet Security Forum
   TrojanHunter
   TrojanHunter Scanner (Moderators: Helena, Gavin_Coe, Magnus)
   False positive on CCleaner uninst.exe		 « Previous topic | Next topic »
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: False positive on CCleaner uninst.exe  (Read 1901 times)
Jrb
Full Member
***



I love YaBB 1G - SP1!

   


Posts: 227
False positive on CCleaner uninst.exe
« on: Oct 23rd, 2006, 1:40pm »		 Quote Quote  Modify Modify
Hi,
 
I'm getting a FP on the following file from CCleaner:
C:\Program Files\CCleaner\uninst.exe  
 
Report from TH:
Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
Found trojan file: C:\Program Files\CCleaner\uninst.exe (TrojanDownloader.Zlob.660)
1 files identified
 
I got this FP during a full scan in Safe Mode on XP-home Dutch.
 
Definitions from TH:
Ruleset datestamp    : 2006-10-23
Scan kernel     : 4.0 (Cobra)
Ruleset entries      : 89209
Trojan definitions   : 33634
Detection rules      : 55575
 
CCleaner version:
CCleaner v1.34.407 - Slim
http://www.ccleaner.com/download/builds.aspx
 
MD5 checksum:
The file C:\Program Files\CCleaner\uninst.exe has the following Checksum(s)
MD5 - 5E6C72596FF93CDAAF1088889CA99BB4
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5960
Re: False positive on CCleaner uninst.exe
« Reply #1 on: Oct 23rd, 2006, 2:29pm »		 Quote Quote  Modify Modify
I alerted Gavin via email.  Should be fixed shortly.  He may ask you to submit the uninst.exe file.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Jrb
Full Member
***



I love YaBB 1G - SP1!

   


Posts: 227
Re: False positive on CCleaner uninst.exe
« Reply #2 on: Oct 23rd, 2006, 3:13pm »		 Quote Quote  Modify Modify
Hi siliconman,
 
Thanks !
 
I'm still looking at it.
There seems to be something that I don't understand.
It looks that I'm only getting this alert when scanning in Safe Mode.
I'm not sure at the moment what is happening.
 
I hope that someone else with TH and CCleaner (slim version, latest version) will also do a scan in Safe Mode, and will check the MD5 checksum of that file.
 
I will try to submit the file.
 
Thanks !
Cheers, Jan.
IP Logged
RuyLopez
Newbie
*






   


Posts: 24
Re: False positive on CCleaner uninst.exe
« Reply #3 on: Oct 23rd, 2006, 4:00pm »		 Quote Quote  Modify Modify
I got similar alerts for Zlob.660, only more of them.
 
TrojanHunter version 4.6 Build 930
Ruleset:  2006-10-23
 
…avgas-setup-7.5.0.50.exe (TrojanDownloader.Zlob.660)
…AVG Anti-Spyware 7.5\Uninstall.exe (TrojanDownloader.Zlob.660)
 
…CCleaner\ccsetup132.exe (TrojanDownloader.Zlob.660)
…CCleaner\ccsetup133.exe (TrojanDownloader.Zlob.660)
…CCleaner\ccsetup134.exe (TrojanDownloader.Zlob.660)
…CCleaner\uninst.exe (TrojanDownloader.Zlob.660)
IP Logged
Jrb
Full Member
***



I love YaBB 1G - SP1!

   


Posts: 227
Re: False positive on CCleaner uninst.exe
« Reply #4 on: Oct 23rd, 2006, 4:18pm »		 Quote Quote  Modify Modify
Thanks RuyLopez !
 
I have just send an email with the file to "submit" Wink .
 
IP Logged
Jrb
Full Member
***



I love YaBB 1G - SP1!

   


Posts: 227
Re: False positive on CCleaner uninst.exe
« Reply #5 on: Oct 23rd, 2006, 9:12pm »		 Quote Quote  Modify Modify
For your info:
 
The CCleaner site is at the moment saying this:
http://www.ccleaner.com/
 
Quote:

False virus warning
The latest download is being incorrectly detected by F-Secure as a virus. This is a false detection and we're working to resolve the issue. Thank you.  
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5960
Re: False positive on CCleaner uninst.exe
« Reply #6 on: Oct 24th, 2006, 12:18am »		 Quote Quote  Modify Modify
I have the full English version of CCleaner 1.34.407 installed on my XP-SP2 HE system and nothing is being detected by TH or anything else concerning CCleaner.
 
Nothing found either in ccsetup1.34.407.exe nor avgas-setup-7.5.0.50.exe  Huh
« Last Edit: Oct 24th, 2006, 12:24am by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Jrb
Full Member
***



I love YaBB 1G - SP1!

   


Posts: 227
Re: False positive on CCleaner uninst.exe
« Reply #7 on: Oct 24th, 2006, 3:27am »		 Quote Quote  Modify Modify
Hi Siliconman,
 
Did you run a scan in Safe Mode?
It is in Safe Mode that TH gave me that warning (as I posted).
 
I haven't yet heard back from Gavin.
 
Well, I see that there is a new definitions update for TH, so I'll update and run a new scan.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5960
Re: False positive on CCleaner uninst.exe
« Reply #8 on: Oct 24th, 2006, 4:20am »		 Quote Quote  Modify Modify
Nothing found with a TH scan in SAFE MODE either.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Jrb
Full Member
***



I love YaBB 1G - SP1!

   


Posts: 227
Re: False positive on CCleaner uninst.exe
« Reply #9 on: Oct 24th, 2006, 4:21am »		 Quote Quote  Modify Modify
TH defs:
Ruleset datestamp    : 2006-10-23
Scan kernel     : 4.0 (Cobra)
Ruleset entries      : 89263
Trojan definitions   : 33654
Detection rules      : 55609
 
Scanned in Safe Mode: same warning:
 
Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
Found trojan file: C:\Program Files\CCleaner\uninst.exe (TrojanDownloader.Zlob.660)
1 files identified
 
IP Logged
Jrb
Full Member
***



I love YaBB 1G - SP1!

   


Posts: 227
Re: False positive on CCleaner uninst.exe
« Reply #10 on: Oct 24th, 2006, 4:27am »		 Quote Quote  Modify Modify
on Oct 24th, 2006, 4:20am, siliconman01 wrote:
Nothing found with a TH scan in SAFE MODE either.

 
Hi,
 
Our postings just crossed Wink
 
Well, I don't understand it.
I hope that others will also tell what TH tells them with respect to this.
I hope that Gavin/Magnus will look at it.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5960
Re: False positive on CCleaner uninst.exe
« Reply #11 on: Oct 24th, 2006, 4:58am »		 Quote Quote  Modify Modify
I don't know why there would be a different MD5 on uninst.exe unless it has something to do with language.
 
---------------------------------------------------
The file <C:\Program Files\CCleaner\uninst.exe> has the following Checksum(s)
 
MD5 - 0FBB80EECBB734A15C226F39C4618F52
 
English downloaded directly from the www.ccleaner.com site.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Jrb
Full Member
***



I love YaBB 1G - SP1!

   


Posts: 227
Re: False positive on CCleaner uninst.exe
« Reply #12 on: Oct 24th, 2006, 5:09am »		 Quote Quote  Modify Modify
The difference in MD5 checksums could be that you have the full version and I have the slim version.
IP Logged
Jrb
Full Member
***



I love YaBB 1G - SP1!

   


Posts: 227
Re: False positive on CCleaner uninst.exe
« Reply #13 on: Oct 24th, 2006, 5:34am »		 Quote Quote  Modify Modify
Oops, I did send the file to the wrong addy.
My fault !!! Apologies !!!!!
I have send it again.
IP Logged
mrainey
Newbie
*



I love YaBB 1G - SP1!

   
Email

Posts: 11
Re: False positive on CCleaner uninst.exe
« Reply #14 on: Oct 24th, 2006, 5:55am »		 Quote Quote  Modify Modify
I'm seeing the "TrojanDownloader.Zlob.660" indication with CCleaner as well - likewise only when scanning in safe mode.  (TH 4.6 with latest update)
IP Logged
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register