Likely false positive - F-Secure AV 2007 and CCleaner

Installing the latest version of CCleaner (v1.34.407), F-Secure warned of
Win32.Trojandownloader.Zlob
in a Temp folder.

After aborting the install, F-Secure cannot clean or quarantine the file, because it's no longer there. I'm pretty certain this is a false positive.

I've managed to grab and zip the file, and have submiited the sample to F-Secure.

Just wanted to give a head's up to my Wilders peers.

 

it wont be a temp from your cc....... but it will be just in your temp.

the temp file containing the virus is definatly NOT from ccleaner.

your lucky f-secure has found it, so no need to send it to them for analysis.

 

Please convince me this file (actually, it's a folder called nsk2d82.tmp) is NOT related to the CCleaner install, because I'm still pretty confident it is.

(1) I can make the shown F-Secure warning pop up by double-clicking the CCleaner install executable. I've done it half a dozen times now.

(2) nsk2d82.tmp only appears when I run the CCleaner install, and disappears when I abort the install.

(3) F-Secure was unable to quarantine the file, yet after the install, a full F-Secure scan shows my machine is clean.

 

Hi,

I don't have F-Secure, but I know that it's a known issue.
See for example the main site of CCleaner:
http://www.ccleaner.com/

There was also a discussion about it at CCleaner-forum.

And going off-topic now:
Recently TrojanHunter gave a FP about CCLeaner-slim.
But that one was very quickly fixed.
See the TH-forum:
http://www.misec.net/forum/board/TrojanHunter/1161628828

 

my f-secure didnt detect it .... so i figured it was something else in the temp.

if it is a false positive and ccleaner already knows about it, feel free to send to f-secure for testing.

 

Thanks to both of you for the information. It is puzzling that C.S.J's F-Secure didn't detect it.

I've already submitted the FP report, but I see now I didn't need to go through the trouble.

 

Hi,

Something similar (well, more or less...) happened with TH.
Some folks got it detected in normal mode; others in safe mode.
It was indeed also about a Zlob detection.
But it's clean. If you want to have second opinions, let it check for example at the KAV and DR.WEB online file-scanners.
And my BOClean and NOD32 didn't give a warning about it.

 

i dont why i missed this post but when i install avg antispyware some thing happerns direct from grisoft.com so theres just quite a few fp's atm. same trojan fp as well.

 

I am using CCleaner and F-Secure AV. There have been no problems, but I seem to recall that CCleaner and some AVs do conflict. I think there was a conflict in the past with KAV, but I also have that combination on a computer with no problems.

Jerry