Likely false positive - F-Secure AV 2007 and CCleaner

Discussion in 'other anti-virus software' started by optigrab, Oct 25, 2006.

Thread Status:
Not open for further replies.
  1. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    Installing the latest version of CCleaner (v1.34.407), F-Secure warned of
    Win32.Trojandownloader.Zlob
    in a Temp folder.

    After aborting the install, F-Secure cannot clean or quarantine the file, because it's no longer there. I'm pretty certain this is a false positive.

    I've managed to grab and zip the file, and have submiited the sample to F-Secure.

    Just wanted to give a head's up to my Wilders peers.
     

    Attached Files:

  2. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    it wont be a temp from your cc....... but it will be just in your temp.

    the temp file containing the virus is definatly NOT from ccleaner.

    your lucky f-secure has found it, so no need to send it to them for analysis.
     
  3. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    Please convince me this file (actually, it's a folder called nsk2d82.tmp) is NOT related to the CCleaner install, because I'm still pretty confident it is.

    (1) I can make the shown F-Secure warning pop up by double-clicking the CCleaner install executable. I've done it half a dozen times now.

    (2) nsk2d82.tmp only appears when I run the CCleaner install, and disappears when I abort the install.

    (3) F-Secure was unable to quarantine the file, yet after the install, a full F-Secure scan shows my machine is clean.
     
  4. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,184
    Hi,

    I don't have F-Secure, but I know that it's a known issue.
    See for example the main site of CCleaner:
    http://www.ccleaner.com/

    There was also a discussion about it at CCleaner-forum.

    And going off-topic now:
    Recently TrojanHunter gave a FP about CCLeaner-slim.
    But that one was very quickly fixed.
    See the TH-forum:
    http://www.misec.net/forum/board/TrojanHunter/1161628828
     
  5. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    my f-secure didnt detect it .... so i figured it was something else in the temp. :eek:

    if it is a false positive and ccleaner already knows about it, feel free to send to f-secure for testing. :D
     
  6. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    Thanks to both of you for the information. It is puzzling that C.S.J's F-Secure didn't detect it.

    I've already submitted the FP report, but I see now I didn't need to go through the trouble.
     
  7. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,184
    Hi,

    Something similar (well, more or less...) happened with TH.
    Some folks got it detected in normal mode; others in safe mode.
    It was indeed also about a Zlob detection.
    But it's clean. If you want to have second opinions, let it check for example at the KAV and DR.WEB online file-scanners.
    And my BOClean and NOD32 didn't give a warning about it.
     
  8. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,041

    i dont why i missed this post but when i install avg antispyware some thing happerns direct from grisoft.com so theres just quite a few fp's atm. same trojan fp as well.
     
  9. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,296
    I am using CCleaner and F-Secure AV. There have been no problems, but I seem to recall that CCleaner and some AVs do conflict. I think there was a conflict in the past with KAV, but I also have that combination on a computer with no problems.

    Jerry
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.