sashwa
Pixie Cat Crunchin' n Foldin'
Premium,Mod
join:2001-01-29
Alcatraz
clubs:  | reply to planet
Re: CCleaner now installs with adware?
I'm not using SpywareBlaster but I do use Spybot and Ad-Aware 2007. |
|
PrntRhd
join:2004-11-03
Fairfield, CA | reply to Goodbye CCleaner
Sorry guys, Norton or NIS, all the same to me. I also use SB and it is not tripping Avast or any online scans either. |
|
Dogwood
Premium
join:2001-01-14
Texas
clubs: | reply to Goodbye CCleaner
Yep, I have CC v2.02.257 and KAV says NO to Adware.SystemProcess being there, nor any other baddies.
--
Proud Member of Team Discovery |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs: | reply to Goodbye CCleaner
I'm still using v2.01.507, so I can't check for this issue, but has anyone contacted the CCleaner developers themselves to ask about this? |
|
Ryan
Premium
join:2001-03-03
Attleboro, MA | reply to Goodbye CCleaner
Nod32 everything clean here. Either a false positive by symantec or picked up a unrelated infection. |
|
MarkAW
Barry White or lil bratt
Premium
join:2001-08-27
Canada
 ·Bell Sympatico
 ·Cogeco Cable
1 edit | reply to Goodbye CCleaner
scan on my system | 
web results | 
full version | 
slim version |
--
Advertising is legalized lying. - H.G. Wells
Pleasure in the job puts perfection in the work. - Aristotle |
|
yuutomo
The Wonder Kitter
Premium
join:2001-08-27
Missoula, MT | reply to Goodbye CCleaner
can you poet the link of where you downloaded it from, need to see what server or service is hosting it. |
|
MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH
·AT&T Midwest
·AT&T Midwest
1 edit | reply to Goodbye CCleaner
Check out this thread Norton is not playing nice with SB or SWB.
CCleaner is probably not the culprit here.
»Norton and SpywareBlaster updates causing FP (likely)
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is." |
|
Olav the Viking
@cableone.net
| reply to Goodbye CCleaner
I have had Norton remove this 3 times in the past 2 days, but in order to verify that it was a false positive, I went to IE Tools, Privacy, Sites and entered the following 3 sites as "blocked" (cookie blocking):
bfast.com
fastclick.com
fastclick.net
(they had been previously removed by Norton the day before)
Sure enough, Norton found these and removed them. Hey, Norton, these sites were here for a reason - to BLOCK these site's cookies. It seems that their removal tool is not checking the registry key for the value that indicates that these sites are blocked (5) rather than allowed (1).
The day before, Norton removed these 2 entries from my hosts file:
ads.mcafee.com
go2.microsoft.com
Again, those entries were put there for a reason, but Norton thought that I didn't really want them there. I'm not sure if go2.microsoft.com is malicious, it was part of a host file list that I entered into my hosts file a few years ago - I have not had anything that I ever needed blocked by it to my knowledge. The ads.mcafee.com entry was there for obvious reasons.
Me thinks that the people at Symantec need to fix their removal tool. . . |
|
batterup
I Can Not Tell A Lie.
Premium
join:2003-02-06
Netcong, NJ
clubs:
·Verizon Online DSL
| reply to Goodbye CCleaner
said by Goodbye CCleaner :
D/Led the new version 2.02.257 - and when i ran my av overnight I found that Adware.SystemProcess was also now installed. AV removed it, but I was wondering if anyone else saw this too? The new CC version was all I d/led yesterday.
Thankss
Sweet, times are hard and the hustle has just begun. |
|
sashwa
Pixie Cat Crunchin' n Foldin'
Premium,Mod
join:2001-01-29
Alcatraz
clubs:
·Comcast
·Alameda Power & Te..
Host:
Broadband Modem (H..
MSN
DSL Extreme
Windstream
Southeast Asian Br..
| reply to Goodbye CCleaner
I just got this back from Symantec regarding my submission:
Below is a status update on your virus submission:
Date: November 11, 2007
Dear XXXXX,
We have analyzed your submission. The following is a report of our findings for each file you have submitted:
filename: DUMMY_FILE
machine: XXXXXXX
result: This file is clean
Developer notes:
DUMMY_FILE is zero bytes in length
We have determined that no virus exists on the samples provided.
So can I restore that file now or should I wait?
--
TH ~ NE ~ EPN ~ NC ~ TD |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs: | If the file is "zero bytes in length" then it is empty of good or bad content. |
|
sashwa
Pixie Cat Crunchin' n Foldin'
Premium,Mod
join:2001-01-29
Alcatraz
clubs:
·Comcast
·Alameda Power & Te..
Host:
Broadband Modem (H..
MSN
DSL Extreme
Windstream
Southeast Asian Br..
| I saw the "zero bytes" and thought that was kinda strange too. So I guess I'm just going to leave things as they are right now. It's sounding more and more like this was a FP for me.
--
TH ~ NE ~ EPN ~ NC ~ TD |
|
Owlbet
Ignite the Ice
Premium,MVM
join:2002-09-24
Palmer, AK
clubs:
·MTA Online
1 edit | reply to sashwa
said by sashwa  :Amy, I wonder if it could have something to do with the virus update yesterday rather than from the CC upgrade? My upgrade was done around 11/5/07 and no peep from NAV until I did my weekly full scan. I'm in agreement with you. NAV 2006 (2 computers) and NAV 2007 (4 computers) all scan on Friday nights at 8:00 pm and nary a peep out of any of them. Those scans used the definitions for 11/09/2007.
However, since this topic has appeared, I've performed a Full System Scan on all six of my computers with definitions dated 11/11/2007. All six computers have been treated for Adware.SystemProcess and Spywareblaster shows 6 items with protection disabled.
It makes me wonder if my unrelated thread about the off status of Live Update is somehow related as well.
Oh the joys of computer ownership. 
Edited to add: I'm not using CCleaner on any of my computers.
--
Alaska Aces 2007-2008 record as of this post: 6-3-1 |
|
hayc59
VoodooChild
Premium
join:2001-02-26
David R.I.P.
| reply to La Luna
said by La Luna :I'm still using v2.01.507, so I can't check for this issue, but has anyone contacted the CCleaner developers themselves to ask about this? pmed the author as soon as I saw this thread
will see if he/she[Mr.G.] shows |
|
Bubba17
Less is More
Premium
join:2006-09-21
| reply to Goodbye CCleaner
Updated CC here to 2.02.527 on 11/06 ..
Not a peep from KIS7 v125 (as mirrored from VirusTotal).
Nothing from SAS Pro.
Nothing from WinPatrol Plus (always resident, patrolling registry).
Can not find any of the listed files/reg changes on my system that would indicate the adware's presence.
Still -- 71 registry changes and two files?? .. that's some dandy FP.
--
HN7000s | Horizons 1 (127W) | Gateway: 1110Mhz | Dish: .98m 2 Watt | Pro+
"Fast is fine, but accuracy is everything" --Wyatt Earp |
|
okjoe
join:2003-05-20 | reply to Goodbye CCleaner
Auto scan after 11/10 NIS update.
"84 Registry Entrys, 2 Files Affected"
Risk Name: Adware.SystemProcess.
Status "Removed"
CCleaner 1.40 |
|
VR38DETT
Turbocharger X2
join:2002-10-24
Vancouver, BC
clubs:
| reply to Goodbye CCleaner
I doubt it is CCleaner.
My NIS2007 nailed the same Adware.SystemProcess yesterday during the daily Quick Scan. I do have CCleaner installed, but it is v2.01.507 (released October 1, 2007), not the latest one most of you are using. If CCleaner is indeed infected with Adware.SystemProcess, then NIS would have pounded on it back when it was installed, considering detection for this piece of adware was added to the Symantec defs way back in 2005.
This is most likely a false positive with immunization processes from both SpywareBlaster and Spybot S&S 1.5. I did not used the immunization features on both programs ever since NIS's adware detection. Oddly enough, SpywareBlaster says that I have "6 items have protection disabled" for IE immunization, and only ~70% immunized according to Spybot S&S.
Coincidence? I think not.
--
"People say that money isn't the key to happiness, but I always figured if you have enough money, you can have a key made." -Joan Rivers |
|
Exidor
Premium
join:2001-05-04
Brampton, ON
| reply to Goodbye CCleaner
Based on previous statements, and my own personal experience with the situation, it would seem that CCleaner is an innocent bystander in a SpywareBlaster/Spybot vs. Norton conflict. It appears that SpywareBlaster/Spybot is/are the victim/s of a Norton false positive. |
|
sashwa
Pixie Cat Crunchin' n Foldin'
Premium,Mod
join:2001-01-29
Alcatraz
clubs: | reply to VR38DETT
FWIW, I use the full immunization process with Spybot but I am still using the 1.4 version last updated 11/7/07. |
|
