Broadband Tech > Security > Security > CCleaner now installs with adware?

reply to Goodbye CCleaner

Just for everyone's info - I have sent the link to this topic to my contact at Symantec so it can be reviewed.

-amy-

to forum · permalink · 2007-11-11 11:30:45 ·

MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH

Thanks Amy.

Was trying to find some info on this,but did not come up with much.

to forum · permalink · 2007-11-11 11:48:09 ·

amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
kudos:9

Reviews:

What would really help is for everyone to post the name of the file that was flagged during the scan - go to the Log Viewer / Security Risks for the source and name of the file found.

Thanks !!!

-amy-

--
DSLR Phishtracker

to forum · permalink · 2007-11-11 11:58:32 ·

MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH

Reviews:

said by amysheehan:

What would really help is for everyone to post the name of the file that was flagged during the scan - go to the Log Viewer / Security Risks for the source and name of the file found.

Thanks !!!

-amy-

This is what I have amy it is not showing a source.
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is."

to forum · permalink · 2007-11-11 12:06:12 ·

amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
kudos:9

Reviews:

Detailed Risk Properties Info

said by MagMan:

This is what I have amy it is not showing a source.

I found more details for a 'tracking cookie' that was found this AM that had no details by going to Quick Tasks / View History / Security History / Advanced Details / Risk Properties / Details.

See screenshot for more info - have a look there if you can. [2007 and 2008 versions]

-amy-
--
DSLR Phishtracker

to forum · permalink · 2007-11-11 12:24:26 ·

sashwa
Pixie Cat Crunchin' n Foldin'
Premium,Mod
join:2001-01-29
Alcatraz
kudos:14

Reviews:

·Comcast
Host:
DSL Extreme
Windstream
Westell
Belkin
Southeast Asian Br..

reply to amysheehan
Amy, I'm not showing anything in my Log Viewer / Security Risks for yesterday's date.

FWIW, I submitted the file to Symantec for review.

NAV said it was found in 25 registry entries. Also NAV never made a peep when I downloaded and installed the new version of CCleaner which was when it first come out. It squawked during my weekly full scan.

--
TH ~ NE ~ EPN ~ NC ~ TD

to forum · permalink · 2007-11-11 12:25:17 ·

MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH

Reviews:

reply to amysheehan

said by amysheehan:

said by MagMan:

This is what I have amy it is not showing a source.

This is what mine shows.
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is."

to forum · permalink · 2007-11-11 12:33:35 ·

amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
kudos:9

Reviews:

reply to sashwa

said by sashwa:

Amy, I'm not showing anything in my Log Viewer / Security Risks for yesterday's date.

FWIW, I submitted the file to Symantec for review.

NAV said it was found in 25 registry entries. Also NAV never made a peep when I downloaded and installed the new version of CCleaner which was when it first come out. It squawked during my weekly full scan.

[att=1][att=2]

Thanks for the screenshot and for submitting your item to them. Looks like it may just be registry entries that were found. I'm sure that info will be helpful to Symantec.

-amy-

to forum · permalink · 2007-11-11 12:33:59 ·

MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH

Thanks for your imput.

to forum · permalink · 2007-11-11 12:35:00 ·

Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
kudos:17

Your screen shot shows 71 Registry Entries and 2 Files.

What were the 2 Files?

to forum · permalink · 2007-11-11 12:44:41 ·

MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH

Reviews:

said by Doctor Olds:

Your screen shot shows 71 Registry Entries and 2 Files.

What were the 2 Files?

This.
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is."

to forum · permalink · 2007-11-11 12:53:46 ·

amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
kudos:9

Reviews:

2 edits

said by MagMan:

said by Doctor Olds:

Your screen shot shows 71 Registry Entries and 2 Files.

What were the 2 Files?

This.

P.DAT is one of the files referenced in the Symantec write up -

Also the registry entry HKLM/ Software / ''System Process ''
»www.symantec.com/security_respon···&tabid=2

-amy-

to forum · permalink · 2007-11-11 12:58:58 ·

MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH

Reviews:

said by amysheehan:

said by MagMan:

said by Doctor Olds:

Your screen shot shows 71 Registry Entries and 2 Files.

What were the 2 Files?

This.

P.DAT is one of the files referenced in the Symantec write up -
»www.symantec.com/security_respon···&tabid=2

-amy-

So your point being is what according to what NIS is saying it is toast.Which as far as I am concerned never existed in the first place.

My machine was not infected with this to me this is an FP.
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is."

to forum · permalink · 2007-11-11 13:05:23 ·

amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
kudos:9

Reviews:

said by MagMan:

So your point being is what according to what NIS is saying it is toast.Which as far as I am concerned never existed in the first place.

My machine was not infected with this to me this is an FP.

To clarify - I think that the app was flagged because for whatever reason there were registry entries and / or files that matched this definition. I would think it's a FP, but I am NOT the expert.

-amy-

to forum · permalink · 2007-11-11 13:09:44 ·

MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH

Reviews:

reply to amysheehan
The reason I say this is the other day after NIS updated and you know how it runs a quick scan after updating it showed up.Now previously to that there was no unusual behavior going on with my machine and zap all of sudden there it is.Plus it is odd to the fact that this has been around for awhile and it never got flagged before by any of the apps that I have and use regularly.
--
"The truth is incontrovertible, malice may attack it, ignorance may deride it, but in the end; there it is."

to forum · permalink · 2007-11-11 13:18:41 ·

amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
kudos:9

Reviews:

VirusTotal results

Just FYI: I downloaded the full version ccsetup202.exe and ran it thru VirusTotal.

Panda 9.0.0.4 2007.11.11 Suspicious file
Prevx1 V2 2007.11.11 Heuristic: Suspicious Hijacker

Additional information
File size: 2725528 bytes
MD5: 50d8917e026b3402af3d4933018ea33a
SHA1: a9ed613388243cd3997d0b7b8f4e6f4ee7e08101
packers: WiseSFX Dropper, WiseSFX Dropper, WiseSFX Dropper
Prevx info: »fileinfo.prevx.com/fileinfo.asp?···C43DBD89

sashwa

submitted her files to Symantec for review - My older version of CCleaner doesn't get flagged by anyone.

to forum · permalink · 2007-11-11 13:39:35 ·

MagMan
Life is simpler when you tell the truth.
Premium
join:2003-10-01
Westlake, OH

So are we coming to a conclusion here of CCleaner being the culprit.

to forum · permalink · 2007-11-11 13:45:52 ·

sashwa
Pixie Cat Crunchin' n Foldin'
Premium,Mod
join:2001-01-29
Alcatraz
kudos:14

Reviews:

·Comcast
Host:
DSL Extreme
Windstream
Westell
Belkin
Southeast Asian Br..

reply to amysheehan
Amy, I wonder if it could have something to do with the virus update yesterday rather than from the CC upgrade? My upgrade was done around 11/5/07 and no peep from NAV until I did my weekly full scan.
--
TH ~ NE ~ EPN ~ NC ~ TD

to forum · permalink · 2007-11-11 13:50:04 ·

PrntRhd
Premium
join:2004-11-03
Fairfield, CA

Reviews:

·Comcast