Win32 backdoor D - dslreports.com

Author	All Replies
Mikey @teksavvy.com	Win32 backdoor D I downloaded CCleaner. I run Zone Alarm Pro. The spyware scanner sees CCleaner as Win32backdoorD. When I had ZA remove the alledged trojan, CCleaner disapears. Suggestions please?
	to forum · permalink · 2008-03-18 19:08:41 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	Provided you downloaded it from an authorized source, it may likely be a false detection. It's being reported over in the Zone Alarm Forums in this topic: ZAPro found trojan in CCleaner »forums.zonelab.com/zonelabs/boar···id=27597 and as stated in that thread by one of their gurus, here is where to report it and get it checked out: quote: probably a false positive from the ZA own scanner. Report it to ZA including as much details as possible, including a download link to the ccleaner you use. Here: »www.zonealarm.com/store/content/···port.jsp -- It takes a disaster to make a woman out of a female Microsoft MVP/Windows Security 2003-2008 Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · · 2008-03-18 19:22:42 ·
Mikey @teksavvy.com	reply to Mikey Thanks Calamity! I would think it a false positive. I got it from Piraforms site. Made report to Check Point. Did I ever mention, you're the best?
	to forum · permalink · 2008-03-18 19:25:54 ·
ZAhasBecomeLAME @xo.net	reply to Mikey If I downloaded CCleaner from the creator's site then I wouldnt have let ZA scanner delete it.
	to forum · permalink · 2008-03-18 19:45:11 ·
Mikey @teksavvy.com	ZA quarantined it on regular weekly scan and maybe I overreacted and asked ZA to delete it. Simply reinstalled and life is good.
	to forum · permalink · 2008-03-18 19:51:46 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	reply to Mikey Ah, good Mikey - glad to hear. Thanks for reporting it too so they can fix it
	to forum · permalink · · 2008-03-18 21:16:43 ·
Mikey @teksavvy.com	Hmmm. Got an Office Update today along with Microsoft Malicious Malware Tool. You guessed it. CCleaner disappeared again. Checked back with ZA site and no definitive answer there. Suggestions?
	to forum · permalink · 2008-03-19 19:29:01 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL edit: March 19th, @09:47PM	said by Mikey : Suggestions? 1. Will have to wait for Zone Alarm to correct it. It's their move now. 2. Don't use the Microsoft Malicious Software Removal Tool (for now). I'll see if I can find a way to get the CCleaner installer to them to examine. I just downloaded a fresh copy and only Prevx Heuristics has a possible problem with it (Heuristics can do that - have FPs). All other scanners call it clean quote: File ccsetup205.exe received on 03.20.2008 01:01:51 (CET) Current status:finished Result: 1/32 (3.13%) Antivirus Version Last Update Result AhnLab-V3 2008.3.19.1 2008.03.19 - AntiVir 7.6.0.75 2008.03.19 - Authentium 4.93.8 2008.03.19 - Avast 4.7.1098.0 2008.03.19 - AVG 7.5.0.516 2008.03.19 - BitDefender 7.2 2008.03.20 - CAT-QuickHeal 9.50 2008.03.14 - ClamAV 0.92.1 2008.03.20 - DrWeb 4.44.0.09170 2008.03.19 - eSafe 7.0.15.0 2008.03.18 - eTrust-Vet 31.3.5628 2008.03.19 - Ewido 4.0 2008.03.19 - F-Prot 4.4.2.54 2008.03.19 - F-Secure 6.70.13260.0 2008.03.19 - FileAdvisor 1 2008.03.20 - Fortinet 3.14.0.0 2008.03.19 - Ikarus T3.1.1.20 2008.03.19 - Kaspersky 7.0.0.125 2008.03.20 - McAfee 5255 2008.03.20 - Microsoft 1.3301 2008.03.19 - NOD32v2 2961 2008.03.20 - Norman 5.80.02 2008.03.19 - Panda 9.0.0.4 2008.03.18 - Prevx1 V2 2008.03.20 Heuristic: Suspicious Hijacker Rising 20.36.22.00 2008.03.19 - Sophos 4.27.0 2008.03.20 - Sunbelt 3.0.978.0 2008.03.18 - Symantec 10 2008.03.20 - TheHacker 6.2.92.250 2008.03.19 - VBA32 3.12.6.3 2008.03.17 - VirusBuster 4.3.26:9 2008.03.19 - Webwasher-Gateway 6.6.2 2008.03.19 - Additional information File size: 2733520 bytes MD5: 06ab7fd00ca2f03baf4616c40bb2c761 SHA1: 96f0796a003371529d023d4381f7d6e8e6d55f1e PEiD: - packers: WiseSFXDropper, WiseSFXDropper, WiseSFXDropper Prevx info: »info.prevx.com/aboutprogramtext.···7DCE38E9 If you download the installer again check it first at VirusTotal: »www.virustotal.com/ Check the MD5 to my file above listed (MD5: 06ab7fd00ca2f03baf4616c40bb2c761) If it is the same, you have the clean one (with the FP problem ZA and MSRT). All you can do is ignore those false reports. -- It takes a disaster to make a woman out of a female Microsoft MVP/Windows Security 2003-2008 Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · · 2008-03-19 20:14:37 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	reply to Mikey Ok file submitted to Microsoft for analysis at the Microsoft Malware Protection Center (submit page) »www.microsoft.com/security/portal/ I cannot say if they will respond but at least they will get my report,including the scan results posted earlier and a copy of the file That's the best I can do. -- It takes a disaster to make a woman out of a female Microsoft MVP/Windows Security 2003-2008 Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · · 2008-03-19 20:58:34 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	reply to Mikey Ok this isn't results (hasn't been analyzed yet) but they do acknowledge they got it FYI Very nice feature that new submission thingy for them quote: Hello. Thank you for submitting suspicious files to the Microsoft Malware Protection Center (MMPC). The MMPC will analyze the files that you submitted to determine if the files are malware or potentially unwanted software. If the files are identified as new malware, the MMPC will add detection signatures for the new malware and publish the signatures after they have been tested and certified. Your submission has been assigned ID 16331310. The MMPC has completed an initial scan of the files you submitted and the results are below. If the files are known malware or potentially unwanted software, the results will identify the threat for each file submitted. The MMPC will send a second and final e-mail to this e-mail address once it makes a final determination concerning this specific submission. Initial analysis summary: ================= Total Files: 1 Clean: 0 Malware: 0 Malware Related: 0 Malware Container: 0 Potentially Unwanted Software: 0 Potentially Unwanted Software Container: 0 Postponed: 0 Not Yet Analyzed: 1 ================= Per-file summary: ================= 20080319_175736820_0_ccsetup205.exe \| Not Yet Analyzed ================= Note: in the course of analyzing the files that you submitted, the MMPC decompresses the files in your submission, such as extracting files from archives or other containers. Subsequently you may see more files listed than you originally submitted. Category Descriptions: Clean Files that do not appear to be malware or potentially unwanted software. Malware Files that appear to be known malware. Malware includes viruses, Trojans, worms, file infectors, etc. Malware Related Files that are not malicious by themselves and should not pose a threat by themselves. Malware Container Container files are archives, binders, etc. that contain files in the "malware" category. Note that they may also contain files in the "Clean" category. Potentially Unwanted Software Files that have been identified as potentially unwanted software. Potentially unwanted software includes dialers, adware, spyware, etc. Potentially Unwanted Software Container Container files are archives, binders, etc. that contain files in the "spyware" category. Note that they may also contain files in the "Clean" category. Postponed and Auto-postponed The file does not appear to be malware or potentially unwanted software, but more analysis is necessary to confirm the file is not malicious. Not Yet Analyzed The file will require further analysis to determine whether the file is malicious or not. Thank you for contacting the Microsoft Malware Protection Center. -- It takes a disaster to make a woman out of a female Microsoft MVP/Windows Security 2003-2008 Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · · 2008-03-19 21:43:04 ·
EGeezer Spring is here Premium join:2002-08-04 Central Ohio clubs: ·AT&T CallVantage ·RoadRunner Cable	reply to Mikey You might post at CCleaner's forum. they're looking for reports on this at »forum.piriform.com/index.php?showtopic=14886 Also you can submit the flagged file to Jotti at »virusscan.jotti.org/ I agree, it's probably a FP but never hurts to check. -- Mayors of New York come from nowhere and go nowhere. Wallace Sayre (apparently, so do governors... )
	to forum · permalink · · 2008-03-20 01:21:49 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	reply to Mikey Even Microsoft says it's clean...here is your report quote: Hello. The Microsoft Malware Protection Center (MMPC) has finished analyzing submission ID 16331310 and the results are listed below. If the files were determined to be malware or potentially unwanted software, the results will identify the threat for each file submitted. This is the last e-mail the MMPC will send to this e-mail address concerning this submission ID. Analyst comments: ================= ================= Analysis summary: ================= Total Files: 1 Clean: 1 Malware: 0 Malware Related: 0 Malware Container: 0 Potentially Unwanted Software: 0 Potentially Unwanted Software Container: 0 Postponed: 0 Not Yet Analyzed: 0 ================= Per-file summary: ================= 20080319_175736820_0_ccsetup205.exe \| Clean ================= Note: in the course of analyzing the files that you submitted, the MMPC decompresses the files in your submission, such as extracting files from archives or other containers. Subsequently you may see more files listed than you originally submitted. Category Descriptions: Clean Files that do not appear to be malware or potentially unwanted software. Thank you for contacting the Microsoft Malware Protection Center. So the installer at least is fine if you want to reinstall it. It is hard to say what is causing the MSRT to remove it because you can't "catch" what file is being flagged. It may need to be addressed by the Developer of the CCleaner to get in touch with Microsoft to report his program is being targeted by that tool. As we know it has already been reported to Zone Alarm so it is in their hands now to fix it. -- It takes a disaster to make a woman out of a female Microsoft MVP/Windows Security 2003-2008 Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · · 2008-03-20 09:13:50 ·
Mikey @teksavvy.com	reply to Mikey ZA Forum confirms false positive, but it was this site that gave me a warm fuzzy feeling and the inclination to not worry about it. DSL Forum rocks! Especially for a newbie-to-midi like me. Thanks and »www.zonealarm.com/store/content/···port.jsp
	to forum · permalink · 2008-03-24 17:58:25 ·
EGeezer Spring is here Premium join:2002-08-04 Central Ohio clubs: ·AT&T CallVantage ·RoadRunner Cable edit: April 3rd, @01:10PM	reply to CalamityJane Update The Zone Alarm false positive issue appears to be resolved by updates to ZoneAlarm's engine (not just the updater function) and CCleaner - see »forum.piriform.com/index.php?s=&···&p=99079 -- Mayors of New York come from nowhere and go nowhere. Wallace Sayre (apparently, so do governors... )
	to forum · permalink · · 2008-04-03 13:08:58 ·


Friday, 09-May 15:17:18	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact 8th year online! © 1999-2008 dslreports.com. page compression OFF