Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Ccĺeaner 4.03 identified as Trojan by ZA 11.0.768.000 <= False Positive

  1. #1
    Join Date
    Jul 2013
    Posts
    1

    Angry Ccĺeaner 4.03 identified as Trojan by ZA 11.0.768.000 <= False Positive

    Hi folks,

    got a problem with the new ZA release and CCleaner 4.03. After installing the free release of Cclean downloaded from piriform.com ZA keeps popping up with a malware alarm and removes the ccleaner.exe file.

    ZA states the file as infected by Trojan.Win32.Vilsel.btlm
    I reproduced this on four different systems.

    Can you confirm infection of the mentioned software ? Is it a problem with the virus signatures ?

    Kind Regards
    Stef

  2. #2
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,465

    Default Re: Ccĺeaner 4.03 identified as Trojan by ZA 11.0.768.000

    Quote Originally Posted by ats7348 View Post
    Hi folks,

    got a problem with the new ZA release and CCleaner 4.03. After installing the free release of Cclean downloaded from piriform.com ZA keeps popping up with a malware alarm and removes the ccleaner.exe file.

    ZA states the file as infected by Trojan.Win32.Vilsel.btlm
    I reproduced this on four different systems.

    Can you confirm infection of the mentioned software ? Is it a problem with the virus signatures ?

    Kind Regards
    Stef
    Hello;


    I have Zone Alarm Extreme Security 11.0.768.000 (Default Settings) installed on Three (3) Windows 7 SP1 Desktops 2 are 64-bit one is 32-bit all three have CCLEANER v4.03.4151 (25 June 2013) installed with no problems..

    same thing goes for my 4th computer Windows XP SP3 with Zone Alarm Security Suite 11.0.768.000 and CCLEANER v4.03.4151 (25 June 2013)


    NOTE: After further Research I have discovered that the Trojan alert that you received was A FALSE POSITIVE..

    during the Patch Tuesday Microsoft Update install Ccleaner.exe was identified as a possible infected file,

    I recommend clicking on the ALWAYS IGNORE button..

    Last edited by GeorgeV; July 9th, 2013 at 04:14 PM. Reason: Updated info
    GeorgeV
    ZoneAlarm Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    Philistine Guest

    Default Re: Ccĺeaner 4.03 identified as Trojan by ZA 11.0.768.000

    Quote Originally Posted by ats7348 View Post
    Hi folks,

    got a problem with the new ZA release and CCleaner 4.03. After installing the free release of Cclean downloaded from piriform.com ZA keeps popping up with a malware alarm and removes the ccleaner.exe file.

    ZA states the file as infected by Trojan.Win32.Vilsel.btlm
    I reproduced this on four different systems.

    Can you confirm infection of the mentioned software ? Is it a problem with the virus signatures ?

    Kind Regards
    Stef
    I also had the same ZA (version 11.0.768.000) false alarm after the latest update to Ccleaner 4.03. The file is currently shown as in quarantine

  4. #4
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,465

    Default Re: Ccĺeaner 4.03 identified as Trojan by ZA 11.0.768.000 <= False Positive

    Hello;

    NOTE: After further Research I have discovered that the Trojan alert that you received was A FALSE POSITIVE..

    during the Patch Tuesday Microsoft Update install, Ccleaner.exe was identified as a possible infected file,

    I recommend clicking on the ALWAYS IGNORE button..
    It is Safe to remove Ccleaner.exe from Quarantine..

    GeorgeV
    ZoneAlarm Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    Join Date
    Aug 2009
    Location
    Texas Gulf Coast
    Posts
    1,647

    Default Re: Ccĺeaner 4.03 identified as Trojan by ZA 11.0.768.000 <= False Positive

    Quote Originally Posted by ats7348 View Post
    Is it a problem with the virus signatures ?

    Kind Regards
    Stef
    I would suggest to do the following.

    How to diagnose and/or report antivirus/antispyware false positives

    https://www.zonealarm.com/forums/sho...#post265191How

    Note : I can't confirm.No longer installed here.So that's why I suggest to follow thru on suggestion.
    Last edited by Sky Soldiers; July 9th, 2013 at 04:44 PM. Reason: reword, can't confirm

  6. #6
    Join Date
    Jun 2013
    Posts
    7

    Default Re: Ccĺeaner 4.03 identified as Trojan by ZA 11.0.768.000 <= False Positive

    After I updated my zonealarm database this morning, same problem happened to me. I tried to make zonealarm ignore this detection but after it crashed windows explorer, zonealarm deleted this file permanently. Is this going to be fixed any time soon?

  7. #7
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Ccĺeaner 4.03 identified as Trojan by ZA 11.0.768.000 <= False Positive

    Unless you report it directly to Kaspersky (not here) it will never be fixed.

    See how to do it here:
    How to diagnose and/or report antivirus/antispyware false positives

    Thanks,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  8. #8
    Join Date
    Jul 2013
    Posts
    4

    Default Re: Ccĺeaner 4.03 identified as Trojan by ZA 11.0.768.000 <= False Positive

    Just did a windows update this morning and now zonealarm does not show ccleaner as a trojan. Microsoft must have fixed there problem with an update.

    I would think the update
    Windows Malicious Software Removal Tool? (KB890830)

    was the one that was fixed but not sure.
    Last edited by samlar; July 10th, 2013 at 03:26 AM.

  9. #9
    Join Date
    Jun 2013
    Posts
    7

    Default Re: Ccĺeaner 4.03 identified as Trojan by ZA 11.0.768.000 <= False Positive

    That's because you are probably using 64 bit version on windows, so you can continue to use 64 bit version of ccleaner. 32 bit version has been gone completely from my computer (it's not just quarantined) after zonealarm identified it as a threat. Can someone (who managed to ignore deletion) report this to kaspersky as false-positive?

  10. #10
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,465

    Default Re: Ccĺeaner 4.03 identified as Trojan by ZA 11.0.768.000 <= False Positive

    Quote Originally Posted by samlar View Post
    Just did a windows update this morning and now zonealarm does not show ccleaner as a trojan. Microsoft must have fixed there problem with an update.

    I would think the update
    Windows Malicious Software Removal Tool? (KB890830)

    was the one that was fixed but not sure.
    Thank you for your inquiry,

    1.) Apparently Microsoft quickly released a bug fix to it's Windows Malicious Software Removal Tool, check listing in "Update History"



    Windows Malicious Software Removal Tool x64 - July 2013 (KB890830)
    Installation date: ‎7/‎9/‎2013 6:39 PM
    Installation status: Successful
    Update type: Important

    After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you start your computer. A new version of the tool will be offered every month. If you want to manually run the tool on your computer, you can download a copy from the Microsoft Download Center, or you can run an online version from microsoft.com. This tool is not a replacement for an antivirus product. To help protect your computer, you should use an antivirus product.
    More information:
    http://go.microsoft.com/fwlink/?LinkId=39987
    Help and Support:
    http://support.microsoft.com

    2.) Kaspersky has been notified of a possible false positive and has released several AV Definition Updates that fixed the False Positive alert..
    Last edited by GeorgeV; July 10th, 2013 at 07:41 AM. Reason: updated info
    GeorgeV
    ZoneAlarm Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Trojan.JS.Redirector.ar -- FALSE POSITIVE - Fixed
    By Olep in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 23
    Last Post: January 26th, 2010, 02:54 AM
  2. Real Trojan or False Positive?
    By morey in forum Malware Discussion
    Replies: 2
    Last Post: November 9th, 2009, 08:15 AM
  3. Win32.Trojan.Spy.Banker.ju false positive?
    By itacbt in forum Malware Discussion
    Replies: 1
    Last Post: July 13th, 2009, 09:56 AM
  4. Backdoor.ProRat.19 trojan or false positive
    By gmd in forum Malware Discussion
    Replies: 1
    Last Post: March 12th, 2008, 11:42 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •