Author Topic: CCleaner Trojans  (Read 162109 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: CCleaner Trojans
« Reply #135 on: June 01, 2007, 02:23:57 AM »
Yes it was, it was an assumption that the numeric file names without a file type was from the firefox browser cache as that is how they are stored. Even though the assumption about firefox was wrong, the bit about extensionless files may have been correct.

Though with the standard shield on high that really shouldn't have been the case I would have though virtually everything would be scanned on activity, created, modified, etc.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

GrahamE

  • Guest
Re: CCleaner Trojans
« Reply #136 on: June 01, 2007, 02:28:34 AM »

Dangerman

  • Guest
Re: CCleaner Trojans
« Reply #137 on: June 01, 2007, 08:01:57 AM »
It may be that because some of the files were from the firefox cache, they are extensionless file types and depending on your standard shield sensitivity it may not scan those files. Though the web shield should have scanned them on initial download as it doesn't care about file type or extensions.


I am using Firefox, and that is where the trojans were found when running CCleaner, Firefox cache, documents and settings.

Dangerman

  • Guest
Re: CCleaner Trojans
« Reply #138 on: June 01, 2007, 10:12:47 AM »
Ran CCLeaner this morning and Avast picked up Win32:agent-GVO, which is a new one.  I visited 2 sites while on the internet, this one and a streaming radio site (have used it for a couple of years) which I would consider to be safe and is a green site according to MacAfee SiteAdvisor.  I cleaned just 0.9mb from the cache and Avast picked this one up as soon as the cleaning started.

GrahamE

  • Guest
Re: CCleaner Trojans
« Reply #139 on: June 01, 2007, 12:32:31 PM »
I am using Firefox, and that is where the trojans were found when running CCleaner, Firefox cache, documents and settings.

Yeah, you're finding stuff in the same place as Gabriele08 I think.

Ran CCLeaner this morning and Avast picked up Win32:agent-GVO, which is a new one.  I visited 2 sites while on the internet, this one and a streaming radio site (have used it for a couple of years) which I would consider to be safe and is a green site according to MacAfee SiteAdvisor.  I cleaned just 0.9mb from the cache and Avast picked this one up as soon as the cleaning started.

It doesn't seem to matter where you go. On one occasion, detailed in an earlier post, I connected to the internet and my homepage (Google) loaded. I then I logged off again without doing any searches or going anywhere else. Avast then alerted when I ran CCleaner.

Gabriele 08

  • Guest
Re: CCleaner Trojans
« Reply #140 on: June 02, 2007, 12:07:24 AM »
I am using Firefox, and that is where the trojans were found when running CCleaner, Firefox cache, documents and settings.

Yeah, you're finding stuff in the same place as Gabriele08 I think.
Yes GrahamE, absolutely same situation!

Quote from: GrahamE
It doesn't seem to matter where you go.
I think after one month, we can say, that "for sure it's not"! I've tried (as your example) running CCleaner after more various possible surfing sessions!!! And always with same "random" results.
So, "what" does unchain Avast detection during CCleaner cleaning? A 1 million $ question at the moment!  :(

GrahamE

  • Guest
Re: CCleaner Trojans
« Reply #141 on: June 03, 2007, 02:02:23 AM »
Damn it! Five days with nothing, and I thought it was over! However:

02/06/2007 20:02:15   GE   1484   Sign of "Win32:Agent-HAI [Trj]" has been found in "C:\Recycler\S-1-5-21-790525478-688789844-725345543-1003\Dc16.jpg" file.

This one is a bit unusual in that the place where the 'Trojan' was found was easy (for me) to identify.

Basically it's a wallpaper which I saved for my son from the internet (Google Images). I didn't download it, just right clicked and saved the picture. I copied it to a usb pen and put it on his PC. I then deleted the picture from my PC. Nothing so far. With the picture in the Recycle bin, I ran CCleaner and Avast found the above, which I placed in the Chest.

I've since gone back to my son's PC, copied the wallpaper back to the USB pen and put it back on my PC. Scanning it with the right click gives no alert. I then deleted it, ran CCleaner, no alert this time.

Surely, if the picture actually did contain a Trojan, it would have still have been there on the second occasion, since it was copied, wouldn't it?  ???

Also, if I restore the file from the Chest, Avast now alerts as soon as it's deleted to the Recycle bin, which it didn't do before.  ???

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: CCleaner Trojans
« Reply #142 on: June 03, 2007, 04:07:54 PM »
GrahamE, how many users do you have configurated in your computer?
Can you check if there are more than one account with Administrator rights?

Surely, if the picture actually did contain a Trojan, it would have still have been there on the second occasion, since it was copied, wouldn't it?  ???
Which is your Standard Shield sensitivity? High? Normal?

Also, if I restore the file from the Chest, Avast now alerts as soon as it's deleted to the Recycle bin, which it didn't do before.  ???
CCleaner is *changing* somehow the file while deleting it... and avast is only detecting it after CCleaner puts its hands over it... Did you try a CCleaner installation from the scratch?
The best things in life are free.

GrahamE

  • Guest
Re: CCleaner Trojans
« Reply #143 on: June 03, 2007, 04:19:31 PM »
GrahamE, how many users do you have configurated in your computer?
Can you check if there are more than one account with Administrator rights?

I'm the only user/Administrator

Which is your Standard Shield sensitivity? High? Normal?

High

Did you try a CCleaner installation from the scratch?

Yes, I explained before that I'd uninstalled 1.39.502 (which also gave the same problems), cleaned the registry and then installed 1.40.520.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: CCleaner Trojans
« Reply #144 on: June 03, 2007, 04:26:57 PM »
I'm the only user/Administrator
Good.

High
That is what makes me thing the 'problem' is on CCleaner... it seems to be corrupting the files...

Yes, I explained before...
Sorry... too long thread to follow.
I'll take a look into the CCleaner settings to see if I can get anything.

By the way, did you already tested antirootkits?
The best things in life are free.

GrahamE

  • Guest
Re: CCleaner Trojans
« Reply #145 on: June 03, 2007, 04:40:05 PM »
Sorry... too long thread to follow.
I'll take a look into the CCleaner settings to see if I can get anything.

By the way, did you already tested antirootkits?

Sorry, Tech, it wasn't a 'why don't you read the thread' comment!  ;D

I've run AVG and Panda Antirootkits, and done online scans with F-Secure, Kaspersky and BitDefender (your recommendations). All ok.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: CCleaner Trojans
« Reply #146 on: June 03, 2007, 04:55:06 PM »
Maybe you can drop a question for them here: http://www.ccleaner.com/contact.aspx
Maybe you can find something searching their forum (http://forum.piriform.com/index.php?act=idx) for avast. The number of hits is high, so we must dig a little bit more to find anything related to our problem.
I was browsing their forum but I found nothing related to this...
The best things in life are free.

GrahamE

  • Guest
Re: CCleaner Trojans
« Reply #147 on: June 03, 2007, 05:07:58 PM »
Maybe you can drop a question for them here: http://www.ccleaner.com/contact.aspx
Maybe you can find something searching their forum (http://forum.piriform.com/index.php?act=idx) for avast. The number of hits is high, so we must dig a little bit more to find anything related to our problem.
I was browsing their forum but I found nothing related to this...

I don't believe that - I've just been doing the same thing! Great minds... ;D I've sent a message to them, with a link to this thread.

The only thing on their forum that I could find relating to Avast was someone suggesting that it is included in Windows as a firewall. Hmm, ok.  ??? ;D

Gabriele 08

  • Guest
Re: CCleaner Trojans
« Reply #148 on: June 03, 2007, 09:11:05 PM »
GrahamE, which type of deletion do you use with CCleaner?
normal (quick - 1 passage)?
secure (slow - 3 passages)?
NSA (7 passages)?

GrahamE

  • Guest
Re: CCleaner Trojans
« Reply #149 on: June 03, 2007, 09:26:59 PM »
Usually secure (3 passes).