Showing results for 
Search instead for 
Did you mean: 
Level 7

FP: CCleaner227.exe detected as Genericdx!gut Trojan


MSC detected/quarantined a file today that I am certain is a False Positive.
It is the program file for an older version of CCleaner (v. 2.27) from Piriform that was in my downloads folder.
I have restored the file and attached it as a password-protected zip file (password = "infected").

I am running OEM MSC on this Dell XPS 420 running Win Vista Ultimate SP2 (32 bit), IE8, FF 3.6.2.
All Windows and MS and McAfee programs are fully updated (though I have not yet received the 2010 versions of McAfee as an update).
There has been no suspicious behavior on the system.
Scans with McAfee, MBAM Pro 1.45 and SuperAntispyware are all clean.

My McAfee versions are:
SC 9.15.175
VS 13.15.116 (DAT 5935, 3/29/2010, Engine 5301.4018)
PF 10.15.106
AS 10.15.106
PC 11.15.102

Please advise.


NOTE: The attached zip file may be infected!

PS Since the file in question is an outdated version of the software, I will just delete it from the computer.  And since this particular file is not on my other, newer system that also runs McAfee  (the XPS 8100), I did not receive a detection from McAfee for this file on that computer.  Just this one.

Message was edited by: imikhlin

Removed possibly infected attachment on 30/03/10 15:47:35 IST
0 Kudos
4 Replies
Level 9

Re: FP: CCleaner227.exe detected as Genericdx!gut Trojan

Even though you think the detection is a false positive, I've removed the attachments that you made in your post

To submit samples for review, there is a process that can be followed to insure everything gets safely to McAfee Labs.  Please see for how to submit samples.

If it's a false, McAfee will remove the detection from future DATs and you may receive an extra.dat to suppress the detection on your machine, until that happens.

Hope that helps,


0 Kudos
Level 7

Re: FP: CCleaner227.exe detected as Genericdx!gut Trojan

Hello, Irene:

Thanks for writing.

That entire webimmune submission process is a flail (have attempted it multiple times in the past, and cannot even set up an account).

And frankly, I don't have the time to flail on it again right now.

I have submitted the file by email (zipped, password-protected) to



0 Kudos
Level 12

Re: FP: CCleaner227.exe detected as Genericdx!gut Trojan

I'm seeing a different detection with the 5936 dats - Genericd.dx!psw

I have submitted a copy to Avert, and hopefully they will resolve the FP issue.

Message was edited by: Mal09 on 30/03/10 16:59:04 GMT
0 Kudos
Level 12

Re: FP: CCleaner227.exe detected as Genericdx!gut Trojan

Now a confirmed False Positive. Will be corrected in a later dat update.

0 Kudos