5 Replies Latest reply on May 5, 2010 5:23 AM by SamSwift

    CCleaner Setup file wrongly identified as a trojan.

      Hi,

       

       

      I am one of the most excited users of the McAfee Artemis technology and feel that its  a great thing to have been added to McAfee.

       

      However, Of late, I have been seeing a peculiar detection of a presumably safe software as a trojan. The program in question is the good old C Cleaner Setup file. I have been using C Cleaner since ages and of late whenever I download a C Cleeaner set up file, McAfee outrightly deletes it and calls it a Trojan.

       

      Is there something hidden in the new CCleaner setup that is malicious or is it just another innocent software bearing the brunt of a highly aggressive Artemis setting ?

       

      FYI :- I am into testing viruses and stuff and thus keep the VSE Heuristic check at VERY HIGH and I am very happy that way except for this only issue.

       

      Please help me understand whats going on with this particular detection!!!

        • 1. Re: CCleaner Setup file wrongly identified as a trojan.
          anandd

          Hi Sameer,

           

          Could you please send us the C Cleaner file to us for further review. Although it could be an issue with the very high setting, sometimes the detection could also be a False Positive.

           

          You can find detailed instructions for how to do this at <http://vil.mcafeesecurity.com/vil/submit-sample.aspx>

           

          Once you submit the file, please let us know th ID associated with the file and we will look into it further and let you know the results.

           

          Regards,

          Anand

          • 2. Re: CCleaner Setup file wrongly identified as a trojan.

            What a horrible mess of Artemis detections. As I've commented before, the Artemis database is full of false positives, and the way it handles installer files is very poor.

             

            (as detected by VSE 8.7i W/ Artemis @ Very Sensitive)

             

            ccsetup228.exe\8.nsis    Artemis!378002A2BB25 (Trojan)
            ccsetup228.exe\53.nsis    Artemis!2A43FF3A4B30 (Trojan)

             

             

            (as detected by FakeAlert Stinger W/Artemis @ Very Sensitive)

             

            ccsetup228\CCleaner.exe    Found the Artemis!378002A2BB25 trojan !!!

            ccsetup228\Lang\lang-1025.dll    Found the Artemis!2EC010610B3A trojan !!!

            ccsetup228\Lang\lang-1026.dll    Found the Artemis!4ADD8A641983 trojan !!!

            ccsetup228\Lang\lang-1027.dll    Found the Artemis!AB25D5057D76 trojan !!!

            ccsetup228\Lang\lang-1028.dll    Found the Artemis!1DBEA031A35C trojan !!!

            ccsetup228\Lang\lang-1029.dll    Found the Artemis!039D8A5FE30F trojan !!!

            ccsetup228\Lang\lang-1030.dll    Found the Artemis!5FDF2DCE5E13 trojan !!!

            ccsetup228\Lang\lang-1031.dll    Found the Artemis!0BFF0D90A977 trojan !!!

            ccsetup228\Lang\lang-1032.dll    Found the Artemis!808CBA037938 trojan !!!

            ccsetup228\Lang\lang-1034.dll    Found the Artemis!F2CA3B49F14B trojan !!!

            ccsetup228\Lang\lang-1035.dll    Found the Artemis!5CB4236A59C6 trojan !!!

            ccsetup228\Lang\lang-1036.dll    Found the Artemis!60D8FAD0FC38 trojan !!!

            ccsetup228\Lang\lang-1037.dll    Found the Artemis!8520B09B4AF3 trojan !!!

            ccsetup228\Lang\lang-1038.dll    Found the Artemis!11829911D433 trojan !!!

            ccsetup228\Lang\lang-1040.dll    Found the Artemis!47F13AE3F05D trojan !!!

            ccsetup228\Lang\lang-1041.dll    Found the Artemis!14CF367C69AC trojan !!!

            ccsetup228\Lang\lang-1042.dll    Found the Artemis!4EEB0F273D7B trojan !!!

            ccsetup228\Lang\lang-1043.dll    Found the Artemis!98A188DC15BC trojan !!!

            ccsetup228\Lang\lang-1044.dll    Found the Artemis!12404073571D trojan !!!

            ccsetup228\Lang\lang-1045.dll    Found the Artemis!4818822961C0 trojan !!!

            ccsetup228\Lang\lang-1046.dll    Found the Artemis!04360AC2D4A7 trojan !!!

            ccsetup228\Lang\lang-1048.dll    Found the Artemis!5EE4A7F024CF trojan !!!

            ccsetup228\Lang\lang-1049.dll    Found the Artemis!70EC16F807A8 trojan !!!

            ccsetup228\Lang\lang-1050.dll    Found the Artemis!05772D59969F trojan !!!

            ccsetup228\Lang\lang-1051.dll    Found the Artemis!1B5BB96C6882 trojan !!!

            ccsetup228\Lang\lang-1052.dll    Found the Artemis!4072A7530255 trojan !!!

            ccsetup228\Lang\lang-1053.dll    Found the Artemis!82A3BDE5DB5A trojan !!!

            ccsetup228\Lang\lang-1055.dll    Found the Artemis!3D9913466E23 trojan !!!

            ccsetup228\Lang\lang-1058.dll    Found the Artemis!C54B104489D5 trojan !!!

            ccsetup228\Lang\lang-1061.dll    Found the Artemis!2F9F0032EC23 trojan !!!

            ccsetup228\Lang\lang-1063.dll    Found the Artemis!FD0A93E05BF3 trojan !!!

            ccsetup228\Lang\lang-1065.dll    Found the Artemis!9F111AC84E2A trojan !!!

            ccsetup228\Lang\lang-1066.dll    Found the Artemis!06EDFA8998C6 trojan !!!

            ccsetup228\Lang\lang-1067.dll    Found the Artemis!8239EE138FEC trojan !!!

            ccsetup228\Lang\lang-1071.dll    Found the Artemis!336DBD3143BB trojan !!!

            ccsetup228\Lang\lang-1079.dll    Found the Artemis!826EBDA1C4CC trojan !!!

            ccsetup228\Lang\lang-1110.dll    Found the Artemis!0319A5512AB2 trojan !!!

            ccsetup228\Lang\lang-2052.dll    Found the Artemis!140E1C922E15 trojan !!!

            ccsetup228\Lang\lang-2070.dll    Found the Artemis!5C0BDD0FBAD4 trojan !!!

            ccsetup228\Lang\lang-2074.dll    Found the Artemis!3084C348A905 trojan !!!

            ccsetup228\Lang\lang-3098.dll    Found the Artemis!5AF4C24B0A93 trojan !!!

            ccsetup228\Lang\lang-5146.dll    Found the Artemis!56876D314E34 trojan !!!

            ccsetup228\uninst.exe    Found the Artemis!2A43FF3A4B30 trojan !!!

            ccsetup228.exe\8.nsis    Found the Artemis!378002A2BB25 trojan !!!

            ccsetup228.exe\10.nsis    Found the Artemis!0BFF0D90A977 trojan !!!

            ccsetup228.exe\11.nsis    Found the Artemis!14CF367C69AC trojan !!!

            ccsetup228.exe\12.nsis    Found the Artemis!70EC16F807A8 trojan !!!

            ccsetup228.exe\13.nsis    Found the Artemis!82A3BDE5DB5A trojan !!!

            ccsetup228.exe\14.nsis    Found the Artemis!4EEB0F273D7B trojan !!!

            ccsetup228.exe\15.nsis    Found the Artemis!12404073571D trojan !!!

            ccsetup228.exe\16.nsis    Found the Artemis!47F13AE3F05D trojan !!!

            ccsetup228.exe\17.nsis    Found the Artemis!5C0BDD0FBAD4 trojan !!!

            ccsetup228.exe\18.nsis    Found the Artemis!98A188DC15BC trojan !!!

            ccsetup228.exe\19.nsis    Found the Artemis!60D8FAD0FC38 trojan !!!

            ccsetup228.exe\20.nsis    Found the Artemis!F2CA3B49F14B trojan !!!

            ccsetup228.exe\21.nsis    Found the Artemis!4818822961C0 trojan !!!

            ccsetup228.exe\22.nsis    Found the Artemis!1DBEA031A35C trojan !!!

            ccsetup228.exe\23.nsis    Found the Artemis!5FDF2DCE5E13 trojan !!!

            ccsetup228.exe\24.nsis    Found the Artemis!5CB4236A59C6 trojan !!!

            ccsetup228.exe\25.nsis    Found the Artemis!04360AC2D4A7 trojan !!!

            ccsetup228.exe\26.nsis    Found the Artemis!11829911D433 trojan !!!

            ccsetup228.exe\27.nsis    Found the Artemis!039D8A5FE30F trojan !!!

            ccsetup228.exe\28.nsis    Found the Artemis!140E1C922E15 trojan !!!

            ccsetup228.exe\29.nsis    Found the Artemis!AB25D5057D76 trojan !!!

            ccsetup228.exe\30.nsis    Found the Artemis!8520B09B4AF3 trojan !!!

            ccsetup228.exe\31.nsis    Found the Artemis!808CBA037938 trojan !!!

            ccsetup228.exe\32.nsis    Found the Artemis!3D9913466E23 trojan !!!

            ccsetup228.exe\33.nsis    Found the Artemis!2EC010610B3A trojan !!!

            ccsetup228.exe\34.nsis    Found the Artemis!5EE4A7F024CF trojan !!!

            ccsetup228.exe\35.nsis    Found the Artemis!0319A5512AB2 trojan !!!

            ccsetup228.exe\36.nsis    Found the Artemis!FD0A93E05BF3 trojan !!!

            ccsetup228.exe\37.nsis    Found the Artemis!4072A7530255 trojan !!!

            ccsetup228.exe\38.nsis    Found the Artemis!5AF4C24B0A93 trojan !!!

            ccsetup228.exe\39.nsis    Found the Artemis!3084C348A905 trojan !!!

            ccsetup228.exe\40.nsis    Found the Artemis!1B5BB96C6882 trojan !!!

            ccsetup228.exe\41.nsis    Found the Artemis!336DBD3143BB trojan !!!

            ccsetup228.exe\42.nsis    Found the Artemis!56876D314E34 trojan !!!

            ccsetup228.exe\43.nsis    Found the Artemis!4ADD8A641983 trojan !!!

            ccsetup228.exe\44.nsis    Found the Artemis!05772D59969F trojan !!!

            ccsetup228.exe\45.nsis    Found the Artemis!06EDFA8998C6 trojan !!!

            ccsetup228.exe\46.nsis    Found the Artemis!C54B104489D5 trojan !!!

            ccsetup228.exe\47.nsis    Found the Artemis!2F9F0032EC23 trojan !!!

            ccsetup228.exe\48.nsis    Found the Artemis!9F111AC84E2A trojan !!!

            ccsetup228.exe\49.nsis    Found the Artemis!8239EE138FEC trojan !!!

            ccsetup228.exe\50.nsis    Found the Artemis!826EBDA1C4CC trojan !!!

            ccsetup228.exe\53.nsis    Found the Artemis!2A43FF3A4B30 trojan !!!

            • 3. Re: CCleaner Setup file wrongly identified as a trojan.

              Mal09,

               

              Thank for the upload.

               

              Anand, Now that you have the file descripotion, Please make sure that it is added to teh Whitelist.

               

               

              Thank you

              • 4. Re: CCleaner Setup file wrongly identified as a trojan.

                The number of Artemis false positives in the 228 installer has decreased, but they are still there. Here's the current list:

                 

                ccsetup228.exe\8.nsis    Found the Artemis!378002A2BB25 trojan !!!
                ccsetup228.exe\10.nsis    Found the Artemis!0BFF0D90A977 trojan !!!
                ccsetup228.exe\11.nsis    Found the Artemis!14CF367C69AC trojan !!!
                ccsetup228.exe\12.nsis    Found the Artemis!70EC16F807A8 trojan !!!
                ccsetup228.exe\13.nsis    Found the Artemis!82A3BDE5DB5A trojan !!!
                ccsetup228.exe\14.nsis    Found the Artemis!4EEB0F273D7B trojan !!!
                ccsetup228.exe\15.nsis    Found the Artemis!12404073571D trojan !!!
                ccsetup228.exe\16.nsis    Found the Artemis!47F13AE3F05D trojan !!!
                ccsetup228.exe\17.nsis    Found the Artemis!5C0BDD0FBAD4 trojan !!!
                ccsetup228.exe\18.nsis    Found the Artemis!98A188DC15BC trojan !!!
                ccsetup228.exe\19.nsis    Found the Artemis!60D8FAD0FC38 trojan !!!
                ccsetup228.exe\20.nsis    Found the Artemis!F2CA3B49F14B trojan !!!
                ccsetup228.exe\21.nsis    Found the Artemis!4818822961C0 trojan !!!
                ccsetup228.exe\22.nsis    Found the Artemis!1DBEA031A35C trojan !!!
                ccsetup228.exe\23.nsis    Found the Artemis!5FDF2DCE5E13 trojan !!!
                ccsetup228.exe\24.nsis    Found the Artemis!5CB4236A59C6 trojan !!!
                ccsetup228.exe\25.nsis    Found the Artemis!04360AC2D4A7 trojan !!!
                ccsetup228.exe\26.nsis    Found the Artemis!11829911D433 trojan !!!
                ccsetup228.exe\27.nsis    Found the Artemis!039D8A5FE30F trojan !!!
                ccsetup228.exe\28.nsis    Found the Artemis!140E1C922E15 trojan !!!
                ccsetup228.exe\29.nsis    Found the Artemis!AB25D5057D76 trojan !!!
                ccsetup228.exe\30.nsis    Found the Artemis!8520B09B4AF3 trojan !!!
                ccsetup228.exe\31.nsis    Found the Artemis!808CBA037938 trojan !!!
                ccsetup228.exe\32.nsis    Found the Artemis!3D9913466E23 trojan !!!
                ccsetup228.exe\33.nsis    Found the Artemis!2EC010610B3A trojan !!!
                ccsetup228.exe\34.nsis    Found the Artemis!5EE4A7F024CF trojan !!!
                ccsetup228.exe\35.nsis    Found the Artemis!0319A5512AB2 trojan !!!
                ccsetup228.exe\36.nsis    Found the Artemis!FD0A93E05BF3 trojan !!!
                ccsetup228.exe\37.nsis    Found the Artemis!4072A7530255 trojan !!!
                ccsetup228.exe\38.nsis    Found the Artemis!5AF4C24B0A93 trojan !!!
                ccsetup228.exe\39.nsis    Found the Artemis!3084C348A905 trojan !!!
                ccsetup228.exe\40.nsis    Found the Artemis!1B5BB96C6882 trojan !!!
                ccsetup228.exe\41.nsis    Found the Artemis!336DBD3143BB trojan !!!
                ccsetup228.exe\42.nsis    Found the Artemis!56876D314E34 trojan !!!
                ccsetup228.exe\43.nsis    Found the Artemis!4ADD8A641983 trojan !!!
                ccsetup228.exe\44.nsis    Found the Artemis!05772D59969F trojan !!!
                ccsetup228.exe\45.nsis    Found the Artemis!06EDFA8998C6 trojan !!!
                ccsetup228.exe\46.nsis    Found the Artemis!C54B104489D5 trojan !!!
                ccsetup228.exe\47.nsis    Found the Artemis!2F9F0032EC23 trojan !!!
                ccsetup228.exe\48.nsis    Found the Artemis!9F111AC84E2A trojan !!!
                ccsetup228.exe\49.nsis    Found the Artemis!8239EE138FEC trojan !!!
                ccsetup228.exe\50.nsis    Found the Artemis!826EBDA1C4CC trojan !!!
                ccsetup228.exe\53.nsis    Found the Artemis!2A43FF3A4B30 trojan !!!

                I've submitted the installer and this list to Avert and hopefully they'll remove the rest of the incorrect detections.

                 

                Ccsetup229 has now been released, and has no Artemis FP's. (Wonder why that is???).

                • 5. Re: CCleaner Setup file wrongly identified as a trojan.
                  SamSwift

                  Marking as assumed answered due to age of post