shadowwar

Can you please zip and attach the file detected here. Also the mbamservice.log would be helpful also. Thanks.

This is a website that has this. Its not a local infection on the machine. Its a javascript embedded in the page usually. Just fyi. What is the website you go to when this triggers?

This should no longer be detected. Thanks for letting us know.

No problem. Glad its resolved.

Well somehow either your reinstalling 5.33 or you are not getting it uninstalled. This may be due to not rebooting in between the uninstall and new install. The def that is hitting that file will ONLY hit 5.33. It cant possibly hit 5.34.

Did you reboot inbetween the uninstall and reinstall? I need more information to assist you. please see here. also the file we are triggering on please zip that up and attach it to this post.

C:\Program Files\CCleaner\uninst.exe Its located there.

I just checked with ccleaner 5.34 installed here and i have no hits. Not sure without the file itself what may be happening on your system. I would recommend uninstalling ccleaner through its own uninstaller then rebooting. Then install 5.34 and run another scan with mbam.

Can you please post the log showing our detection and copies of the files zipped we are hitting? Thanks

Just another name for the same Infection. Some companies may call one thing while others may call it another name.

Did cftp maybe update? Can you please post the required information as you did before. Thanks.

The update is already out. We analyzed the file and its Written by asus.

Kovter is what you were infected with. Its mostly a click fraud trojan. Cant hurt to change your passwords though.

Safemode MBAM will work to remove the infection causing this. Mbar can also be run if you are no longer there but you must leave all the default settings on and do not uncheck anything.

Actually this may have been fixed yesterday. Please update and let me know if still detected.