lmacri

Hi nukecad: I have no idea, but the File.org article at https://file.org/extension/part states: Perhaps the CCleaner installer OP sotiris downloaded was bundled with bloatware (e.g., Avast Free Antivirus, Chrome browser, etc) that triggered Firefox to break the download into multiple .part files with seemingly random filenames before the partial downloads were recombined. Perhaps ESET threw a false positive detection because the ESET virus definition set was out of date and hadn't whitelisted the CCleaner installer yet (OP sotiris notes they saw that detection "a while ago" and the image <here> shows the Reputation was "Discovered 1 week ago"). It's even possible OP sotiris downloaded the CCleaner installer from a third-party download site (e.g., CNET's download.com) that bundled the installer with suspicious software. See bjm_'s example in the Norton thread False Norton "Threat" PUA.Drivereasy Uninstalls Legitimate Windows Program !! where a DriverEasy installer downloaded directly from the DriverEasy site was not flagged as a PUA. However, the DriverEasy installer downloaded from a third-party download site (the download link in that thread was removed by a Norton Forum Mod as being potentially dangerous) had one of these odd file names (qfflb92n.exe.part) and SHA-2 hash that did not match the "safe" installer and was flagged as a PUA. This is all speculation on my part, and why Firefox would begin the download of a CCleaner installer into a folder called C:\Users\User\AppData\Local\Temp (I also thought that path looked odd - I don't have a C:\Users\User folder on my own machine, hidden or otherwise) and assign that odd WQchxgI name to the partial .exe.part file will probably remain a mystery unless the OP sotiris can recreate that PUA detection with a fresh download. ------------- 64-bit Win 10 Pro v1909 build 18363.900 * Windows Defender v4.18.2006.10 * Firefox ESR v68.11.0 * CCleaner Free Portable v5.69.7865

Hi sotiris: See the FileInfo description of .PART files at https://fileinfo.com/extension/part, which states "A PART file is a partially downloaded file from the Internet used for downloads that are in progress or have been stopped. Some PART files can be resumed at a later time using the same program that started the download. PART files are typically used by Mozilla Firefox...". Just a guess, but that .exe.part file extension could indicate that Firefox was interrupted while downloading the CCleaner installer, and now ESET doesn't recognize the partial file that was saved in AppData\Local\Temp (i.e., the SHA-256 hash of the partial file doesn't match the expected SHA-256 hash of the full installer). If you use CCleaner or Windows Disk Cleanup to clear the temporary system files on your hard drive that partial file (and the ESET detection) might simply disappear. If not, click the blue CLEAN button shown <here> in the your image of the ESET detection (or try clearing your Firefox Browsing & Download history - press Ctrl-Shift-Delete while Firefox is open) and that should remove that partial file from your hard drive. ------------- 64-bit Win 10 Pro v1909 build 18363.900 * Windows Defender v4.18.2006.10 * Firefox ESR v68.11.0 * CCleaner Free Portable v5.69.7865

Microsoft has updated the description of the PUA:Win32/CCleaner detection at https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=PUA:Win32/CCleaner&ThreatID=277099 and they now confirm that the installer will be flagged by Windows Defender as a PUA/PUP (potentially unwanted application/program) if the installer is bundled with unnecessary software (e.g., Avast Free Antivirus, AVG Antivirus Free, etc.). Kudos to bjm_ for posting about this updated description of the PUA:Win32/CCleaner detection <here> in the Norton Tech Outpost board. ------------- 64-bit Win 10 Pro v1909 build 18363.900 * Windows Defender v4.18.2006.10 * Firefox ESR v68.11.0 * CCleaner Free Portable v5.69.7865

Hi Sandra CCleaner: Thank you for posting that link to the v5.64 Portable build for Win XP/Vista.

Hi hazelnut / Sandra CCleaner: I was looking for the CCleaner Portable v5.64 for XP/Vista (i.e., something like ccsetup564.zip or ccsetup564_xp-vista.zip) that I can run from a USB thumb drive without installation. As Sandra CCleaner noted, the download link at https://www.ccleaner.com/ccleaner/download/portable?os=5.1w3 currently appears to be offering the Slim installer for v5.64 (ccsetup564_xp-vista.exe) in spite of the fact that the URL includes the word "portable" in the URL.

Hi Sandra CCleaner: Thank you for that direct download link. Is that the installer for the slim build, and is there a download link for the portable (.ZIP) version of CCleaner v5.64? Please note that the download link for CCleaner v5.64 in the CCleaner support article Which versions of CCleaner work with Windows XP or Vista? simply redirects users to https://www.ccleaner.com/ccleaner/builds, which is currently offering the latest CCleaner v5.66.7716. From that support article as of today:

I have the same issue with Speccy v1.32.740 which reports "S.M.A.R.T. not available" for the Toshiba KBG40ZNS256G NVMe SSD in my Dell Inspiron 15 5584 (purchased August 2019), even though CrystalDiskInfo has no problem displaying the SMART attributes. See my 22-Apr-2020 images in ZloboMiR's 19-Feb-2020 thread No SSD NVM Info. ---------------- 64-bit Win 10 Pro v1909 build 18363.720 * Firefox ESR v68.7.0 * Windows Defender v4.18.2003.8 * Speccy Portable v1.32.740 Dell Inspiron 15 5584, Intel i5-8265U@1.60/1.80 GHz, 8 GB RAM, Toshiba KBG40ZNS256G SSD, Intel UHD Graphics 620

I have the same problem with the Toshiba NVMe SSD in my Dell Inspiron 15 5584 (purchased August 2019). Speccy v1.32.740 reports "S.M.A.R.T. not supported" (see my system snaphot at http://speccy.piriform.com/results/jsOPIebHMX08p7q8vLXeBhg) ... ... while the WMIC diskdrive get status command reports "Status OK"... .. and CrystalDiskInfo v8.4.2 is able to display the SMART attributes and reports the status is "Good". ---------------- 64-bit Win 10 Pro v1909 build 18363.720 * Firefox ESR v68.7.0 * Windows Defender v4.18.2003.8 * Speccy Portable v1.32.740 Dell Inspiron 15 5584, Intel i5-8265U@1.60/1.80 GHz, 8 GB RAM, Toshiba KBG40ZNS256G SSD, Intel UHD Graphics 620

Could someone from someone Avast / Piriform please provide a status update. Dave CCleaner's 22-Oct-2019 post <here> in the the Defraggler board said the broken download links to Portable and Slim builds of Speccy/Defraggler/Recuva would be "reestablished shortly". ----------- 64-bit Win 10 Pro Ver 1903 Build 18362.476 * Firefox ESR v68.3.0 * McAfee LiveSafe v16 (R22) / VirusScan v22.7.150 * Speccy Portable v1.32.740

Hi hazelnut: Thanks for the heads up. It's concerning, though, that Avast/Piriform has known since 10-Oct-2019 that the download links to the Slim and Portable versions of these three utilities are broken and still haven't fixed them. When I'm helping someone troubleshoot a problem and ask them to publish a Speccy snapshot of their system, running Speccy Portable from a USB thumb drive is sometimes their only viable option. ----------- 64-bit Win 10 Pro Ver 1903 Build 18362.356 * Firefox ESR v68.2.0 * McAfee LiveSafe v16 (R20) / VirusScan v22.6.156 * Speccy Portable v1.32.740

Does anyone know why the portable build of Speccy v1.32 (spsetup132.zip) is not posted on the builds page at https://www.ccleaner.com/speccy/builds? Has Avast stopped offering the portable build or are the links on the builds page currently missing? I tried the download link for the the portable build on MajorGeeks at https://www.majorgeeks.com/files/details/speccy.html but that link is currently downloading the incorrect "standard" installer (spsetup132.exe). I eventually found an copy of the correct portable build (spsetup132.zip) archived on Softpedia site at https://www.softpedia.com/get/PORTABLE-SOFTWARE/System/System-Info/Speccy-Portable.shtml but when I post download links for other users in help forums I prefer to direct them to the original manufacturer's site. ----------- 64-bit Win 10 Pro Ver 1903 Build 18362.356 * Firefox ESR v68.2.0 * McAfee LiveSafe v16 (R20) / VirusScan v22.6.156 * Speccy Portable v1.32.740 Dell Inspiron 5584, Intel i5-8265U@1.60/1.80 GHz, 8 GB RAM, Intel UHD Graphics 620

Hi Dave CCleaner: According to the 21-Oct-2019 Avast blog entry Avast Fights Off Cyber-Espionage Attempt, Abiss that hazelnut referenced <above>: If I understood that article correctly, hackers managed to access Avast's internal network several times over a four-month period using stolen login credentials and somehow managed to attain domain admin priviledges before these incursions were detected. They might not have managed inject malware into the CCleaner installer as they did in 2017 (see the BleepingComputer article Avast Clarifies Details Surrounding CCleaner Malware Incident for more information about a 2017 supply chain attack where the CCleaner v5.33 installer was infected with a Floxif trojan and released to users) but it sounds to me like "Big Uncle" still has room for improvement when its comes to securing their network access.

Thanks to both Dave CCleaner and hazelnut for their replies and links to blog entries that include further details about this internal network breach.

Does anyone have further details about the "important security updates" in CCleaner v5.63.7450 (released 15-Oct-2019) and whether this update is being pushed out via the CCleaner Emergency Updater to users who do not have automatic updating enabled? Was there a change to the security certificates, or is there an exploitable vulnerability in versions v5.57 and higher that has an associated CVE number? From Ben CCCleaner's official product update announcement <here> :

Hi Dave CCleaner: Thanks for the status update. I was able to publish a system snapshot to the new server this morning, and the URLs for my older snapshots (httx://speccy.piriform.com/results/ ...) seem to be working as well. ----------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.2.22 * Speccy Portable v1.32.740

Hi nukecad: My Norton Smart Firewall block isn't new to CCleaner v5.59, at least with the Norton Security v22.15.2.22 (the legacy version for Win XP and Vista) I use. I tested the previous CCleaner Portable v5.58.7209 and the screenshot I posted back on 17-Jun-2019 in the Norton Tech Outpost <here> shows the 32-bit ccleaner.exe v5.58 executable triggers a similar "suspicious online activity" block with my Norton Smart Firewall. I sent Symantec a detailed false positive report (submitted at https://submit.symantec.com/false_positive/) on 17-Jun-2019 but the email I got back that same day stated "Having reviewed the information provided we are unable to reproduce or confirm the issue described." I'm not sure if you mean the "new" Norton 360 v22.17.x Standard / Deluxe / with LifeLock Select products that are currently being sold to US customers only with extra features like Norton Secure VPN, PC SafeCam and Norton Data Protector (see the product comparison chart <here>) but as far as I know all Norton v22.x products use the same protection definitions [e.g., SDS (virus) Definitions, Intrusion Prevention Definitions, etc.] and I don't recall seeing an unusual number of false positive reports for malware detections in the Norton community in the past week. I would agree, however, that some of the new features in recent releases of Norton v22.17.2.x and v22.17.3.x (Win 7 SP1 and higher) have been quite buggy and should have undergone more beta testing before they went into wide release. ----------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.2.22 * Malwarebytes Free v3.5.1-1.0.365 * CCleaner Portable v5.47.6701 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Hi Dave CCleaner: Could you please explain why my posts were deleted from this thread? I don't believe I violated the forum rules, and I think my comments were relevant to this topic given that my screenshots showed that the Easy Clean feature for CCleaner Portable v5.58 and v5.59 do not cause a CCleaner crash on my own 32-bit Vista SP2 machine like they do for the OP NFern. I tried publishing a Speccy snapshot of my system specs in one of my earlier posts in this thread so NFern could compare the configuration of our 32-bit machines, but Speccy's publishing server still hasn't been fixed even though Avast/Piriform employee Ben Piriform posted <here> on 13-May-2019 that the new server would be "up and running in the next few days". ----------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.2.22 * Malwarebytes Free v3.5.1-1.0.365 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Hi Andavari: I posted additional comments about my Norton Smart Firewall "suspicious activity" blocks in nikki605's thread <here> since I don't know if the problem NFern reported with Easy Clean is actually related to their antivirus. It was just an idea I wanted to throw out since my Norton AV seems to be constantly blocking the execution of recent versions of CCleaner Portable v5.58 and v5.59 on my 32-bit Vista SP2 machine unless I explicitly allow the execution. ----------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.2.22 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Hi nikki605: Just an FYI that I was testing the 32-bit version of CCleaner Portable v5.59.7230 (i.e., after I upzipped the Portable build ccsetup559.zip on my USB thumb drive and tried to launch the 32-bit ccleaner.exe executable). My ccleaner.exe executable is also Untrusted by Norton and I have to explicitly allow this file to launch and then access my Norton Smart Firewall to prevent execution from being blocked. I don't know if it's relevant, but my v5.59 executable came bundle with a beta version of the Software Updater feature (signified by a yellow dot on the Tools panel). My case is slightly different from yours but both our problems are likely related to the fact that our executables are Untrusted by Norton. You had a problem launching the v5.59 slim installer ccsetup559_slim.exe and Norton flagged your installer as having an invalid signature. In my case the problem is with the 32-bit program executable ccleaner.exe that launches the interface, and my Norton Smart Firewall block is triggered by suspicious activity. VirusTotal reports my 32-bit ccleaner.exe v5.59 is clean (0/69 detection - see the report at https://www.virustotal.com/gui/file/ad9b2e0d70061b0f66f3a2ed640913dea805e34421094c9a22154bac9d16b7d7/detection) and Symantec is listed as one of the AV engines used to scan the file, so in my case it appears to be a heuristic (behavior-based) problem or issue with the poor reputation in the wider Norton community and not because the SHA256 hash hasn't been whitelisted yet. Just another FYI that I normally use an older CCleaner Portable v5.47.6701 (i.e., before Feature Preview / forced beta testing of new features was introduced) on my Vista machine. I just got fed up having to deal with all the pop-ups, background network activity, firewall blocks, bugs, etc. every time I updated to a new version of CCleaner. ----------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.2.22 * Malwarebytes Free v3.5.1-1.0.365 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Hi NFern: I ran a test today with CCleaner Portable versions 5.58.7209 and 5.59.7230 (i.e., the 32-bit ccleaner.exe run from a USB thumb drive) on my 32-bit Vista SP2 machine and didn't have any issues viewing the results of the Easy Clean analysis. I didn't actually click the Clean All button to see what would happen if I tried to clean all the detected trackers and junk files. I can't tell you if the "standard" installed versions behave the same way. What antivirus program are you using on your computers? I normally use an older CCleaner Portable v5.47.6701 (i.e., before Feature Preview / forced beta testing of new features was introduced) and I noticed that my Norton antivirus is flagging the v5.58 and v5.59 ccleaner.exe executables as Untrusted when i try to run them from my USB thumb drive. I don't know if it's relevant, but my v5.58 and v5.59 executables both came bundle with a beta version of the Software Updater feature (signified by a yellow dot on the Tools panel) and I had to explicitly allow the ccleaner.exe v5.58 and 5.59 executables to launch and then access my Norton Smart Firewall to prevent them from being blocked by my antivirus. ----------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.2.22 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

I encountered this same problem today (15-Jun-2019). I haven't tried to publish a Speccy profile since 14-Mar-2019 so I don't know if it's a temporary glitch or if the server has been down since Killermaco reported this problem in early May 2019. ----------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.2.22 * Speccy Portable v1.32.740

Hi Andavari: No, I don't have any third-party defraggers like Piriform's Defraggler or Auslogics Disk Defrag installed and both defrag tasks in my Norton Security antivirus (Settings | Task Scheduling | Automatic Tasks | Disk Optimization and Settings | Administrative Settings | Idle Time Optimizer) are disabled. I actually stopped using Piriform's Defraggler several years ago because it started wiping all my system restore points - see my 2014 thread Full Defrag Wipes All Restore Points. I eventually found a workaround (i.e., enable the option to Replace Windows Disk Defragmenter, close Defraggler, and disable the option again) but this bug was never fixed and I got fed up having to remember to toggle this setting every time I updated Defraggler . From the last post <here> in my 2014 thread: ----------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.1.8 * Malwarebytes v3.5.1-1.0.365 * CCleaner Portable 5.35.6210

Hi glenmarshall: When you say the "new" Norton 360, do you mean you recently purchased or were upgraded to Norton 360 Standard or one of the the new N360 offerings described at https://us.norton.com/n360?inid=hho_nortoncom_softlaunchredirect_360? If so, you might want to follow Paul Buettner's thread 360 Recent Up-Date and CCleaner in the NIS/N360/NAV board of the Norton forum while you're waiting for Piriform to release a bug fix. As I noted in Paul Buettner's thread, Norton began offering these "new" Norton 360 products to select users about a month ago as part of a beta test - see tzon's 14-Dec-2018 thread Is this a new product? Norton 360 as well as Norton employee Gayathri_R's 19-Dec-2018 product announcement Have you seen new offerings on Norton.com? It’s a beta test!. At the moment we have no idea if these "new" N360 products are still in beta or whether users can downgrade back to their "old" N360/N360P products with their current product key if they wish to do so. ------------ 32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.1.8

Hi PCFYTV: One hint about your troubleshooting. As I noted <here> on 04-Jul-2018, my system restore points are intermittently wiped when my system tries to create a system restore point (SRP) and a volsnap error occurs after newer versions of CCleaner are run (i.e., not while CCleaner is running). I'm still not certain of the cause, but it almost seems like newer versions of CCleaner reset a configuration setting / registry entry or run a background task that triggers a volsnap errors the next time my system tries to create a SRP. That means that if I'm testing a particular CCleaner version (e.g., CCleaner Portable v.5.35) I have to run that same Cleaner version for a few weeks or so and monitor whether my SRPs are being deleted. According to Tomasz Szynalski's old blog post What You Should Know About Volume Shadow Copy/System Restore in Windows 7 & Vista (FAQ): That blog post also states that "if you use your machine every day on AC power and nothing prevents it from entering an idle state, you can expect automatic restore points to be created every 1-2 days on Windows Vista and every 7-8 days on Windows 7". Other conditions will trigger the creation of a SRP (e.g., before Windows Update applies a system update), but it might take to a long period of testing to figure out exactly what's deleting the SRPs on your Win 7 SP1 machine. I can't say with 100% certainty that newer versions of CCleaner are responsible for my volsnap errors but I haven't been able to correlate anything else so far (e.g., a Malwarebytes Free Threat Scan, Norton Security Automatic LiveUpdate, etc.) with my volsnap errors. By default, scheduled SRPs are normally created during system idles on my Vista SP2 machine so I have always suspected that some background task that runs during a system idle is the culprit. ----------- 32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.1.8 * Malwarebytes v3.5.1-1.0.365 * CCleaner Portable 5.35.6210

Getting back to Aethernaut's original question about location and IP address tracking, have the v5.49.6856 (12 Nov 2018), v5.50.6911 (29 Nov 2018) or v5.51.6939 (13 Dec 2018) updates given users any additional control over how this data is collected? If not, does Avast have any plans to include a setting in a future release to allow users to opt out of this type of tracking? My understanding is that the new update settings in v5.50.6911 now allow users to disable the CCleaner Emergency Updater that was introduced back in v5.36.6278 (see the AskVG article [Tip] Customize and Control CCleaner Automatic Updates Settings) but I can't see any new settings to disable the collection of tracking data that Avast employee Stephen Piriform discussed in his 29-Oct-2018 post <here> in this thread. After reading employee Stephen Piriform's response, I still don't understand the justification for collecting this type of location tracking data with CCleaner - it's a disk cleaning utility, not a real-time antivirus program. ------------ 32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Premium v22.15.1.8 * CCleaner Portable v5.47.6716