Jump to content

RicardodeMiranda

Experienced Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

 Content Type 

Posts posted by RicardodeMiranda

    There is a Trojan within the new version of CCleaner [false positive]

    in CCleaner Help Requests

    Posted

    On 25/03/2020 at 10:55, nukecad said:

    The file that Riacrdo is talking about is not the CCleaner installer. (Sorry, I'd missed that).
    It appears to be the 'Emergency Updater'?

    But that doesn't usually have the version number, just 'ccupdate.exe', and the pathname in the screenshot looks odd.
    ccupdate.exe also shows as clean on VT:
    https://www.virustotal.com/gui/file/6c997590da9a900e09fb0e0f469ed09c07199e461661d0346f9dd431f9534b26/detection

    @RicardodeMiranda

    Does the file "C:\Program Files\CCleaner\temp_ccupdate\ccupdate5.65.7632.exe" actually exist on your computer?
    Does the folder "temp_ccupdate" even exist?
    (or is it only in Kaspersky that you saw it?).

    Can you tell us where you downloaded CCleaner v5.65 from?

     

    Thank you for your reply, nukecad.

    It has been resolved.

    No, this is just a temp folder, you know?

    I just need to click on this link (attached file) in order to ask CCleaner to download and install the new software for me.

    CCleaner_Update.png

    There is a Trojan within the new version of CCleaner [false positive]

    in CCleaner Help Requests

    Posted

    On 25/03/2020 at 10:10, hazelnut said:

    When you click on the VirusTotal link in nukead's post above and get to the site, click on where it says Details.

    Scroll down a bit and you will see that it mentions 5.65.7632.exe and ccsetup565.exe. They are one and the same.

    The temp file ccupdate you have highlighted by Kaspersky on your machine is just where the setup file gets unpacked to a temp area for installing.

    Please do not be concerned.

    If it still is bothering your peace of mind contact Kaspersky who will give you some info about this.

     

    On 25/03/2020 at 10:10, hazelnut said:

    When you click on the VirusTotal link in nukead's post above and get to the site, click on where it says Details.

    Scroll down a bit and you will see that it mentions 5.65.7632.exe and ccsetup565.exe. They are one and the same.

    The temp file ccupdate you have highlighted by Kaspersky on your machine is just where the setup file gets unpacked to a temp area for installing.

    Please do not be concerned.

    If it still is bothering your peace of mind contact Kaspersky who will give you some info about this.

    Thank you so much for your answer, hazelnut! :)

    There is a Trojan within the new version of CCleaner [false positive]

    in CCleaner Help Requests

    Posted

    2 hours ago, nukecad said:

    The file that Riacrdo is talking about is not the CCleaner installer. (Sorry, I'd missed that).
    It appears to be the 'Emergency Updater'?

    But that doesn't usually have the version number, just 'ccupdate.exe', and the pathname in the screenshot looks odd.
    ccupdate.exe also shows as clean on VT:
    https://www.virustotal.com/gui/file/6c997590da9a900e09fb0e0f469ed09c07199e461661d0346f9dd431f9534b26/detection

    @RicardodeMiranda

    Does the file "C:\Program Files\CCleaner\temp_ccupdate\ccupdate5.65.7632.exe" actually exist on your computer?
    Does the folder "temp_ccupdate" even exist?
    (or is it only in Kaspersky that you saw it?).

    Can you tell us where you downloaded CCleaner v5.65 from?

     

    nukecad, thank you very much!

    Because I bought CCleaner Professional I just need to click on right bottom corner where there is a link called Check for updates (please see the new screenshot I've taken and attached below).

    And right after that a window appears and it downloads and installs the new version on my laptop.  Could you get it?

    But yesterday my anti-virus used to "cancel" that downloading process, you know? It used to show me a notification (a file deleted), because it used to identify a dangerous file, you know?

    However in today morning I tried once more... and then... finally, my anti-virus allowed to download and install.

    Thank you so much, guys!

    Now everything is OK.

    CCleaner_CheckforUpdates.png

    There is a Trojan within the new version of CCleaner [false positive]

    in CCleaner Help Requests

    Posted

    1 hour ago, nukecad said:

    Every software that releases a new version gets one or two AV's not recognising the new version at first

    It happens because they 'see' something different than they expect from that software and so are not sure if it's real or a fake.
    Once the AV company gets it's finger out and updates their listing all is well again.

    I've submitted ccsetup565.exe to a VirusTotal check and all 67 AV engines that responded say that it's clean - including Kaspersky
    https://www.virustotal.com/gui/file/810d4b0d8f4171b13f6d5a4c5c6c5e33209af7af6c378a2218007caae12dc2d6/detection

    nukecad, thank you for your answer.

    But I have been using CCleaner Professional for years. And it happened for the first time.

    And also PAY CLOSE ATTENTION to the screenshot I took. 😉 You've submitted a DIFFERENT FILE (ccsetup565.exe). That IS NOT the file Kaspersky Internet Security has detected. 😉 There is a virus inside this file ccupdate5.65.7632.exe.

    If you can submitted the correct file, I would be very thankful, because my anti-virus can't allow me to download it and even install it.

    Thanks for your answer.

    [False Positive] A malware on CCleaner 5.48.6834.

    in CCleaner Bug Reporting

    Posted

    44 minutes ago, Stephen Piriform said:

    I don't think it's anything to be concerned by. This company analyses URLs and flags anything without a good reputation. It looks like they have a simple check that simply flags any URL that downloads an executable. It does not seem that it does any checks on the file itself to see if it is legitimate.

    To compare, here is the VirusTotal results for the file itself (not the download URL):

    https://www.virustotal.com/#/file/079609c8d786cab5d29b43d315af1d7276805f0f7cc48f180106d38d4c5b2e97/detection

    image.png

     

    The file also checks out with Kaspersky:

    image.png

     

    I have reported a false positive to DNS8 so they can investigate.

    Thank you so much for your kind support and screenshots, Stephen Piriform.

    Currently, my CCleaner Professional is 5.47.6716. And any preview installers this Kaspersky couldn't detect any trojan.

    If they send to you any answer... could you just report to me what they said please?

    Thank you so much again.

    [False Positive] A malware on CCleaner 5.48.6834.

    in CCleaner Bug Reporting

    Posted

    11 minutes ago, Stephen Piriform said:

    Hi there,

    Kaspersky is not flagging this file from what I can see: https://www.virustotal.com/#/url/dcbf986874e39ef14eaaea2c6d0e0960b7ef79d039dca17757cc77d87507c33f/detection

    Can you confirm that the MD5 filehash for the ccupdate548_pro.exe file you have matches "3c4836f8f949c94bb651a74814617868" ?

    Hi, Stephen Piriform.

    After clicking on your link, you can see it on the screenshot I took. VirusTotal detected also.

    WebsiteDNS8.png

    [False Positive] A malware on CCleaner 5.48.6834.

    in CCleaner Bug Reporting

    Posted

    Hello, everyone.

    I'm Ricardo, and I would like to tell you that Kaspersky Internet Security detected a malware on a CCleaner installer. It's called UDS:Trojan.Win32.Droma. It is on this file ccupdate548_pro[1].exe. Please fix it ASAP. My Kaspersky can't allow me to install this new version. And I advise to anyone not to install for a while.

    Thanks in advance. And I hope to find this solution.

    Best regards.

    Ricardo

    CCleanerProfessional_Trojan.png

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept