CCleaner 5.47.6716 has a Trojan

image.png.b0bf1d24ec8e4f5c1d9378d229cd2b5f.png

I got the above error message when trying to download the free CCleaner 5.47.6716. I've been using CCleaner from many years and never ran into this problem. Please resolve so that I can upgrade from 5.46

where are you trying to download it from?

use this; https://www.piriform.com/ccleaner/builds

or FileHippo is the other official mirror site.

I tried from the link you showed

Using the Slim build installer: ccsetup547_slim.exe

MD5: EF79B5B018A451CC9B149078186FBFC4


SHA-1: 3EA279FCD3F93C18F912C785E43D074921FC4AB6


SHA-256: F281CEBE66E0E792FB4D1E62CCA6D4A734CA4BD63B09C262DE49FED5D8496C89

VirusTotal results (no detections):

https://www.virustotal.com/en/file/f281cebe66e0e792fb4d1e62cca6d4a734ca4bd63b09c262de49fed5d8496c89/analysis/1538351291/

Jotti results (1 detection by ClamWin):

https://virusscan.jotti.org/en-US/filescanjob/05qz7wgvqa

I'm using NOD32 anti-virus & Malwarebytes Pro. I tried disabling each of them and that didn't change anything. I also didn't see anything in their individual log files that indicated that they stopped the download.

I then took a closer look at the error and noticed that it says "firewall gateway anti-virus service" and I realized that this is probably coming from the Sonicwall TZ300 that also does anti-virus & firewall protection. You can take a look at the following datasheet for more info. The TZ300 sits between my Comcast broadband connection and my internal office network.

https://www.sonicwall.com/SonicWall.com/files/2f/2fa6b2bd-edd9-4cc6-abe8-cebff2f90ed1.pdf

Again, I've been using CCleaner for many years and never run into this type of problem. Of course I didn't have the TZ300 until the beginning of 2017, although I had the TZ100 for many years.

I logged into the TZ300 and found that error when trying to download CCleaner again. It also showed it coming from: 13.33.231.93, 443, X1

I hope you can find a way to get rid of this "problem". It might be a false alert. Otherwise I will probably just wait for the next release.

Looks an ok address to me

https://whatismyipaddress.com/ip/13.33.231.93

The problem isn't the IP. The problem is that the firewall in the TZ300 is currently finding a problem.

I had a situation within the last few years where my antivirus was flagging a new version of a program I used all the time. When I ran it thru one of the online programs that verified against many different antivirus programs, a few of them found the same problem. Unfortunately, the vendor wasn't interested in finding a resolution.

I hope the CCleaner developers are interested in resolving this problem with the current release, else I will wait for the next release and try again. They already know that Jotti wasn't happy.

I feel the problem is with sonicwall and not Piriform in this instance. The current release is NOT infected. (otherwisw we would have scores of posts about it)

https://www.sonicwall.com/en-us/support/knowledge-base/170505785916977

It's not the first time sonic has had this false positive

https://forum.piriform.com/topic/48491-firewall-blocking-download/

While VirusTotal finds nothing wrong with the Slim build installer, it's a different story if you individually submit CCleaner.exe and CCleaner64.exe to it, then it finds something but only with 1 or 2 scanners and it states Trojan.

As for Jotti finding something, well I typically pay no attention to the ClamWin scanner they have on there and I haven't for years, it's the Linux version and is very prone to giving false positives on allot of installers made for Windows -- I don't know how they have it configured but perhaps it's set to something akin to a paranoid mode (if such a mode exists, it's just speculation). However, when scanning the same files with ClamWin installed on my Windows system it has never produced a detection.

2 hours ago, Parkarjohn said:
<div class="ipsQuote_contents">
	<p>
		This is a remarkable news for the CCleaner users as this is very important for the presence of the Trojan in the software. CCleaner is a very well developed software which helps in the cleaning if the device.  Epson Support has suggested me to use this software. But this is a matter of disappointment that this version is affected by the virus. 
	</p>
</div>

There is no infection (other than far gone past version). This topic refers to a false positive