Hello, everyone.
I'm Ricardo, and I would like to tell you that Kaspersky Internet Security detected a malware on a CCleaner installer. It's called UDS:Trojan.Win32.Droma. It is on this file ccupdate548_pro[1].exe. Please fix it ASAP. My Kaspersky can't allow me to install this new version. And I advise to anyone not to install for a while.
Thanks in advance. And I hope to find this solution.
Best regards.
Ricardo
Hi there,
Kaspersky is not flagging this file from what I can see: https://www.virustotal.com/#/url/dcbf986874e39ef14eaaea2c6d0e0960b7ef79d039dca17757cc77d87507c33f/detection
Can you confirm that the MD5 filehash for the ccupdate548_pro.exe file you have matches "3c4836f8f949c94bb651a74814617868" ?
11 minutes ago, Stephen Piriform said:<div class="ipsQuote_contents"> <p> Hi there, </p> <p> Kaspersky is not flagging this file from what I can see: <a href="https://www.virustotal.com/#/url/dcbf986874e39ef14eaaea2c6d0e0960b7ef79d039dca17757cc77d87507c33f/detection" rel="external nofollow">https://www.virustotal.com/#/url/dcbf986874e39ef14eaaea2c6d0e0960b7ef79d039dca17757cc77d87507c33f/detection</a> </p> <p> Can you confirm that the MD5 filehash for the ccupdate548_pro.exe file you have matches "3c4836f8f949c94bb651a74814617868" ? </p> </div>
Hi, Stephen Piriform.
After clicking on your link, you can see it on the screenshot I took. VirusTotal detected also.
I don't think it's anything to be concerned by. This company analyses URLs and flags anything without a good reputation. It looks like they have a simple check that simply flags any URL that downloads an executable. It does not seem that it does any checks on the file itself to see if it is legitimate.
To compare, here is the VirusTotal results for the file itself (not the download URL):
The file also checks out with Kaspersky:
I have reported a false positive to DNS8 so they can investigate.
44 minutes ago, Stephen Piriform said:<div class="ipsQuote_contents"> <p> I don't think it's anything to be concerned by. This company analyses URLs and flags anything without a good reputation. It looks like they have a simple check that simply flags any URL that downloads an executable. It does not seem that it does any checks on the file itself to see if it is legitimate. </p> <p> To compare, here is the VirusTotal results for the file itself (not the download URL): </p> <p> <a href="https://www.virustotal.com/#/file/079609c8d786cab5d29b43d315af1d7276805f0f7cc48f180106d38d4c5b2e97/detection" rel="external nofollow">https://www.virustotal.com/#/file/079609c8d786cab5d29b43d315af1d7276805f0f7cc48f180106d38d4c5b2e97/detection</a> </p> <p> <a data-fileid="11324" href="<fileStore.core_Attachment>/monthly_2018_10/image.png.de0cbead371e8cfff8df8d6bb0d0d2a0.png" rel="" title="Enlarge image"><img alt="image.png" class="ipsImage ipsImage_thumbnailed" data-fileid="11324" src="<fileStore.core_Attachment>/monthly_2018_10/image.png.de0cbead371e8cfff8df8d6bb0d0d2a0.png"></a> </p> <p> </p> <p> The file also checks out with Kaspersky: </p> <p> <a class="ipsAttachLink ipsAttachLink_image" data-fileid="11325" href="<fileStore.core_Attachment>/monthly_2018_10/image.png.6cb1fad9a218cc844291d1ea520691fb.png" rel=""><img alt="image.png" class="ipsImage ipsImage_thumbnailed" data-fileid="11325" src="<fileStore.core_Attachment>/monthly_2018_10/image.thumb.png.ebd7c75c5392079ed9c0c3d1a1ce377f.png"></a> </p> <p> </p> <p> I have reported a false positive to DNS8 so they can investigate. </p> </div>
Thank you so much for your kind support and screenshots, Stephen Piriform.
Currently, my CCleaner Professional is 5.47.6716. And any preview installers this Kaspersky couldn't detect any trojan.
If they send to you any answer... could you just report to me what they said please?
Thank you so much again.
DNS8 got back to me. They have adjusted the URL's reputation:
3 hours ago, Stephen Piriform said:<div class="ipsQuote_contents"> <p> DNS8 got back to me. They have adjusted the URL's reputation: </p> <p> <a href="https://www.virustotal.com/#/url/dcbf986874e39ef14eaaea2c6d0e0960b7ef79d039dca17757cc77d87507c33f/detection" rel="external nofollow">https://www.virustotal.com/#/url/dcbf986874e39ef14eaaea2c6d0e0960b7ef79d039dca17757cc77d87507c33f/detection</a></p> </div>
Me too.
Thanks again.