I suggest an explanation of why I see trojan/virus's in current builds when scanning ccsetup 553

CCleaner for Windows CCleaner Windows Suggestions
21

Good evening. In my previous post, I stated it was down to own lack of education. I guess I should have expanded more. 

You are not qualified to understand the VirusTotal report hence this outburst. And I mean that in a nice way. Being a community member does not make you a Malware expert. The graphs you are looking at are only there to help identify the relationship between files, urls, domains and IP's. The file here is not flagged which is called the root node has not been flagged but the relationship with One of the above has been addressed. Any community investigation will be made public by the user unless set to private. It is nothing more than an attempt to generate a  relationship between files and addresses. It is designed for investigators to share results with One another.

22

This is the whole contents of portable.dat from CCleaner Portable and has been for years, it's not infected in any way shape or form: 

#PORTABLE#

23

I have downloaded Ccleaner in the past, scanned it and there was nothing found....NOTHING found.

Now that AVAST is in control, there is crap found in almost EVERY version.

For those that ridicule me for pointing that out .....

In your neck.

...and yet, every time I show ( NO, I HOLD YOUR HAND ) how I found something, you guys have sOMe excuse for it.

"#portable#

'Oh it's this'... 'oh it's that'...

There should not be anything in this (like it used to be).

Every

Freakn (Yes, I did change this)

Time.

NOW there is reports of the pop up, people upgraded are still getting the pop up.

ccsetup555.exe today.

Quote 
<div class="ipsQuote_contents">
	<p>
		<span style="background-color:#ffffff;color:#353c41;font-size:14px;">You are not qualified to understand</span>
	</p>
</div>

I'm qualified to understand it never had ANY positives before.....

ccleaner downloaded mar 17 2019.JPG

24

Good evening. This is going around in circles because you are not listening. How could 58 other engines be so wrong? Stop focusing on basic false positives. The engines on VT have minimal disassembling power, and VT does not execute the files for more comprehensive analyses. I have already covered Endgames false positive so no need to go over old ground. ESET is clearly flagging the packed toolbar and states "potentially". Anity labs is/was a bit of a joke. 

It is because of such limitations VT engines have regarding disassembling makes the files extremely hard to read.<span style="background-color:#ffffff;color:#282828;font-size:14px;"> Compressed and packed files, in particular, are often flagged as suspicious by VT. Considering heuristic analysis AV engines have no way to determine the good or pad in a program based on certain methods which therefore they may alert you of a dangerous nature.




If a person has a firearm on them who can accurately distinguish between good or bad intentions. So we simply flag the firearm.</span>

25

No infection in any of the portable versions listed in this topic so far. I downloaded & checked them all. The 555 zip file does show a false positive, but none of the files extracted from it do.

I suggest that the OP begin posting the hash values in code tags instead of pictures so it is easier to be sure we are all talking about the same file. 

No way am I going to try to manually type all those hashes &amp; verify them, don't have time. <img alt=":(" data-emoticon="" height="20" src="<fileStore.core_Emoticons>/emoticons/default_sad.png" srcset="<fileStore.core_Emoticons>/emoticons/sad@2x.png 2x" title=":(" width="20">  


But it would be simple to copy and search for the text string.

For example, VT shows the hash for the portable CCleaner 64 exe extracted from ver. 555 as this: 

SHA-256	e482637cbad141b517ac6f27ceff8cf04e36a92c51c00ea29c1d2c0119a74782

It's easy to copy and check that hash in several ways, both here and at VT.

26
1 hour ago, login123 said: 
<div class="ipsQuote_contents">
	<p>
		No infection in any of the portable versions listed in this topic so far.  I downloaded &amp; checked them all.  The 555 zip file does show a false positive, but none of the files extracted from it do.
	</p>

	<p>
		I suggest that the OP begin posting the hash values in code tags instead of pictures so it is easier to be sure we are all talking about the same file. 


		No way am I going to try to manually type all those hashes &amp; verify them, don't have time. <img alt=":(" data-emoticon="" height="20" src="<fileStore.core_Emoticons>/emoticons/default_sad.png" srcset="<fileStore.core_Emoticons>/emoticons/sad@2x.png 2x" title=":(" width="20">  


		But it would be simple to copy and search for the text string.
	</p>

	<p>
		For example, VT shows the hash for the portable CCleaner 64 exe extracted from ver. 555 as this: 
	</p>

	<pre class="ipsCode prettyprint lang-html prettyprinted">

SHA-256 e482637cbad141b517ac6f27ceff8cf04e36a92c51c00ea29c1d2c0119a74782

	<p>
		It's easy to copy and check that hash in several ways, both here and at VT.
	</p>
</div>


I experienced the heartache of it earlier this evening.




SHA-256 ea2b0fe19acc526f8c634fe933f63b7f2a1911a27a74dc2d87a5ea6ac4a8f2b3

https://www.virustotal.com/#/file/ba400d0cb1773f5476ab4c391222303c543d993468625b2769f12256d3aa9145/detection

27

Since this is going absolutely nowhere this topic is now closed.