New version detected as malware by 2 vendors [fixed]

The most recent release v5.69.7865 has been detected by Windows Defender and Hybrid Analysis as PUP in Windows 10 and as totally malicious by Hybrid Analysis. I've had the free version installed for a few days now and Defender just picked it up. I removed it and redownloaded the setup file, scanned that with Hybrid Analysis and the screenshots show all. False positive? I don't run it in the back round, however if it is doing things on it's own that's a problem.

hybrid analysis ccleaner v5.69 7_30_2020.png

malware ccleaner v5.69 page 2 7_30_2020.png

malware ccleaner v5.69 page 3 7_30_2020.png

Interesting @MackBolan, did you obtain your copy of CCleaner from the website directly? And when did you download it.

I tried VirusTotal and got no hits for a file downloaded from the website 5 minutes ago? https://www.virustotal.com/gui/file/09029869a47a9008ddfc5b338e60c22afd133685d9666df8cf498df769f67095/detection

@MackBolan, looking at what hybrid-analysis reports, most of these items are things you would expect CCleaner to do:

* Interacts with the primary disk partition (DR0)

* Queries firmware table information

* Queries kernel debugger information
	* Reads the active computer name


	* Reads the cryptographic machine GUID
</dd>
<dt>
	 
</dt>
<dt>
	* Marks file for deletion
</dt>

Microsoft seem to be having one their 'we don't like registry cleaners' months again, it's not the first time Defender has flagged or blocked CCleaner installers for a couple of days.

MS are supposed to have now sorted out the current flag/block.

Some say that they are still seeing it, if you are then try updating your Defender definitions.

image.png

(There is some suspicion that it's more a case of 'We don't like competition to Edge Chromium from CCleaner Browser, and just which of the various CCleaner installers they are currently flagging/ blocking and which they weren't tends to support that suspicion).

Not surprised, the program litterly use 100% of the CPU when open.. wouldn't thouch this program with a stick anymore or trust.