There is a Trojan within the new version of CCleaner [false positive]

A Trojan has been found out on CCleaner Installer v5.65.

Please help me.

My Kaspersky Internet Security has deleted this dangerous file.

I'm waiting for a solution please.

Thanks in advance.

Ricardo

CCleaner_Trojan_20200324.png

It's a false positive. There is no actual virus. It happens with every new release.

Every software that releases a new version gets one or two AV's not recognising the new version at first

It happens because they 'see' something different than they expect from that software and so are not sure if it's real or a fake.

Once the AV company gets it's finger out and updates their listing all is well again.

I've submitted ccsetup565.exe to a VirusTotal check and all 67 AV engines that responded say that it's clean - including Kaspersky

https://www.virustotal.com/gui/file/810d4b0d8f4171b13f6d5a4c5c6c5e33209af7af6c378a2218007caae12dc2d6/detection

11 hours ago, TwistedMetal said:
<div class="ipsQuote_contents">
	<p>
		It's a false positive. There is no actual virus. It happens with every new release.
	</p>
</div>

TwistedMetal, thank you for your answer. But it happened for me for the first time. Maybe it may be a virus. ?

I really need a solution, because I won't disable my anti-virus in order to install a dangerous software.

Thanks

1 hour ago, nukecad said:
<div class="ipsQuote_contents">
	<p>
		Every software that releases a new version gets one or two AV's not recognising the new version at first
	</p>

	<p>
		It happens because they 'see' something different than they expect from that software and so are not sure if it's real or a fake.


		Once the AV company gets it's finger out and updates their listing all is well again.
	</p>

	<p>
		I've submitted ccsetup565.exe to a VirusTotal check and all 67 AV engines that responded say that it's clean - including Kaspersky

https://www.virustotal.com/gui/file/810d4b0d8f4171b13f6d5a4c5c6c5e33209af7af6c378a2218007caae12dc2d6/detection


nukecad, thank you for your answer.

But I have been using CCleaner Professional for years. And it happened for the first time.

And also PAY CLOSE ATTENTION to the screenshot I took. ? You've submitted a DIFFERENT FILE (ccsetup565.exe). That IS NOT the file Kaspersky Internet Security has detected. ? There is a virus inside this file ccupdate5.65.7632.exe.

If you can submitted the correct file, I would be very thankful, because my anti-virus can't allow me to download it and even install it.

Thanks for your answer.

When you click on the VirusTotal link in nukead's post above and get to the site, click on where it says Details.

Scroll down a bit and you will see that it mentions 5.65.7632.exe and ccsetup565.exe. They are one and the same.

The temp file ccupdate you have highlighted by Kaspersky on your machine is just where the setup file gets unpacked to a temp area for installing.

Please do not be concerned.

If it still is bothering your peace of mind contact Kaspersky who will give you some info about this.

You can always wait a few days since that gives antivirus vendors time to update their detection (usually 48-72 hours) - and it also affords you a time-gap if a new version has other issues such as being buggy.

The file that Riacrdo is talking about is not the CCleaner installer. (Sorry, I'd missed that).

It appears to be the 'Emergency Updater'?

But that doesn't usually have the version number, just 'ccupdate.exe', and the pathname in the screenshot looks odd.

ccupdate.exe also shows as clean on VT:

https://www.virustotal.com/gui/file/6c997590da9a900e09fb0e0f469ed09c07199e461661d0346f9dd431f9534b26/detection

@RicardodeMiranda

Does the file "C:\Program Files\CCleaner\temp_ccupdate\ccupdate5.65.7632.exe" actually exist on your computer?

Does the folder "temp_ccupdate" even exist?


(or is it only in Kaspersky that you saw it?).

Can you tell us where you downloaded CCleaner v5.65 from?

3 hours ago, Andavari said:
<div class="ipsQuote_contents">
	<p>
		You can always wait a few days since that gives antivirus vendors time to update their detection (usually 48-72 hours) - and it also affords you a time-gap if a new version has other issues such as being buggy.
	</p>
</div>

Andavari, thank you so much! It happened in this morning.

Thanks to everyone.

2 hours ago, nukecad said:
<div class="ipsQuote_contents">
	<p>
		The file that Riacrdo is talking about is not the CCleaner installer. (Sorry, I'd missed that).


		It appears to be the 'Emergency Updater'?
	</p>

	<p>
		But that doesn't usually have the version number, just 'ccupdate.exe', and the pathname in the screenshot looks odd.


		ccupdate.exe also shows as clean on VT:

https://www.virustotal.com/gui/file/6c997590da9a900e09fb0e0f469ed09c07199e461661d0346f9dd431f9534b26/detection

	<p>
		<span><a contenteditable="false" data-ipshover="" data-ipshover-target="<___base_url___>/profile/83262-ricardodemiranda/?do=hovercard" data-mentionid="83262" href="<___base_url___>/profile/83262-ricardodemiranda/" rel="">@RicardodeMiranda</a></span>
	</p>

	<p>
		<span>Does the file </span>"C:\Program Files\CCleaner\temp_ccupdate\ccupdate5.65.7632.exe" actually exist on your computer?


		Does the folder "temp_ccupdate" even exist?


		(or is it only in Kaspersky that you saw it?).
	</p>

	<p>
		Can you tell us where you downloaded CCleaner v5.65 from?
	</p>

	<p>
		 
	</p>
</div>

nukecad, thank you very much!

Because I bought CCleaner Professional I just need to click on right bottom corner where there is a link called Check for updates (please see the new screenshot I've taken and attached below).

And right after that a window appears and it downloads and installs the new version on my laptop. Could you get it?

But yesterday my anti-virus used to "cancel" that downloading process, you know? It used to show me a notification (a file deleted), because it used to identify a dangerous file, you know?

However in today morning I tried once more... and then... finally, my anti-virus allowed to download and install.

Thank you so much, guys!

Now everything is OK.

CCleaner_CheckforUpdates.png

So it was just the AV taking time to catch up with it's definitions then.

Good to hear that it's ok now.

On 25/03/2020 at 10:10, hazelnut said:
<div class="ipsQuote_contents">
	<p>
		When you click on the VirusTotal link in nukead's post above and get to the site, click on where it says Details.
	</p>

	<p>
		Scroll down a bit and you will see that it mentions <span style="background-color:#ffffff;color:#353c41;font-size:14px;">5.65.7632.exe and </span><span style="background-color:#fbfbfb;color:#353c41;font-size:15px;">ccsetup565.exe. They are one and the same.</span>
	</p>

	<p>
		<span style="background-color:#fbfbfb;color:#353c41;font-size:15px;">The temp file ccupdate you have highlighted by Kaspersky on your machine is just where the setup file gets unpacked to a temp area for installing.</span>
	</p>

	<p>
		<span style="background-color:#fbfbfb;color:#353c41;font-size:15px;">Please do not be concerned.</span>
	</p>

	<p>
		<span style="background-color:#fbfbfb;color:#353c41;font-size:15px;">If it still is bothering your peace of mind contact Kaspersky who will give you some info about this.</span>
	</p>
</div>

On 25/03/2020 at 10:10, hazelnut said:
<div class="ipsQuote_contents">
	<p>
		When you click on the VirusTotal link in nukead's post above and get to the site, click on where it says Details.
	</p>

	<p>
		Scroll down a bit and you will see that it mentions <span style="background-color:#ffffff;color:#353c41;font-size:14px;">5.65.7632.exe and </span><span style="background-color:#fbfbfb;color:#353c41;font-size:15px;">ccsetup565.exe. They are one and the same.</span>
	</p>

	<p>
		<span style="background-color:#fbfbfb;color:#353c41;font-size:15px;">The temp file ccupdate you have highlighted by Kaspersky on your machine is just where the setup file gets unpacked to a temp area for installing.</span>
	</p>

	<p>
		<span style="background-color:#fbfbfb;color:#353c41;font-size:15px;">Please do not be concerned.</span>
	</p>

	<p>
		<span style="background-color:#fbfbfb;color:#353c41;font-size:15px;">If it still is bothering your peace of mind contact Kaspersky who will give you some info about this.</span>
	</p>
</div>

Thank you so much for your answer, hazelnut! :)

On 25/03/2020 at 10:55, nukecad said:
<div class="ipsQuote_contents">
	<p>
		The file that Riacrdo is talking about is not the CCleaner installer. (Sorry, I'd missed that).


		It appears to be the 'Emergency Updater'?
	</p>

	<p>
		But that doesn't usually have the version number, just 'ccupdate.exe', and the pathname in the screenshot looks odd.


		ccupdate.exe also shows as clean on VT:

https://www.virustotal.com/gui/file/6c997590da9a900e09fb0e0f469ed09c07199e461661d0346f9dd431f9534b26/detection

	<p>
		<span><a contenteditable="false" data-ipshover="" data-ipshover-target="<___base_url___>/profile/83262-ricardodemiranda/?do=hovercard" data-mentionid="83262" href="<___base_url___>/profile/83262-ricardodemiranda/" rel="">@RicardodeMiranda</a></span>
	</p>

	<p>
		<span>Does the file </span>"C:\Program Files\CCleaner\temp_ccupdate\ccupdate5.65.7632.exe" actually exist on your computer?


		Does the folder "temp_ccupdate" even exist?


		(or is it only in Kaspersky that you saw it?).
	</p>

	<p>
		Can you tell us where you downloaded CCleaner v5.65 from?
	</p>

	<p>
		 
	</p>
</div>

Thank you for your reply, nukecad.

It has been resolved.

No, this is just a temp folder, you know?

I just need to click on this link (attached file) in order to ask CCleaner to download and install the new software for me.

CCleaner_Update.png

On 25/03/2020 at 14:45, nukecad said:
<div class="ipsQuote_contents">
	<p>
		So it was just the AV taking time to catch up with it's definitions then.
	</p>

	<p>
		Good to hear that it's ok now.
	</p>
</div>

Thank you so much, nukecad! :)