Jump to content

Positive in portable in Virustotal


Koldo

Recommended Posts

Hello:

 

Firstly, Many thanks for the utility, that I use since many years ago.

 

I have just download the portable application directly in this web and I have found this in virustotal. I think it is a false positive, but could it be fixed in some way?

 

Many thanks and best regards,

Link to comment
Share on other sites

  • Moderators

This is a false positive and what antivirus is "thehacker" sounds untrustable to me It looks to be flagging one of the language dll files.

Can anyone find any documentation on TheHacker? I haven't yet.

EDITa:

I'm going to do some digging, but usually virustotal should only be taken seriously when there's a majority share of hits.

 

EDIT1:

For more information on False Positives:

http://blog.virustotal.com/2015/02/a-first-shot-at-false-positives.html

 

EDIT2:

Just to follow up on Kroozer's slim suggestion. The dll in question lang-1059.dll is identical in both the portable and slim (and regular) installers. This was confirmed, by me just now ;) , via SHA256 hashing, uploading both versions of the file to VirusTotal and a manual look at the two files using WinMerge.

The reason the installer version doesn't flag it is that the dll needs to be compiled before it's apparent to a scanner.

 

To the original poster, while this is likely (as I and others stated) a false positive, as long as you don't need to have ccleaner in Belarusian (language 1059) you can delete the file and all other lang files which you don't need

you can find the language codes https://msdn.microsoft.com/en-us/goglobal/bb964664.aspx

Edited by Nergal
Added stuff

 

ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION

DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF.

Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark)

ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T.

CCLEANER, RECUVA, DEFRAGGLER AND SPECCY DOCUMENTATION CAN BE FOUND AT  https://support.piriform.com/hc/en-us and  https://www.ccleaner.com/docs

Pro users file a PRIORITY SUPPORT request at https://support.piriform.com/hc/en-us/requests/new

link to WINAPP2.INI explanation

Link to comment
Share on other sites

  • Moderators

as you don't need to have ccleaner in Belarusian (language 1059) you can delete the file and all other lang files which you don't need

 

That's why I had to re-download the portable ZIP because I have CCleaner automatically delete all of its own lang DLLs because I've no use for them.

 

Edit:

Had to re-download to get the SHA-1 to look it up on Jotti.

Edited by Andavari
Link to comment
Share on other sites

Many thanks to all of you.

 

I have delete all languages dll, except spanish (although I use original language) and now the size is almost the size of the original zip.

 

I could have realised. Next time I will go to "File detail" in virustotal :-)

 

Anyway, I'm also sure that it's a false positive.

 

Regards,

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.