tango Posted February 2, 2017 Share Posted February 2, 2017 I'm downloading from the Piriform website, of course. https://www.piriform.com/ccleaner/download > Download button under CCleaner Free which is a link to > http://download.cnet.com/CCleaner/3000-18512_4-10315544.html?part=dl-&subj=dl&tag=button > Download Now button which attempts to download ccsetup526.exe from > http://files.downloadnow-1.com/s/software/15/68/79/90/ccsetup526.exe?token=1486... at which point McAfee SiteAdvisor says "Whoa! This site may be risky to visit ..." The site report is at > https://www.mcafee.com/threat-intelligence/site/default.aspx?url=http://files.downloadnow-1.com/s/software/15/68/79/90/ccsetup526.exe?token=1486082677_e8076e667c0a9d1553ae632a35ad50dc&fileName=ccsetup526.exe The report gives this a risk level of "High" (their highest level). If I proceed to Save the file anyway, I get a further warning "Woah[sic], that download is dangerous! We found there might be viruses, spyware or other potentially unwanted programs in the file you are trying to download. Filename: ccsetup526.exe. Domain: files.downloadnow-1.com. If I click on "Accept the Risk" and continue, it proceeds to download ccsetup526.exe (8,813,488 bytes) digitally signed by Piriform Ltd. on 21 Dec 2016 (SHA1 and SHA256). A separate scan using McAfee Viruscan of the downloaded file itself did not result in any further warnings, so it's apparently the downloadnow-1.com site that's triggering the warning, and not a detected virus in the file itself. So while it seems like a false positive, I thought I'd post this nonetheless since it's strange to see (I almost never get false positives by McAfee WebAdvisor on downloading executables). Any comments? Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted February 2, 2017 Moderators Share Posted February 2, 2017 Best to download from here https://www.piriform.com/ccleaner/builds Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
System_Error_Message Posted February 2, 2017 Share Posted February 2, 2017 some anti viruses will just warn you when you download an executable file, its normal and they will also scan the downloaded file and check in compressed archives as well. Its just a way of telling you to becareful what you download. Link to comment Share on other sites More sharing options...
Moderators DennisD Posted February 2, 2017 Moderators Share Posted February 2, 2017 Hi Tango, and welcome to the forum. I don't get the sequence of events you outline above. If I press the first link in your post it takes me to the Piriform download page, where after pressing the download button under CCleaner free takes me here ... https://www.piriform.com/ccleaner/download/standard ... where after about 4 seconds the CCleaner download dialogue box appears. There isn't any being passed from one site to another. Please don't construe that as meaning I don't believe that's what happened to you, but there must be some reason why. Have any of you other guys experienced what Tango experienced? I've repeated the process half a dozen times and I can't reproduce it. Something amiss here methinks which maybe should be put right. If other members wouldn't mind trying it to see if they go on that jolly but unwanted jaunt. Link to comment Share on other sites More sharing options...
Moderators mta Posted February 2, 2017 Moderators Share Posted February 2, 2017 tango's provided first link takes me to the download page. I click the green download button in the Free column which goes the the "thank you for downloading CC" page. about 3 seconds later Firefox pops up the "your file is downloading... Save File or Cancel" box. @tango, your AV could just be picking up the free Chrome offers (PUP's?) embedded into CC. Backup now & backup often.It's your digital life - protect it with a backup.Three things are certain; Birth, Death and loss of data. You control the last. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted February 3, 2017 Moderators Share Posted February 3, 2017 (edited) From that Intel McAfee analysis it shows the download site as (purposely put into a codebox to make it non-clickable): downloadnow-1.com It has nothing to do with the official downloads from Piriform. As always download from official software website's when possible to avoid tampering, and illegal re-packaging which could contain malware. Edit: This is what McAfee SiteAdvisor states about Piriform.com (this website), it's all green and good: https://www.siteadvisor.com/sites/piriform.com Edited February 3, 2017 by Andavari Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted February 3, 2017 Moderators Share Posted February 3, 2017 Or to see a site using muliple scanners use urlvoid. Here is Piriform.com (scroll down slightly) http://www.urlvoid.com/scan/piriform.com/ Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
Moderators DennisD Posted February 3, 2017 Moderators Share Posted February 3, 2017 At the risk of my missing something here (highly likely, even probable), I still don't see why pressing the download button here ... https://www.piriform.com/ccleaner/download ... would take Tango to the CNET download page for CCleaner. Which it did, and just for info that link on CNET for CCleaner is blocked by my browser. That's what I'm asking. Regardless of what McAfee says about the link on the CNET page, why was he taken to CNET in the first place? Link to comment Share on other sites More sharing options...
dvdbane Posted February 3, 2017 Share Posted February 3, 2017 i think this is default view for every visitor to download page Link to comment Share on other sites More sharing options...
Moderators DennisD Posted February 3, 2017 Moderators Share Posted February 3, 2017 Thank you for that, I think we're getting somewhere, as this is what I see ... ... which activates the download dialogue box after a few seconds pause. One button, no choices. What do others see? Edit: I'm thinking this could be a location thing. Country specific software/download agreements maybe. Link to comment Share on other sites More sharing options...
login123 Posted February 4, 2017 Share Posted February 4, 2017 Same experience here as in post #4. Tango's first link goes to the real download site. In fact Firefox won't even let me go to the download 1 site, and ublock origin blocks CNET. Could it be that tango's browser is being redirected? Wonder why tango hasn't been back? The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
dvdbane Posted February 4, 2017 Share Posted February 4, 2017 Thank you for that, I think we're getting somewhere, as this is what I see ... ... which activates the download dialogue box after a few seconds pause. One button, no choices. What do others see? Edit: I'm thinking this could be a location thing. Country specific software/download agreements maybe. i get the same one Download button when opening download page using kproxy so i think you're right about the location Link to comment Share on other sites More sharing options...
Moderators DennisD Posted February 5, 2017 Moderators Share Posted February 5, 2017 Mystery solved I think so thanks for your input. I'm almost sure I've come across this country specific thing before but it must've slipped into the farther reaches of the old memory banks. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now