Hostname Posted September 22, 2017 Share Posted September 22, 2017 Hello all, I just wanted to make this very important announcement as soon as possible. Take a look at the picture below. This is the same warning I received when I tried to download CCleaner v5.33, which as everybody knows has now been confirmed infected. PLEASE NOTE: I am NOT saying CCleaner v5.35 is infected. I have no idea if it is infected or not. I am just putting this out there so the creators of CCleaner and its users can be aware of it so that everyone may stay safe and vigilant. I'm going to submit the URL to Bitdefender and when they get back to me I will update this thread. Link to comment Share on other sites More sharing options...
Moderators nukecad Posted September 22, 2017 Moderators Share Posted September 22, 2017 While not saying anything definite one way or another. I suspect that all AV companies are now being very wary about CCleaner, and some may be over cautious until the hoo-ha settles down. Understandable I suppose. Thats the whole point of a waterhole attack like this - get everyone running round and confusing things while you attack the real target. *** Out of Beer Error ->->-> Recovering Memory *** Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043 Link to comment Share on other sites More sharing options...
malika4 Posted September 22, 2017 Share Posted September 22, 2017 But this is The cloud Page? It isn t The piriform Page forse download Link to comment Share on other sites More sharing options...
Hostname Posted September 22, 2017 Author Share Posted September 22, 2017 While not saying anything definite one way or another. I suspect that all AV companies are now being very wary about CCleaner, and some may be over cautious until the hoo-ha settles down. Understandable I suppose. Thats the whole point of a waterhole attack like this - get everyone running round and confusing things while you attack the real target. You make some very good points. But this is The cloud Page? It isn t The piriform Page forse download It is the download link that comes from this page: https://www.piriform.com/ccleaner/download/standard Link to comment Share on other sites More sharing options...
Moderators Andavari Posted September 22, 2017 Moderators Share Posted September 22, 2017 VirusTotal is only flagging it with Eset/Nod because of Google Toolbar that is included with the Standard installer. The Slim installer and Portable ZIP build both come up clean. Link to comment Share on other sites More sharing options...
Hostname Posted September 22, 2017 Author Share Posted September 22, 2017 VirusTotal is only flagging it with Eset/Nod because of Google Toolbar that is included with the Standard installer. The Slim installer and Portable ZIP build both come up clean. Yes, it's weird. I have had Bitdefender block files/URLs on my PC but when I scan those same files/URLs with VirusTotal, Bitdefender reports them as clean. This is precisely why I submitted the URL to Bitdefender as a False Positive. Furthermore, this is not the first time I have submitted a False Positive to them. If it is indeed a False Positive, they will notify me with the results and promptly update their definitions. Note: I have CCleaner v5.34 installed on my PC and a separate laptop and both Bitdefender and Malwarebytes reports them as clean. Link to comment Share on other sites More sharing options...
Moderators nukecad Posted September 22, 2017 Moderators Share Posted September 22, 2017 v5.35 has a new digital signature which should? stop the FPs. *** Out of Beer Error ->->-> Recovering Memory *** Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043 Link to comment Share on other sites More sharing options...
Hostname Posted September 23, 2017 Author Share Posted September 23, 2017 v5.35 has a new digital signature which should? stop the FPs. Hmm, I'm not sure. Good question. Below are two separate VirusTotal scans. VirusToal #1 - hxxps://d1k4dgg08m176h.cloudfront.net/ccsetup535.exe https://www.virustotal.com/#/url/d04051d014f2efc629e29f160f893db8ab6b6416c7c31074173297a7e5fa4aee/detection > Bitdefender detects as malware VirusToal #2 - hxxp://download.piriform.com/ccsetup535.exe https://www.virustotal.com/#/url/d17372ea1f8205acbdf48c7d64cc2a4cce18e977790215e3a08d2a0dac059f13/detection > Bitdefender does not detect as malware. Blueliv detects as malicious, but I've never even heard of them Link to comment Share on other sites More sharing options...
Hostname Posted September 23, 2017 Author Share Posted September 23, 2017 UPDATE: Bitdefender has replied and confirmed on their end that they have found CCleaner v5.35 to be malicious. You can read their response below. Hello, Thank you for reaching us in regards to this matter. The URL was found as malicious and will be blocked as such. Please let me know if there is anything else I may be able to assist you with. My Conclusion: I am still not going to say it is malicious for sure, however Bitdefender was right about v5.33 and I didn't believe them and whitelisted the URL just so I could download it. Luckily, I am running a 64-bit system. However, for this reason, and the fact that Bitdefender has very good detection rates, I'm going to believe what they're telling me and wait until another (clean) version is released before I upgrade. Link to comment Share on other sites More sharing options...
login123 Posted September 24, 2017 Share Posted September 24, 2017 As of 2017-09-24 00:29:04 UTC Bitdefender did not find my copy of ccsetup535.exe to be infected. ESET did flag it for the google toolbar bundled with it. https://www.virustotal.com/en/file/85d5309373cd1713eeb2416b4767c653e96a9e9cef3689dbb8f548cd23494319/analysis/1506212944/ Sha 256 for that file is 85d5309373cd1713eeb2416b4767c653e96a9e9cef3689dbb8f548cd23494319 The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
Hostname Posted September 25, 2017 Author Share Posted September 25, 2017 ★ IMPORTANT UPDATE ★ ★ Bitdefender reverses its previous decision, declares both downloads clean ★ Included below is a quote from the latest Email I have received from Bitdefender concerning this matter. Since our previous email, the URL has reanalyzed and we concluded that it was clean. The detection has been removed. We are sorry for any inconvenience caused by our initial reply. Regarding the download link towards an unaffected version of CCleaner which you have submitted in your other ticket, it has also been unblocked. Please don't hesitate to reach us back, should there be any other information we can assist you with. Therefore, of course this means that after they reanalyzed both files, they came to a different conclusion stating they weren't malicious after all. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now