HerbEppel Posted December 3, 2019 Share Posted December 3, 2019 I recently renewed my CCleaner license and was surprised to find that Malwarebytes detected Adware.FusionCore in the CCleaner update exe file – see attachment. For background see https://blog.malwarebytes.com/detections/adware-fusioncore/ I realize malware aspects has been discussed, so apologies if this specific issue has already been addressed, but I couldn't find it in the forum archive. Herbert Eppel (Link removed - Nukecad). Link to comment Share on other sites More sharing options...
Moderators nukecad Posted December 3, 2019 Moderators Share Posted December 3, 2019 I see that you have MB4 Premium, and it says v4.0.4. (Although it looks slightly different from normal there). I've never had Malwarebytes flag the CCleaner installer. I do know that Malwarebytes regularly review their detection methods so I made sure that my MB4 was up to date, there was an update which required a restart of MB4. Then I downloaded a new CCleaner installer and checked - a right-click 'Scan with Mawarebytes' of the ccsetup563.exe reported it as clean. As the link you gave says, FusionCore detections are not malicious, they are PUPs - Potentially Unwanted Programs - specifically bundled software in an installer. In the case of CCleaner that would be the bundled offer in the Standard installer. However I'm not sure that detection is the CCleaner installer at all, the pathname looks odd. To start with the pathname in the detection is all uppercase? ('Windows\Temp\' is usually mixed case). And I'd expext the CCleaner installer to be in your Downloads folder. We can only see the start of the path there, could you tell us the name of the target file at the end of the path? (or even the full path). *** Out of Beer Error ->->-> Recovering Memory *** Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043 Link to comment Share on other sites More sharing options...
HerbEppel Posted December 3, 2019 Author Share Posted December 3, 2019 Thanks for your quick, comprehensive and helpful reply Unfortunately Malwarebytes doesn't seem to allow copying of path names, and I'm having trouble with my OCR software at present, so here is a screenshot. Herbert Eppel (Link removed - Nukecad). Link to comment Share on other sites More sharing options...
Admin Dave CCleaner Posted December 3, 2019 Admin Share Posted December 3, 2019 Assuming that filename is the MD5 hash then https://www.virustotal.com/gui/file/fa2d7d3123a488949ab5ed5991c2caa2. Which does indeed flag for FusionCore ... but is also FileZilla not CCleaner Piriform Homepage - [CCleaner - CCleaner Mac - CCleaner Android - CCleaner Browser - Recuva - Speccy - Kamo] - Product Support Looking for your licence key, expiry date or download link? Check here first: https://www.ccleaner.com/support/license-lookup To find out how we protect your privacy - read CCleaner's Data Factsheet. What's new? Check the latest CCleaner for Windows release notes. Link to comment Share on other sites More sharing options...
HerbEppel Posted December 3, 2019 Author Share Posted December 3, 2019 Thanks for your reply, but I'm afraid I don't get it, sorry. Not sure what MD5 hash is, but I assumed the CC-Updates folder in the path name I sent points to CCleaner as the 'culprit', no? And in any case, that particular FileZilla setup file isn't present on my system. Herbert Eppel (Link removed - Nukecad). Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted December 3, 2019 Moderators Share Posted December 3, 2019 When I first looked at original post I thought it was a creative cloud update. It's odd. Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
Moderators nukecad Posted December 3, 2019 Moderators Share Posted December 3, 2019 Which CCleaner version are you using? (PS. I don't even have a CC-updates folder in Windows\temp, but that could be a version thing). If you are still in doubt then I would suggest that you join the Malwarebytes forum and ask one of their experts to take a look at your computer for you. It's free and they will have a good look for anything odd/wrong and help you put it right. You don't need to be infected, and you don't need to have a Malwarebytes licence to get their help on the forum. They are happy to check the computer of anyone who ask them to. Start by following the instructions here: https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ To expand on what I said about your screenshot looking odd - There are no Notification, Settings, or Help icons top right, the clouds on the background look different to the normal MB4 background, and my scan results windows don't look like that, although admitted I've yet to have a detection on a MB4 Threat scan so it may just be GUI differences. *** Out of Beer Error ->->-> Recovering Memory *** Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043 Link to comment Share on other sites More sharing options...
Moderators Nergal Posted December 3, 2019 Moderators Share Posted December 3, 2019 3 hours ago, hazelnut said: When I first looked at original post I thought it was a creative cloud update. It's odd. Are we sure this is ccleaner? It seems like we're all reacting to the cc in the file name but this could be any number of things. i've never seen the ccleaner installer create a hash named file in temp, but I could be wrong. ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
Moderators nukecad Posted December 3, 2019 Moderators Share Posted December 3, 2019 3 minutes ago, Nergal said: Are we sure this is ccleaner? It seems like we're all reacting to the cc in the file name but this could be any number of things. i've never seen the ccleaner installer create a hash named file in temp, but I could be wrong. Indeed not, it just seems all too odd and may well be something else trying to disguise itself. Which is why I suggested that he gets the Malwarebytes removal experts to take a look at his system. *** Out of Beer Error ->->-> Recovering Memory *** Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043 Link to comment Share on other sites More sharing options...
Moderators nukecad Posted December 3, 2019 Moderators Share Posted December 3, 2019 @HerbEppel - Advertising links in your signature are not allowed by forum rules, (Rule 6:VI).https://forum.piriform.com/announcement/15-forum-rules/ I've removed those that you already posted, please don't post any more. *** Out of Beer Error ->->-> Recovering Memory *** Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043 Link to comment Share on other sites More sharing options...
cbaumer0628 Posted December 4, 2019 Share Posted December 4, 2019 19 hours ago, HerbEppel said: Thanks for your quick, comprehensive and helpful reply Unfortunately Malwarebytes doesn't seem to allow copying of path names, and I'm having trouble with my OCR software at present, so here is a screenshot. Herbert Eppel (Link removed - Nukecad). Doing a search on the path, C:\Windows\Temp\CC-Updates\UPDATE-FA2D7D3123A488949AB5ED5991C2CAA2.EXE I concur with hazelnut that the "CC" in the path refers to Adobe's Creative Cloud software and NOT Ccleaner. Link to comment Share on other sites More sharing options...
HerbEppel Posted December 4, 2019 Author Share Posted December 4, 2019 First, thanks for all the messages and for your time looking into this, and profuse apologies for wasting your time if it turns out to be a red herring I simply assumed that "CC" in the path referred to CCleaner because the 'incident' happened shortly after I had renewed my CCleaner license. A further (on reflection probably incorrect) assumption was that CCleaner had performed an update as part of the license update process, but it just dawned on me that I probably already had the latest CCleaner version installed, in which case there would have been no update. As for Adobe, I wasn't aware that I have any Creative Cloud products installed, but another penny has just dropped in the sense that, shortly after renewing my CCleaner license I discovered CCleaner's interesting and useful Software Updater function and used for the first time. One of the products that was updated during the process was Adobe Digital Editions, which now leads me to the conclusion that this may well be what the "CC" in the path refers to! Oh well, I for one certainly found this discussion 'educational', and I sure hope that I won't make the same mistakes/incorrect assumptions again in the future Before I sign off, I would be interested to know how you (cbaumer0628) managed to convert the path from my screenshot to text – do you have some clever on-the-fly OCR software installed on your device? As it happens, I just asked about this in another group yesterday, in view of the fact that my ABBYY ScreenshotReader installation appears to have become corrupted on my Windows 10 PC Once again, many thanks for your time and patience. Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted December 4, 2019 Moderators Share Posted December 4, 2019 Okay so now we know that the CC in this topic refers to Adobe Creative Cloud and not CCleaner. As to the text conversion, I did the same when searching.... just type it out manually from the screenshot. Should you have anymore comments about screenshots etc please open a new thread. I shall lock this thread now. Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
Recommended Posts