Jump to content

There is a Trojan within the new version of CCleaner [false positive]

RicardodeMiranda
 Share

Recommended Posts

  • Moderators
nukecad

nukecad

Posted
  • Moderators
Posted

Every software that releases a new version gets one or two AV's not recognising the new version at first

It happens because they 'see' something different than they expect from that software and so are not sure if it's real or a fake.
Once the AV company gets it's finger out and updates their listing all is well again.

I've submitted ccsetup565.exe to a VirusTotal check and all 67 AV engines that responded say that it's clean - including Kaspersky
https://www.virustotal.com/gui/file/810d4b0d8f4171b13f6d5a4c5c6c5e33209af7af6c378a2218007caae12dc2d6/detection

*** Out of Beer Error ->->-> Recovering Memory ***

Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:
https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043

 

Link to comment
Share on other sites
RicardodeMiranda

RicardodeMiranda

Posted
  • Author
Posted
11 hours ago, TwistedMetal said:

It's a false positive. There is no actual virus. It happens with every new release.

TwistedMetal, thank you for your answer. But it happened for me for the first time. Maybe it may be a virus. 😉

I really need a solution, because I won't disable my anti-virus in order to install a dangerous software.

Thanks

Link to comment
Share on other sites
RicardodeMiranda

RicardodeMiranda

Posted
  • Author
Posted
1 hour ago, nukecad said:

Every software that releases a new version gets one or two AV's not recognising the new version at first

It happens because they 'see' something different than they expect from that software and so are not sure if it's real or a fake.
Once the AV company gets it's finger out and updates their listing all is well again.

I've submitted ccsetup565.exe to a VirusTotal check and all 67 AV engines that responded say that it's clean - including Kaspersky
https://www.virustotal.com/gui/file/810d4b0d8f4171b13f6d5a4c5c6c5e33209af7af6c378a2218007caae12dc2d6/detection

nukecad, thank you for your answer.

But I have been using CCleaner Professional for years. And it happened for the first time.

And also PAY CLOSE ATTENTION to the screenshot I took. 😉 You've submitted a DIFFERENT FILE (ccsetup565.exe). That IS NOT the file Kaspersky Internet Security has detected. 😉 There is a virus inside this file ccupdate5.65.7632.exe.

If you can submitted the correct file, I would be very thankful, because my anti-virus can't allow me to download it and even install it.

Thanks for your answer.

Link to comment
Share on other sites
  • Moderators
hazelnut

hazelnut

Posted
  • Moderators
Posted

When you click on the VirusTotal link in nukead's post above and get to the site, click on where it says Details.

Scroll down a bit and you will see that it mentions 5.65.7632.exe and ccsetup565.exe. They are one and the same.

The temp file ccupdate you have highlighted by Kaspersky on your machine is just where the setup file gets unpacked to a temp area for installing.

Please do not be concerned.

If it still is bothering your peace of mind contact Kaspersky who will give you some info about this.

 

Support contact

https://support.ccleaner.com/s/contact-form?language=en_US&form=general

or

support@ccleaner.com

 

Link to comment
Share on other sites
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted

You can always wait a few days since that gives antivirus vendors time to update their detection (usually 48-72 hours) - and it also affords you a time-gap if a new version has other issues such as being buggy.

Link to comment
Share on other sites
  • Moderators
nukecad

nukecad

Posted
  • Moderators
Posted

The file that Riacrdo is talking about is not the CCleaner installer. (Sorry, I'd missed that).
It appears to be the 'Emergency Updater'?

But that doesn't usually have the version number, just 'ccupdate.exe', and the pathname in the screenshot looks odd.
ccupdate.exe also shows as clean on VT:
https://www.virustotal.com/gui/file/6c997590da9a900e09fb0e0f469ed09c07199e461661d0346f9dd431f9534b26/detection

@RicardodeMiranda

Does the file "C:\Program Files\CCleaner\temp_ccupdate\ccupdate5.65.7632.exe" actually exist on your computer?
Does the folder "temp_ccupdate" even exist?
(or is it only in Kaspersky that you saw it?).

Can you tell us where you downloaded CCleaner v5.65 from?

 

*** Out of Beer Error ->->-> Recovering Memory ***

Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:
https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043

 

Link to comment
Share on other sites
RicardodeMiranda

RicardodeMiranda

Posted
  • Author
Posted
3 hours ago, Andavari said:

You can always wait a few days since that gives antivirus vendors time to update their detection (usually 48-72 hours) - and it also affords you a time-gap if a new version has other issues such as being buggy.

Andavari, thank you so much! It happened in this morning.

Thanks to everyone. 

Link to comment
Share on other sites
RicardodeMiranda

RicardodeMiranda

Posted
  • Author
Posted
2 hours ago, nukecad said:

The file that Riacrdo is talking about is not the CCleaner installer. (Sorry, I'd missed that).
It appears to be the 'Emergency Updater'?

But that doesn't usually have the version number, just 'ccupdate.exe', and the pathname in the screenshot looks odd.
ccupdate.exe also shows as clean on VT:
https://www.virustotal.com/gui/file/6c997590da9a900e09fb0e0f469ed09c07199e461661d0346f9dd431f9534b26/detection

@RicardodeMiranda

Does the file "C:\Program Files\CCleaner\temp_ccupdate\ccupdate5.65.7632.exe" actually exist on your computer?
Does the folder "temp_ccupdate" even exist?
(or is it only in Kaspersky that you saw it?).

Can you tell us where you downloaded CCleaner v5.65 from?

 

nukecad, thank you very much!

Because I bought CCleaner Professional I just need to click on right bottom corner where there is a link called Check for updates (please see the new screenshot I've taken and attached below).

And right after that a window appears and it downloads and installs the new version on my laptop.  Could you get it?

But yesterday my anti-virus used to "cancel" that downloading process, you know? It used to show me a notification (a file deleted), because it used to identify a dangerous file, you know?

However in today morning I tried once more... and then... finally, my anti-virus allowed to download and install.

Thank you so much, guys!

Now everything is OK.

CCleaner_CheckforUpdates.png

Link to comment
Share on other sites
  • Moderators
nukecad

nukecad

Posted
  • Moderators
Posted

So it was just the AV taking time to catch up with it's definitions then.

Good to hear that it's ok now.

*** Out of Beer Error ->->-> Recovering Memory ***

Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:
https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043

 

Link to comment
Share on other sites
  • 3 weeks later...
RicardodeMiranda

RicardodeMiranda

Posted
  • Author
Posted
On 25/03/2020 at 10:10, hazelnut said:

When you click on the VirusTotal link in nukead's post above and get to the site, click on where it says Details.

Scroll down a bit and you will see that it mentions 5.65.7632.exe and ccsetup565.exe. They are one and the same.

The temp file ccupdate you have highlighted by Kaspersky on your machine is just where the setup file gets unpacked to a temp area for installing.

Please do not be concerned.

If it still is bothering your peace of mind contact Kaspersky who will give you some info about this.

 

On 25/03/2020 at 10:10, hazelnut said:

When you click on the VirusTotal link in nukead's post above and get to the site, click on where it says Details.

Scroll down a bit and you will see that it mentions 5.65.7632.exe and ccsetup565.exe. They are one and the same.

The temp file ccupdate you have highlighted by Kaspersky on your machine is just where the setup file gets unpacked to a temp area for installing.

Please do not be concerned.

If it still is bothering your peace of mind contact Kaspersky who will give you some info about this.

Thank you so much for your answer, hazelnut! :)

Link to comment
Share on other sites
RicardodeMiranda

RicardodeMiranda

Posted
  • Author
Posted
On 25/03/2020 at 10:55, nukecad said:

The file that Riacrdo is talking about is not the CCleaner installer. (Sorry, I'd missed that).
It appears to be the 'Emergency Updater'?

But that doesn't usually have the version number, just 'ccupdate.exe', and the pathname in the screenshot looks odd.
ccupdate.exe also shows as clean on VT:
https://www.virustotal.com/gui/file/6c997590da9a900e09fb0e0f469ed09c07199e461661d0346f9dd431f9534b26/detection

@RicardodeMiranda

Does the file "C:\Program Files\CCleaner\temp_ccupdate\ccupdate5.65.7632.exe" actually exist on your computer?
Does the folder "temp_ccupdate" even exist?
(or is it only in Kaspersky that you saw it?).

Can you tell us where you downloaded CCleaner v5.65 from?

 

Thank you for your reply, nukecad.

It has been resolved.

No, this is just a temp folder, you know?

I just need to click on this link (attached file) in order to ask CCleaner to download and install the new software for me.

CCleaner_Update.png

Link to comment
Share on other sites
  • Dave CCleaner changed the title to There is a Trojan within the new version of CCleaner [false positive]

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept