Jump to content
CCleaner Community Forums
RicardodeMiranda

There is a Trojan within the new version of CCleaner [false positive]

Recommended Posts

A Trojan has been found out on CCleaner Installer v5.65.

Please help me.

My Kaspersky Internet Security has deleted this dangerous file.

I'm waiting for a solution please.

Thanks in advance.

Ricardo

CCleaner_Trojan_20200324.png

Share this post


Link to post
Share on other sites

It's a false positive. There is no actual virus. It happens with every new release.

Share this post


Link to post
Share on other sites

Every software that releases a new version gets one or two AV's not recognising the new version at first

It happens because they 'see' something different than they expect from that software and so are not sure if it's real or a fake.
Once the AV company gets it's finger out and updates their listing all is well again.

I've submitted ccsetup565.exe to a VirusTotal check and all 67 AV engines that responded say that it's clean - including Kaspersky
https://www.virustotal.com/gui/file/810d4b0d8f4171b13f6d5a4c5c6c5e33209af7af6c378a2218007caae12dc2d6/detection

Share this post


Link to post
Share on other sites
11 hours ago, TwistedMetal said:

It's a false positive. There is no actual virus. It happens with every new release.

TwistedMetal, thank you for your answer. But it happened for me for the first time. Maybe it may be a virus.¬†ūüėČ

I really need a solution, because I won't disable my anti-virus in order to install a dangerous software.

Thanks

Share this post


Link to post
Share on other sites
1 hour ago, nukecad said:

Every software that releases a new version gets one or two AV's not recognising the new version at first

It happens because they 'see' something different than they expect from that software and so are not sure if it's real or a fake.
Once the AV company gets it's finger out and updates their listing all is well again.

I've submitted ccsetup565.exe to a VirusTotal check and all 67 AV engines that responded say that it's clean - including Kaspersky
https://www.virustotal.com/gui/file/810d4b0d8f4171b13f6d5a4c5c6c5e33209af7af6c378a2218007caae12dc2d6/detection

nukecad, thank you for your answer.

But I have been using CCleaner Professional for years. And it happened for the first time.

And also PAY CLOSE ATTENTION to the screenshot I took.¬†ūüėȬ†You've submitted a DIFFERENT FILE (ccsetup565.exe). That IS NOT¬†the file Kaspersky Internet Security has detected.¬†ūüėȬ†There is a virus inside this file ccupdate5.65.7632.exe.

If you can submitted the correct file, I would be very thankful, because my anti-virus can't allow me to download it and even install it.

Thanks for your answer.

Share this post


Link to post
Share on other sites

When you click on the VirusTotal link in nukead's post above and get to the site, click on where it says Details.

Scroll down a bit and you will see that it mentions 5.65.7632.exe and ccsetup565.exe. They are one and the same.

The temp file ccupdate you have highlighted by Kaspersky on your machine is just where the setup file gets unpacked to a temp area for installing.

Please do not be concerned.

If it still is bothering your peace of mind contact Kaspersky who will give you some info about this.

Share this post


Link to post
Share on other sites

You can always wait a few days since that gives antivirus vendors time to update their detection (usually 48-72 hours) - and it also affords you a time-gap if a new version has other issues such as being buggy.

Share this post


Link to post
Share on other sites

The file that Riacrdo is talking about is not the CCleaner installer. (Sorry, I'd missed that).
It appears to be the 'Emergency Updater'?

But that doesn't usually have the version number, just 'ccupdate.exe', and the pathname in the screenshot looks odd.
ccupdate.exe also shows as clean on VT:
https://www.virustotal.com/gui/file/6c997590da9a900e09fb0e0f469ed09c07199e461661d0346f9dd431f9534b26/detection

@RicardodeMiranda

Does the file "C:\Program Files\CCleaner\temp_ccupdate\ccupdate5.65.7632.exe" actually exist on your computer?
Does the folder "temp_ccupdate" even exist?
(or is it only in Kaspersky that you saw it?).

Can you tell us where you downloaded CCleaner v5.65 from?

 

Share this post


Link to post
Share on other sites
3 hours ago, Andavari said:

You can always wait a few days since that gives antivirus vendors time to update their detection (usually 48-72 hours) - and it also affords you a time-gap if a new version has other issues such as being buggy.

Andavari, thank you so much! It happened in this morning.

Thanks to everyone. 

Share this post


Link to post
Share on other sites
2 hours ago, nukecad said:

The file that Riacrdo is talking about is not the CCleaner installer. (Sorry, I'd missed that).
It appears to be the 'Emergency Updater'?

But that doesn't usually have the version number, just 'ccupdate.exe', and the pathname in the screenshot looks odd.
ccupdate.exe also shows as clean on VT:
https://www.virustotal.com/gui/file/6c997590da9a900e09fb0e0f469ed09c07199e461661d0346f9dd431f9534b26/detection

@RicardodeMiranda

Does the file "C:\Program Files\CCleaner\temp_ccupdate\ccupdate5.65.7632.exe" actually exist on your computer?
Does the folder "temp_ccupdate" even exist?
(or is it only in Kaspersky that you saw it?).

Can you tell us where you downloaded CCleaner v5.65 from?

 

nukecad, thank you very much!

Because I bought CCleaner Professional I just need to click on right bottom corner where there is a link called Check for updates (please see the new screenshot I've taken and attached below).

And right after that a window appears and it downloads and installs the new version on my laptop.  Could you get it?

But yesterday my anti-virus used to "cancel" that downloading process, you know? It used to show me a notification (a file deleted), because it used to identify a dangerous file, you know?

However in today morning I tried once more... and then... finally, my anti-virus allowed to download and install.

Thank you so much, guys!

Now everything is OK.

CCleaner_CheckforUpdates.png

Share this post


Link to post
Share on other sites

So it was just the AV taking time to catch up with it's definitions then.

Good to hear that it's ok now.

Share this post


Link to post
Share on other sites
On 25/03/2020 at 10:10, hazelnut said:

When you click on the VirusTotal link in nukead's post above and get to the site, click on where it says Details.

Scroll down a bit and you will see that it mentions 5.65.7632.exe and ccsetup565.exe. They are one and the same.

The temp file ccupdate you have highlighted by Kaspersky on your machine is just where the setup file gets unpacked to a temp area for installing.

Please do not be concerned.

If it still is bothering your peace of mind contact Kaspersky who will give you some info about this.

 

On 25/03/2020 at 10:10, hazelnut said:

When you click on the VirusTotal link in nukead's post above and get to the site, click on where it says Details.

Scroll down a bit and you will see that it mentions 5.65.7632.exe and ccsetup565.exe. They are one and the same.

The temp file ccupdate you have highlighted by Kaspersky on your machine is just where the setup file gets unpacked to a temp area for installing.

Please do not be concerned.

If it still is bothering your peace of mind contact Kaspersky who will give you some info about this.

Thank you so much for your answer, hazelnut! :)

Share this post


Link to post
Share on other sites
On 25/03/2020 at 10:55, nukecad said:

The file that Riacrdo is talking about is not the CCleaner installer. (Sorry, I'd missed that).
It appears to be the 'Emergency Updater'?

But that doesn't usually have the version number, just 'ccupdate.exe', and the pathname in the screenshot looks odd.
ccupdate.exe also shows as clean on VT:
https://www.virustotal.com/gui/file/6c997590da9a900e09fb0e0f469ed09c07199e461661d0346f9dd431f9534b26/detection

@RicardodeMiranda

Does the file "C:\Program Files\CCleaner\temp_ccupdate\ccupdate5.65.7632.exe" actually exist on your computer?
Does the folder "temp_ccupdate" even exist?
(or is it only in Kaspersky that you saw it?).

Can you tell us where you downloaded CCleaner v5.65 from?

 

Thank you for your reply, nukecad.

It has been resolved.

No, this is just a temp folder, you know?

I just need to click on this link (attached file) in order to ask CCleaner to download and install the new software for me.

CCleaner_Update.png

Share this post


Link to post
Share on other sites
On 25/03/2020 at 14:45, nukecad said:

So it was just the AV taking time to catch up with it's definitions then.

Good to hear that it's ok now.

Thank you so much, nukecad! :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...