Jump to content

False positive ?


Recommended Posts

But it is  eset deletes it has done several times today , i wouldn't of bothered reporting it otherwise, i have better things to do , i wont bother in future

 

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
29/04/2020 18:24:59;Real-time file system protection;file;C:\Program Files\CCleaner\CCleaner64.exe;Suspicious Object;cleaned by deleting;Asus-PC\Admin;Event occurred on a new file created by the application: E:\INSTALLERS\ccsetup566_slim.exe (B1B114E4D59BE9136EEB46A4C4F057442E7415F7).;4627B9C1B8CC3218121CB358042D35B74B7D496E;27/04/2020 13:07:50

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
29/04/2020 16:08:52;Real-time file system protection;file;C:\Program Files\CCleaner\CCleaner.exe;a variant of Generik.BERVPHT trojan;cleaned by deleting;Asus-PC\Admin;Event occurred on a file modified by the application: E:\INSTALLERS\ccsetup566_slim.exe (B1B114E4D59BE9136EEB46A4C4F057442E7415F7).;C6393C2ABEA0C3EDA4771729D092ED013EF8AD88;27/04/2020 13:07:46

 

Edited by tommy456
Link to comment
Share on other sites

According to the CCleaner forum, the issue has been resolved:

Quote
According to VT, the Eset and McAfee false positive flagging that was there an hour ago has now gone. Hopefully this should be reflected...

Recommended by Dave CCleaner

 

Edited by itman
Link to comment
Share on other sites

  • Administrators

Should not be detected now:

Log
Scanned disks, folders and files: C:\!test
C:\!test\CCleaner.exe » EMB » Resource[296][0] - is OK
C:\!test\CCleaner64.exe » EMB » Resource[296][0] - is OK

However, we indeed partly detected CCleaner as a potentially unsafe application. This detection is disabled by default.

Link to comment
Share on other sites

28 minutes ago, Marcos said:

Should not be detected now:

Log
Scanned disks, folders and files: C:\!test
C:\!test\CCleaner.exe » EMB » Resource[296][0] - is OK
C:\!test\CCleaner64.exe » EMB » Resource[296][0] - is OK

However, we indeed partly detected CCleaner as a potentially unsafe application. This detection is disabled by default.

I updated my virus signature and it's still being detected

 

Detection Engine: 21247 (20200429)
Rapid Response module: 16159 (20200429)
Update module: 1021 (20200218)
Antivirus and antispyware scanner module: 1561 (20200326)
Advanced heuristics module: 1198 (20200316)
Archive support module: 1301 (20200403)
Cleaner module: 1208 (20200319)
Anti-Stealth support module: 1161 (20200306)
ESET SysInspector module: 1276 (20200217)
Translation support module: 1796 (20200421)
HIPS support module: 1388 (20200331)
Internet protection module: 1395 (20200331)
Database module: 1110 (20190827)
Configuration module (39): 1866 (20200401)
LiveGrid communication module: 1061 (20200402)
Specialized cleaner module: 1014 (20200129)
Rootkit detection and cleaning module: 1019 (20170825)
Network protection module: 1682 (20190801)
Script scanner module: 1070 (20200406)
Cryptographic protocol support module: 1042 (20200227)
Deep behavioral inspection support module: 1091 (20200211)
Advanced Machine Learning module: 1058 (20200401)
Telemetry module: 1059 (20200204)
Security Center integration module: 1020.1 (20200313)

 

Link to comment
Share on other sites

  • Administrators

Do you have LiveGrid enabled? Did you scan the files not more than a few minutes ago? If you reboot the machine and re-scan the files, are they still detected as Suspicious object? If so, could you provide SHA1 of the detected files to make sure they are same as those that I have?

Link to comment
Share on other sites

2 hours ago, Piano said:

I had the same report this afternoon. Using CCleaner 5.66.

[KB3503] Special detections?

Just had something pop up from ESET and it deleted my CCleaner. Something about Live Grid.  Um... what?

Sorry, I'm a military guy and have no idea what any of this means exactly. I just know I want to be able to run CC cleaner without ESET automatically deleting it from my PC without my permission. 

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
4/29/2020 2:02:40 PM;Startup scanner;file;c:\program files\ccleaner\ccleaner.exe;Suspicious Object;cleaned by deleting;;;C6393C2ABEA0C3EDA4771729D092ED013EF8AD88;4/27/2020 7:07:46 AM


4/29/2020 2:02:42 PM;Startup scanner;file;c:\program files\ccleaner\ccleaner64.exe;Suspicious Object;cleaned by deleting;;;4627B9C1B8CC3218121CB358042D35B74B7D496E;4/27/2020 7:07:50 AM
 

 

Edited by Casca_Longinus
Link to comment
Share on other sites

mine just got deleted because of live grid though the log points to the start up scanner

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
29/04/2020 19:59:53;Startup scanner;file;c:\program files\ccleaner\ccleaner64.exe;Suspicious Object;cleaned by deleting;;;4627B9C1B8CC3218121CB358042D35B74B7D496E;27/04/2020 13:07:50

 

Link to comment
Share on other sites

  • Administrators
10 minutes ago, tommy456 said:

mine just got deleted because of live grid though the log points to the start up scanner

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
29/04/2020 19:59:53;Startup scanner;file;c:\program files\ccleaner\ccleaner64.exe;Suspicious Object;cleaned by deleting;;;4627B9C1B8CC3218121CB358042D35B74B7D496E;27/04/2020 13:07:50

 

That's really strange, 19:59 is your local time which I assume is GMT+1, ie. 20:59 CEST. I scanned the files at 20:13 CEST.

If you download the CloudCar test file, is it detected as Suspicious object? http://amtso.eicar.org/cloudcar.exe

Link to comment
Share on other sites

  • Administrators
1 minute ago, MidoseitoAkage said:

Now I can't install ccleaner anymore. Like he detect as a suspicious object for not reason. Do something,

It was unblocked about 2 hours ago. Is the test file CloudCar on the link above detected?

Link to comment
Share on other sites

1 hour ago, Marcos said:

Do you have LiveGrid enabled? Did you scan the files not more than a few minutes ago? If you reboot the machine and re-scan the files, are they still detected as Suspicious object? If so, could you provide SHA1 of the detected files to make sure they are same as those that I have?

I have LiveGrid enabled, it's fine now after a reboot. Thanks.

Link to comment
Share on other sites

  • Most Valued Members
15 hours ago, Marcos said:

Should not be detected now:

Log
Scanned disks, folders and files: C:\!test
C:\!test\CCleaner.exe » EMB » Resource[296][0] - is OK
C:\!test\CCleaner64.exe » EMB » Resource[296][0] - is OK

However, we indeed partly detected CCleaner as a potentially unsafe application. This detection is disabled by default.

I don't use Ccleaner anymore due to past issues and privacy concerns however I noticed on their forum one of the mods mentions it shouldn't be classed as a PUA anymore as for over a year it has stopped adding I believe they said it was a Google toolbar.

Not sure if this is true, if that was the only thing that classed it as a PUA

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...