Super_Spartan 56 Posted April 29, 2020 Posted April 29, 2020 This is the first time ESET detects CCleaner as malware. I submitted this to ESET as a false positive. Using the portable version by the way. Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 29-Apr-20 8:39:25 PM;Real-time file system protection;file;D:\Software\CCleaner\CCleaner64.exe;Suspicious Object;cleaned by deleting;INVADER\Spartan;Event occurred during an attempt to access the file by the application: C:\Windows\explorer.exe (C8F083E4B6C60F7BB30F123DDA1ADC30B821F982).;4627B9C1B8CC3218121CB358042D35B74B7D496E;18-Apr-20 2:54:25 AM 29-Apr-20 8:46:42 PM;Real-time file system protection;file;D:\Spartan\Downloads\ccsetup566\CCleaner.exe;Suspicious Object;cleaned by deleting;INVADER\Spartan;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (31A63BAA82AF84E99EC8433766D045E7B7B705AD).;C6393C2ABEA0C3EDA4771729D092ED013EF8AD88;29-Apr-20 8:24:11 PM 29-Apr-20 8:46:42 PM;Real-time file system protection;file;D:\Spartan\Downloads\ccsetup566\CCleaner64.exe;Suspicious Object;cleaned by deleting;INVADER\Spartan;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (31A63BAA82AF84E99EC8433766D045E7B7B705AD).;4627B9C1B8CC3218121CB358042D35B74B7D496E;29-Apr-20 8:24:11 PM
maaadinsomniac 0 Posted April 29, 2020 Posted April 29, 2020 Same here, my CCleaner was detected as Suspicious Object and ESET deleted whole stuff, rest in peace my Pro license.
Super_Spartan 56 Posted April 29, 2020 Author Posted April 29, 2020 What's weird is, if I scan the ZIP File, NOD32 says it's clean but when I extract it, it says CCleaner.exe and CCleaner64.exe are infected! So how come the scan of the ZIP file said it's clean? 🙄
DebS 0 Posted April 29, 2020 Posted April 29, 2020 (edited) Same issue. I just submitted a support ticket to Piriform with the ESET log info to have them check on it. I'm using the pro version of CCleaner. I had no issue until this morning. Edit to Add: Piriform has apparently notified ESET and several other AV companies that this is a false positive. Need ESET to fix this. Edited April 29, 2020 by DebS
itman 1,801 Posted April 29, 2020 Posted April 29, 2020 The suspicious object detection would indicate it was an advanced machine learning detection. When Eset scans an archive, the files within don't yet physically exist on the disk. As such, Eset can't scan the files using advanced hueristics including advanced machine learning. Now when the files are actually extracted from the archive, Eset will employ advanced hueristics/AML upon attempted file creation as indicated by your posted Detection log entries in regards to WinRAR. Super_Spartan 1
itman 1,801 Posted April 29, 2020 Posted April 29, 2020 (edited) According to the CCleaner forum, the issue has been resolved: Quote According to VT, the Eset and McAfee false positive flagging that was there an hour ago has now gone. Hopefully this should be reflected... Recommended by Dave CCleaner Edited April 29, 2020 by itman
MikeyOT 0 Posted April 29, 2020 Posted April 29, 2020 Same here. Within the last hour, eset deleted CCleaner Pro and BleachBit, showing the same "suspicious threat" pop-up that Super_Spartan posted above. It now deletes them as soon as they I re-install them. I won't clog the forum up with any details as mine are identical to the above. Surely a false positive?
Administrators Marcos 5,451 Posted April 29, 2020 Administrators Posted April 29, 2020 There's another topic on this subject here: https://forum.eset.com/topic/23427-false-positive In order to keep the discussion at one place, we'll draw this topic to a close.
Recommended Posts