Jump to content

Latest CCleaner False Positive


Recommended Posts

This is the first time ESET detects CCleaner as malware. I submitted this to ESET as a false positive. Using the portable version by the way.

 

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
29-Apr-20 8:39:25 PM;Real-time file system protection;file;D:\Software\CCleaner\CCleaner64.exe;Suspicious Object;cleaned by deleting;INVADER\Spartan;Event occurred during an attempt to access the file by the application: C:\Windows\explorer.exe (C8F083E4B6C60F7BB30F123DDA1ADC30B821F982).;4627B9C1B8CC3218121CB358042D35B74B7D496E;18-Apr-20 2:54:25 AM
29-Apr-20 8:46:42 PM;Real-time file system protection;file;D:\Spartan\Downloads\ccsetup566\CCleaner.exe;Suspicious Object;cleaned by deleting;INVADER\Spartan;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (31A63BAA82AF84E99EC8433766D045E7B7B705AD).;C6393C2ABEA0C3EDA4771729D092ED013EF8AD88;29-Apr-20 8:24:11 PM
29-Apr-20 8:46:42 PM;Real-time file system protection;file;D:\Spartan\Downloads\ccsetup566\CCleaner64.exe;Suspicious Object;cleaned by deleting;INVADER\Spartan;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (31A63BAA82AF84E99EC8433766D045E7B7B705AD).;4627B9C1B8CC3218121CB358042D35B74B7D496E;29-Apr-20 8:24:11 PM
 

Untitled.png

Link to comment
Share on other sites

What's weird is, if I scan the ZIP File, NOD32 says it's clean but when I extract it, it says CCleaner.exe and CCleaner64.exe are infected! So how come the scan of the ZIP file said it's clean? 🙄

Link to comment
Share on other sites

Same issue. I just submitted a support ticket to Piriform with the ESET log info to have them check on it.

I'm using the pro version of CCleaner. I had no issue until this morning.

Edit to Add: Piriform has apparently notified ESET and several other AV companies that this is a false positive. Need ESET to fix this.

Edited by DebS
Link to comment
Share on other sites

The suspicious object detection would indicate it was an advanced machine learning detection.

When Eset scans an archive, the files within don't yet physically exist on the disk. As such, Eset can't scan the files using advanced hueristics including advanced machine learning. Now when the files are actually extracted from the archive, Eset will employ advanced hueristics/AML upon attempted file creation as indicated by your posted Detection log entries in regards to WinRAR.

Link to comment
Share on other sites

According to the CCleaner forum, the issue has been resolved:

Quote
According to VT, the Eset and McAfee false positive flagging that was there an hour ago has now gone. Hopefully this should be reflected...

Recommended by Dave CCleaner

 

Edited by itman
Link to comment
Share on other sites

Same here. Within the last hour, eset deleted CCleaner Pro and BleachBit, showing the same "suspicious threat" pop-up that Super_Spartan posted above. It now deletes them as soon as they I re-install them. I won't clog the forum up with any details as mine are identical to the above.

Surely a false positive?

Link to comment
Share on other sites

  • Marcos locked this topic
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...