Jump to content

Recommended Posts

Posted

This is the first time ESET detects CCleaner as malware. I submitted this to ESET as a false positive. Using the portable version by the way.

 

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
29-Apr-20 8:39:25 PM;Real-time file system protection;file;D:\Software\CCleaner\CCleaner64.exe;Suspicious Object;cleaned by deleting;INVADER\Spartan;Event occurred during an attempt to access the file by the application: C:\Windows\explorer.exe (C8F083E4B6C60F7BB30F123DDA1ADC30B821F982).;4627B9C1B8CC3218121CB358042D35B74B7D496E;18-Apr-20 2:54:25 AM
29-Apr-20 8:46:42 PM;Real-time file system protection;file;D:\Spartan\Downloads\ccsetup566\CCleaner.exe;Suspicious Object;cleaned by deleting;INVADER\Spartan;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (31A63BAA82AF84E99EC8433766D045E7B7B705AD).;C6393C2ABEA0C3EDA4771729D092ED013EF8AD88;29-Apr-20 8:24:11 PM
29-Apr-20 8:46:42 PM;Real-time file system protection;file;D:\Spartan\Downloads\ccsetup566\CCleaner64.exe;Suspicious Object;cleaned by deleting;INVADER\Spartan;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (31A63BAA82AF84E99EC8433766D045E7B7B705AD).;4627B9C1B8CC3218121CB358042D35B74B7D496E;29-Apr-20 8:24:11 PM
 

Untitled.png

Posted

Same here, my CCleaner was detected as Suspicious Object and ESET deleted whole stuff, rest in peace my Pro license.

Posted

What's weird is, if I scan the ZIP File, NOD32 says it's clean but when I extract it, it says CCleaner.exe and CCleaner64.exe are infected! So how come the scan of the ZIP file said it's clean? 🙄

Posted (edited)

Same issue. I just submitted a support ticket to Piriform with the ESET log info to have them check on it.

I'm using the pro version of CCleaner. I had no issue until this morning.

Edit to Add: Piriform has apparently notified ESET and several other AV companies that this is a false positive. Need ESET to fix this.

Edited by DebS
Posted

The suspicious object detection would indicate it was an advanced machine learning detection.

When Eset scans an archive, the files within don't yet physically exist on the disk. As such, Eset can't scan the files using advanced hueristics including advanced machine learning. Now when the files are actually extracted from the archive, Eset will employ advanced hueristics/AML upon attempted file creation as indicated by your posted Detection log entries in regards to WinRAR.

Posted (edited)

According to the CCleaner forum, the issue has been resolved:

Quote
According to VT, the Eset and McAfee false positive flagging that was there an hour ago has now gone. Hopefully this should be reflected...

Recommended by Dave CCleaner

 

Edited by itman
Posted

Same here. Within the last hour, eset deleted CCleaner Pro and BleachBit, showing the same "suspicious threat" pop-up that Super_Spartan posted above. It now deletes them as soon as they I re-install them. I won't clog the forum up with any details as mine are identical to the above.

Surely a false positive?

  • Marcos locked this topic
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...