Jump to content
CCleaner Community Forums
GoodDog

CCleaner marked as riskware, pls explain

Recommended Posts

Kaspersky (Personal Edition Pro v5.0.391 with database of 05-apr-2006) recently markes CCleaner v1.28.277 as "riskware-not a virus".

 

Can some developer of this fine product explain me why Ccleaner is capable of being a risk?

 

I did not have this report with previous versions of Ccleaner btw.

Share this post


Link to post
Share on other sites

Its just a false positive. Some other AV's were detecting ccleaner before and all the companies just need to be notified. Thanks for the heads up. :D

Share this post


Link to post
Share on other sites

Its just a false positive. Some other AV's were detecting ccleaner before and all the companies just need to be notified. Thanks for the heads up. :D

 

 

 

Hello,

Every week I run an online scanner with Kaspersky and Pandasoftware and expected the usual cookies as usual. But today, I had a shock to find that the Kaspersky online scanner, for the first time ever, detected both CCLEANER 126 and 127 as

RiskTool.Win32.PsKill.n

 

I also uploaded it to http://virusscan.jotti.org and www.virustotal.com

both of which said that Kaspersky detected this thing!!!

 

I sent an email this morning to Kaspersky and here is their reply:

 

Hello!

 

This is not a false alarm.

 

This file is detected as not-a-virus:RiskTool.Win32.PsKill.n because it may be used by viruses for malicious purposes.

It is legal software, but potential danger present anyway.

 

Such files are detected by extended databases set only.

You can switch off extended databases set from your antivirus bases. In this case, software like this, will be not detected in future.

 

Sincerely yours,

Pavel Zelensky

Virus analyst

 

Kaspersky Lab Ltd

Moscow, Russia

Tel/Fax: +7 (095) 797-8700

E-mail: newvirus@kaspersky.com

Internet: http://www.kaspersky.com, http://www.viruslist.com

 

 

I hope this puts light on this subject!!! And also why is this in CCLEANER anyway?

Share this post


Link to post
Share on other sites

The installer, or ccleaner.exe itself?

 

The installer kills off any copies of CCleaner currently running before it installs... if that's being flagged as not-a-virus, then Kaspersky needs to get a clue. Flagging the process killing API is pretty stupid... might as well flag the ShellExecuteEx API as well, since it can lead to code execution! oh noes...

 

I decided to send an uncompressed Dial-a-fix.exe through virusscan.jotti.org to see if DAF's process kill function (which is used to stop copies of winmgmt.exe, helphost.exe, and stuff like that, while doing repairs to WBEM and the Help and Support service) was detected as "not-a-virus" and it wasn't flagged. Damn. :P

Share this post


Link to post
Share on other sites

The installer, or ccleaner.exe itself?

 

The installer kills off any copies of CCleaner currently running before it installs... if that's being flagged as not-a-virus, then Kaspersky needs to get a clue. Flagging the process killing API is pretty stupid... might as well flag the ShellExecuteEx API as well, since it can lead to code execution! oh noes...

 

I decided to send an uncompressed Dial-a-fix.exe through virusscan.jotti.org to see if DAF's process kill function (which is used to stop copies of winmgmt.exe, helphost.exe, and stuff like that, while doing repairs to WBEM and the Help and Support service) was detected as "not-a-virus" and it wasn't flagged. Damn. :P

 

 

 

You might like to try this scanner www.virustotal.com

It's just like virusscan.jotti.org but there they scan with 24 scanners not 15 but the limit to send them is 10MB unlike the 15MB with jotti.

Share this post


Link to post
Share on other sites

Russians companies provide the best security products, so I believe them, when they claim, that it is dangerous. Will be CCleaner setup fixed sometimes? dry.gifhuh.gifmellow.gifblink.gif

 

I tried to put CCleaner setup to rar, even rars to rar, it did not help. When I put it to 7-zip, KAV did not detected it, so maybe malicious code will not detect it neither? unsure.gif

 

I consider CCleaner as the best free security product, because it helps in prevention, which is more important than cleaning with AV, so this situation makes me sad. sad.gif

Share this post


Link to post
Share on other sites
Russians companies provide the best security products, so I believe them, when they claim, that it is dangerous. Will be CCleaner setup fixed sometimes? dry.gifhuh.gifmellow.gifblink.gif

 

I tried to put CCleaner setup to rar, even rars to rar, it did not help. When I put it to 7-zip, KAV did not detected it, so maybe malicious code will not detect it neither? unsure.gif

 

I consider CCleaner as the best free security product, because it helps in prevention, which is more important than cleaning with AV, so this situation makes me sad. sad.gif

 

No, its a mistake. There is no malware in ccleaner.

Why would zipping it in a different format matter anyway? It still does the same thing when executed.

 

Also ccleaner isnt a "security" program. It does erase online data that clogs up your computer but it does absolutely nothing to prevent infection(unless you consider cookies an infection). CCleaner is meant to clean up junk off your computer. Nothing more nothing less.

Share this post


Link to post
Share on other sites

All that the Kaspersky scanner is doing is WARNING the user that there is a process killer. Therefore, if it isn't a trusted program the user can make an educated decision about whether or not to keep the application. Kaspersky does not report any malware or virus.

 

The process killer is there to kill any running processes of CCleaner during installation. Nothing more.

 

 

I hope that this helps clear things up. :)

Share this post


Link to post
Share on other sites

Okay. This is getting redundant. Kaspersky WILL label CC as a non-virus risk tool.

 

But it's not a risk because we know that it can be trusted. All that the Kaspersky scanner is doing is WARNING the user that there is a process killer. Therefore, if it isn't a trusted program the user can make an educated decision about whether or not to keep the application. Kaspersky does not report any malware or virus.

 

The process killer is there to kill any running processes of CCleaner during installation. Nothing more.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×