★ IMPORTANT ★ Bitdefender says CCleaner v5.35 is infected

[Hostname]

Hello all,

 

I just wanted to make this very important announcement as soon as possible. Take a look at the picture below.

 

 

 

This is the same warning I received when I tried to download CCleaner v5.33, which as everybody knows has now been confirmed infected.

 

PLEASE NOTE: I am NOT saying CCleaner v5.35 is infected. I have no idea if it is infected or not. I am just putting this out there so the creators of CCleaner and its users can be aware of it so that everyone may stay safe and vigilant.

 

I'm going to submit the URL to Bitdefender and when they get back to me I will update this thread.

[nukecad]

While not saying anything definite one way or another.

 

I suspect that all AV companies are now being very wary about CCleaner, and some may be over cautious until the hoo-ha settles down.

 

Understandable I suppose.

 

Thats the whole point of a waterhole attack like this - get everyone running round and confusing things while you attack the real target.

[malika4]

But this is The cloud Page? It isn t The piriform Page forse download

[Hostname]

While not saying anything definite one way or another.

 

I suspect that all AV companies are now being very wary about CCleaner, and some may be over cautious until the hoo-ha settles down.

 

Understandable I suppose.

 

Thats the whole point of a waterhole attack like this - get everyone running round and confusing things while you attack the real target.

 

You make some very good points.

 

 

But this is The cloud Page? It isn t The piriform Page forse download

 

It is the download link that comes from this page: https://www.piriform.com/ccleaner/download/standard

[Andavari]

VirusTotal is only flagging it with Eset/Nod because of Google Toolbar that is included with the Standard installer.

The Slim installer and Portable ZIP build both come up clean.

[Hostname]

VirusTotal is only flagging it with Eset/Nod because of Google Toolbar that is included with the Standard installer.

The Slim installer and Portable ZIP build both come up clean.

 

Yes, it's weird. I have had Bitdefender block files/URLs on my PC but when I scan those same files/URLs with VirusTotal, Bitdefender reports them as clean.

This is precisely why I submitted the URL to Bitdefender as a False Positive. Furthermore, this is not the first time I have submitted a False Positive to them.

If it is indeed a False Positive, they will notify me with the results and promptly update their definitions.

 

Note: I have CCleaner v5.34 installed on my PC and a separate laptop and both Bitdefender and Malwarebytes reports them as clean.

[nukecad]

v5.35 has a new digital signature which should? stop the FPs.

[Hostname]

v5.35 has a new digital signature which should? stop the FPs.

 

Hmm, I'm not sure. Good question. Below are two separate VirusTotal scans.

 

VirusToal #1 - hxxps://d1k4dgg08m176h.cloudfront.net/ccsetup535.exe

https://www.virustotal.com/#/url/d04051d014f2efc629e29f160f893db8ab6b6416c7c31074173297a7e5fa4aee/detection

> Bitdefender detects as malware

 

VirusToal #2 - hxxp://download.piriform.com/ccsetup535.exe

https://www.virustotal.com/#/url/d17372ea1f8205acbdf48c7d64cc2a4cce18e977790215e3a08d2a0dac059f13/detection

> Bitdefender does not detect as malware. Blueliv detects as malicious, but I've never even heard of them

[Hostname]

UPDATE: Bitdefender has replied and confirmed on their end that they have found CCleaner v5.35 to be malicious. You can read their response below.

 

Hello,

 

Thank you for reaching us in regards to this matter.

 

The URL was found as malicious and will be blocked as such.

 

Please let me know if there is anything else I may be able to assist you with.

 

My Conclusion: I am still not going to say it is malicious for sure, however Bitdefender was right about v5.33 and I didn't believe them and whitelisted the URL just so I could download it. Luckily, I am running a 64-bit system.

However, for this reason, and the fact that Bitdefender has very good detection rates, I'm going to believe what they're telling me and wait until another (clean) version is released before I upgrade.

[login123]

As of 2017-09-24 00:29:04 UTC Bitdefender did not find my copy of ccsetup535.exe to be infected. 

ESET did flag it for the google toolbar bundled with it.

https://www.virustotal.com/en/file/85d5309373cd1713eeb2416b4767c653e96a9e9cef3689dbb8f548cd23494319/analysis/1506212944/

Sha 256 for that file is 85d5309373cd1713eeb2416b4767c653e96a9e9cef3689dbb8f548cd23494319

[Hostname]

★ IMPORTANT UPDATE ★

★ Bitdefender reverses its previous decision, declares both downloads clean ★

Included below is a quote from the latest Email I have received from Bitdefender concerning this matter.

 

 

Since our previous email, the URL has reanalyzed and we concluded that it was clean. The detection has been removed. We are sorry for any inconvenience caused by our initial reply. 

 

Regarding the download link towards an unaffected version of CCleaner which you have submitted in your other ticket, it has also been unblocked. 

 

Please don't hesitate to reach us back, should there be any other information we can assist you with.

 

Therefore, of course this means that after they reanalyzed both files, they came to a different conclusion stating they weren't malicious after all.