Jump to content
CCleaner Community Forums
Hostname

★ IMPORTANT ★ Bitdefender says CCleaner v5.35 is infected

Recommended Posts

Hello all,

 

I just wanted to make this very important announcement as soon as possible. Take a look at the picture below.

 

CCleaner_v5.35_Blocked.png

 

 

This is the same warning I received when I tried to download CCleaner v5.33, which as everybody knows has now been confirmed infected.

 

PLEASE NOTE: I am NOT saying CCleaner v5.35 is infected. I have no idea if it is infected or not. I am just putting this out there so the creators of CCleaner and its users can be aware of it so that everyone may stay safe and vigilant.

 

I'm going to submit the URL to Bitdefender and when they get back to me I will update this thread.

Share this post


Link to post
Share on other sites

While not saying anything definite one way or another.

 

I suspect that all AV companies are now being very wary about CCleaner, and some may be over cautious until the hoo-ha settles down.

 

Understandable I suppose.

 

Thats the whole point of a waterhole attack like this - get everyone running round and confusing things while you attack the real target.

Share this post


Link to post
Share on other sites

While not saying anything definite one way or another.

 

I suspect that all AV companies are now being very wary about CCleaner, and some may be over cautious until the hoo-ha settles down.

 

Understandable I suppose.

 

Thats the whole point of a waterhole attack like this - get everyone running round and confusing things while you attack the real target.

 

You make some very good points.

 

 

But this is The cloud Page? It isn t The piriform Page forse download

 

It is the download link that comes from this page: https://www.piriform.com/ccleaner/download/standard

Share this post


Link to post
Share on other sites

VirusTotal is only flagging it with Eset/Nod because of Google Toolbar that is included with the Standard installer.

The Slim installer and Portable ZIP build both come up clean.

Share this post


Link to post
Share on other sites

VirusTotal is only flagging it with Eset/Nod because of Google Toolbar that is included with the Standard installer.

The Slim installer and Portable ZIP build both come up clean.

 

Yes, it's weird. I have had Bitdefender block files/URLs on my PC but when I scan those same files/URLs with VirusTotal, Bitdefender reports them as clean.

This is precisely why I submitted the URL to Bitdefender as a False Positive. Furthermore, this is not the first time I have submitted a False Positive to them.

If it is indeed a False Positive, they will notify me with the results and promptly update their definitions.

 

Note: I have CCleaner v5.34 installed on my PC and a separate laptop and both Bitdefender and Malwarebytes reports them as clean.

Share this post


Link to post
Share on other sites

v5.35 has a new digital signature which should? stop the FPs.

Share this post


Link to post
Share on other sites

v5.35 has a new digital signature which should? stop the FPs.

 

Hmm, I'm not sure. Good question. Below are two separate VirusTotal scans.

 

VirusToal #1 - hxxps://d1k4dgg08m176h.cloudfront.net/ccsetup535.exe

https://www.virustotal.com/#/url/d04051d014f2efc629e29f160f893db8ab6b6416c7c31074173297a7e5fa4aee/detection

> Bitdefender detects as malware

 

VirusToal #2 - hxxp://download.piriform.com/ccsetup535.exe

https://www.virustotal.com/#/url/d17372ea1f8205acbdf48c7d64cc2a4cce18e977790215e3a08d2a0dac059f13/detection

> Bitdefender does not detect as malware. Blueliv detects as malicious, but I've never even heard of them

Share this post


Link to post
Share on other sites

UPDATE: Bitdefender has replied and confirmed on their end that they have found CCleaner v5.35 to be malicious. You can read their response below.

 

Hello,

 
Thank you for reaching us in regards to this matter.
 
The URL was found as malicious and will be blocked as such.
 
Please let me know if there is anything else I may be able to assist you with.

 

My Conclusion: I am still not going to say it is malicious for sure, however Bitdefender was right about v5.33 and I didn't believe them and whitelisted the URL just so I could download it. Luckily, I am running a 64-bit system.

However, for this reason, and the fact that Bitdefender has very good detection rates, I'm going to believe what they're telling me and wait until another (clean) version is released before I upgrade.

Share this post


Link to post
Share on other sites

As of 2017-09-24 00:29:04 UTC Bitdefender did not find my copy of ccsetup535.exe to be infected. 

ESET did flag it for the google toolbar bundled with it.

https://www.virustotal.com/en/file/85d5309373cd1713eeb2416b4767c653e96a9e9cef3689dbb8f548cd23494319/analysis/1506212944/

Sha 256 for that file is 85d5309373cd1713eeb2416b4767c653e96a9e9cef3689dbb8f548cd23494319

Share this post


Link to post
Share on other sites

★ IMPORTANT UPDATE

★ Bitdefender reverses its previous decision, declares both downloads clean ★

Included below is a quote from the latest Email I have received from Bitdefender concerning this matter.

 

 

Since our previous email, the URL has reanalyzed and we concluded that it was clean. The detection has been removed. We are sorry for any inconvenience caused by our initial reply. 
 
Regarding the download link towards an unaffected version of CCleaner which you have submitted in your other ticket, it has also been unblocked. 
 
Please don't hesitate to reach us back, should there be any other information we can assist you with.

 

Therefore, of course this means that after they reanalyzed both files, they came to a different conclusion stating they weren't malicious after all.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...