Westkane Posted December 24, 2017 Share Posted December 24, 2017 According to Glasswire (I am not real familiar with this yet), it says there is potentially a virus in the updater. Here is a bit of a cut and paste from their page. SHA256: 1d488908989290c7ce58ccae36ed4a2c4ed06489b8c2248fb178327af4bcdbe8 File name: 1d488908989290c7ce58ccae36ed4a2c4ed06489b8c2248fb178327af4bcdbe8 Detection ratio: 1 / 67 Analysis date: 2017-12-20 23:00:31 UTC ( 3 days, 19 hours ago ) 1 0 AnalysisThe file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem. Authenticode signature block and FileVersionInfo properties Copyright Copyright (c) 2017 AVAST Software Product CCleaner Original name CCUpdate.exe Internal name CCUpdate.exe File version 1, 0, 999, 0 Description CCleaner updater Signature verification Signed file, verified signature Signing date 12:53 PM 9/22/2017 Signers [+] AVAST Software s.r.o. [+] DigiCert High Assurance Code Signing CA-1 [+] DigiCert Counter signers [+] DigiCert Timestamp Responder [+] DigiCert Assured ID CA-1 [+] DigiCert PE header basic information Target machine Intel 386 or later processors and compatible processors Compilation timestamp 2017-09-14 11:07:04 Entry Point 0x00023C30 Number of sections 7 Link to comment Share on other sites More sharing options...
Moderators Andavari Posted December 25, 2017 Moderators Share Posted December 25, 2017 It has one detection on VirusTotal, as seen here. Link to comment Share on other sites More sharing options...
Westkane Posted December 27, 2017 Author Share Posted December 27, 2017 Is this something to be concerned with? It was picked-up by VirusTotal in the Updater. I guess I am asking what should the next step be as Glasswire/TotalVirus indicates there is an issue? Thank You Link to comment Share on other sites More sharing options...
Moderators Andavari Posted December 27, 2017 Moderators Share Posted December 27, 2017 With one detection I'd personally say it's a false positive after the efforts Avast/Piriform have put into securing the Piriform software such as CCleaner - that is if it were me attempting to update it -- but I won't ever again say with 100% confidence that it's alright after the September actual infection. With that in mind you can make up your mind on what you wish to do. I don't know if you're aware of this however you can also get the Portable ZIP Version which does not contain CCUpdate.exe, and you can use the Portable version to update your already installed version. To update an already installed version using the Portable version you only need to unzip the following files: 1. The two *.EXE files (CCleaner.exe and CCleaner64.exe) over the already installed ones on an English installation, and you're done updating. Tip: If your system is not 64-bit you won't need CCleaner64.exe. 2. Optional: If your language is English you do NOT need to follow this step! If your language is not English, and to have CCleaner display in your language you'll also need to also unzip the lang folder over the already installed ones, and you're done updating. Also a member stated a while back that CCUpdate.exe was a filename detected by an anti-virus or anti-malware (I'm thinking Malwarebytes but could be completely wrong), and even when something isn't actually infected it can be generically detected by filename only - Piriform were already made aware of that issue however haven't yet renamed the .EXE. Link to comment Share on other sites More sharing options...
Westkane Posted December 28, 2017 Author Share Posted December 28, 2017 Thanks for your assistance with this, I was relatively lucky and my AV caught the September issue on a scan. However, as you say, one can never say never in this day and age, but I kind of agree that it is a false positive. (Nothing like the numbers I saw on the YTD Video Downloader program, I got rid of that real quick) Thanks for the info on the portable ZIP Version, I didn't know about that option. Thanks again for your help and knowledge. Link to comment Share on other sites More sharing options...
gavsta Posted December 29, 2017 Share Posted December 29, 2017 I work with many people each week that over panic when regarding VirusTotal. It's a tool yes, but when you need to understand. When dealing with Malware we may sometimes instruct the user asking for help to upload a fresh copy of the exe. This One instance has panicked you. Not because the file may or may not be an infection, it's simply because you are not trained on using Virustotal. We work with a number of files that have previously had around 15 or more flags and the file was safe. Malware identification takes practice researching files takes even more training.http://www.pacs-portal.co.uk/startup_content.php Pacs portal was created by myself and a guy called paul. We sold it to Malwarebytes. Here are a few more links. http://www.systemlookup.comhttps://web.archive.org/web/20060106081601/http://www.doxdesk.com/parasite/database.html. You can include bleepingcomputers database also. YTD is not an infection and is clean. It's flagged as a PUP. Possible unwanted program. Thats it, nothing more. We use FRST https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ to analyze computers before writing custom scripts and instruct OP's the next steps forward. FRST is often flagged as malware, well One instance. Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted December 30, 2017 Moderators Share Posted December 30, 2017 Just bear in mind gavsta that we do not give malware advice on this forum. Instead we point members to dedicated malware removal forums. See item 10 here https://forum.piriform.com/announcement/15-forum-rules/ So please, no more mentions of your site in your posts. Thanks. Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
gavsta Posted January 2, 2018 Share Posted January 2, 2018 Yes, i know you do not allow malware advice. I did not offer any. Trained under One o your old malware mods at geekstogo and been qualified 6 years. Im united agasint malware member and work as a malware mod bot of avast and emisoft. I did not offer any malware assistance or let alone ask for a FRST log. I simply pointed out a few facts. So i do not get it wrong again which part offered would you class at malware removal advice? Then i won't post said part again. Link to comment Share on other sites More sharing options...
Moderators mta Posted January 3, 2018 Moderators Share Posted January 3, 2018 don't provide ANY links regarding malware. don't advertise the fact you claim to be a malware removal expert. don't self-promote your web site. Backup now & backup often.It's your digital life - protect it with a backup.Three things are certain; Birth, Death and loss of data. You control the last. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now