Jump to content
CCleaner Community Forums
chrisr78

Speccy 1.31 installer flagged as malware by AVG

Recommended Posts

I downloaded the current Speccy installer spsetup131.exe from ccleaner.com today (19 Feb 2018) and immediately got a notification from AVG antivirus that it was infected with malware (Rootkit-gen). I reported it to AVG as a false positive but you guys may wish to double-check and maybe liaise with AVG.

Share this post


Link to post
Share on other sites

and since AVG was taken over by Avast who in turn bought out Piriform, that should be a straight forward liaison.
the Admin team do read these threads, eventually, but as to a follow-up or investigation, who can say.

Share this post


Link to post
Share on other sites

If you're downloading the free version make sure the checksums/hashes match (even though they don't publish them on the download site), and also right-click the file and make sure the Digital Signature is valid and signed.

File Name: spsetup131.exe
MD5: 0F3457989D9F5CF05A8EA435CB26A704
SHA-1: 7BAF469001833D3A7B1D2E377426B439C7F981AE
SHA-256: F52EC93F4EA0B4D7CCE5C4B495B8B2DA2657FF2073A1745993D972AE8D8389F2


One of the detections is by ESET/NOD which will always detect the included 3rd party Google software. Also since the installer was compiled with NSIS that may cause some scanners to produce a false positive every now and then. VirusTotal did have 4 detections earlier (from 2 hours ago), and now with the link provided below it has 2 detections.


Scan results from online scanners:

Jotti
https://virusscan.jotti.org/en-US/filescanjob/7odx8py36t

VirusTotal
https://www.virustotal.com/en/file/f52ec93f4ea0b4d7cce5c4b495b8b2da2657ff2073a1745993d972ae8d8389f2/analysis/1519127846/

Share this post


Link to post
Share on other sites
1 hour ago, jm77 said:

Same thing with Avast. Avast moved that setup file to chest. Says that its infected with virus Win32:Rootkit-gen

after windows update the  same installer is okey. Rescanned and everything seems ok. Not flagging anymore.

Share this post


Link to post
Share on other sites

I tried again, using a different PC, one running Sophos antivirus, and attempted to download Speccy 1.31 from the Piriform website (not FileHippo) and immediately got a Sophos pop-up to say "High Risk Website Blocked - Access to this page is blocked as the threat Mal/HTMLGen-A has been found on this website. "

I think Piriform have some questions to answer, irrespective of the compiler used.

Speccy version 1.29 seems safe to use.

Andavari? Comments please?

Share this post


Link to post
Share on other sites

No questions to answer as far as I can see. I get no problems with the website or the download.

Virus total shows no detections for the URL

https://www.virustotal.com/#/url/5b2e886f0e35d61b014e9e946b98956ed8054bb97c54774d810b59545c3e31fc/detection

As you can see if you scroll down the link, Sophos hasn't rated it yet.

Edited by hazelnut

Share this post


Link to post
Share on other sites

ps: after download yesterday the latest version of speccy my avg dont tell me something :)

Share this post


Link to post
Share on other sites

Downloaded spsetup131 from filehippo also from Piriform, scanned with Avast AV, submitted to virustotal, got same hashes,same result as Andavari. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×