Jump to content

CCleaner 5.47.6716 has a Trojan

radish

By radish
in CCleaner Bug Reporting

 Share

Recommended Posts

  • Moderators
mta

mta

Posted
  • Moderators
Posted

where are you trying to download it from?

use this; https://www.piriform.com/ccleaner/builds

or FileHippo is the other official mirror site.

Backup now & backup often.
It's your digital life - protect it with a backup.
Three things are certain; Birth, Death and loss of data. You control the last.

Link to comment
Share on other sites
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted

Using the Slim build installer: ccsetup547_slim.exe
MD5: EF79B5B018A451CC9B149078186FBFC4
SHA-1: 3EA279FCD3F93C18F912C785E43D074921FC4AB6
SHA-256: F281CEBE66E0E792FB4D1E62CCA6D4A734CA4BD63B09C262DE49FED5D8496C89

VirusTotal results (no detections):
https://www.virustotal.com/en/file/f281cebe66e0e792fb4d1e62cca6d4a734ca4bd63b09c262de49fed5d8496c89/analysis/1538351291/

Jotti results (1 detection by ClamWin):
https://virusscan.jotti.org/en-US/filescanjob/05qz7wgvqa

Link to comment
Share on other sites
radish

radish

Posted
  • Author
Posted

I'm using NOD32 anti-virus & Malwarebytes Pro. I tried disabling each of them and that didn't change anything. I also didn't see anything in their individual log files that indicated that they stopped the download.

I then took a closer look at the error and noticed that it says "firewall gateway anti-virus service" and I realized that this is probably coming from the Sonicwall TZ300 that also does anti-virus & firewall protection. You can take a look at the following datasheet for more info. The TZ300 sits between my Comcast broadband connection and my internal office network.

https://www.sonicwall.com/SonicWall.com/files/2f/2fa6b2bd-edd9-4cc6-abe8-cebff2f90ed1.pdf

Again, I've been using CCleaner for many years and never run into this type of problem. Of course I didn't have the TZ300 until the beginning of 2017, although I had the TZ100 for many years.

I logged into the TZ300 and found that error when trying to download CCleaner again. It also showed it coming from: 13.33.231.93, 443, X1

I hope you can find a way to get rid of this "problem". It might be a false alert. Otherwise I will probably just wait for the next release.

Link to comment
Share on other sites
radish

radish

Posted
  • Author
Posted

The problem isn't the IP. The problem is that the firewall in the TZ300 is currently finding a problem.

I had a situation within the last few years where my antivirus was flagging a new version of a program I used all the time. When I ran it thru one of the online programs that verified against many different antivirus programs, a few of them found the same problem. Unfortunately, the vendor wasn't interested in finding a resolution.

I hope the CCleaner developers are interested in resolving this problem with the current release, else I will wait for the next release and try again. They already know that Jotti wasn't happy.

Link to comment
Share on other sites
  • Moderators
hazelnut

hazelnut

Posted
  • Moderators
Posted

I feel the problem is with sonicwall and not Piriform in this instance. The current release is NOT infected. (otherwisw we would have scores of posts about it)

https://www.sonicwall.com/en-us/support/knowledge-base/170505785916977

It's not the first time sonic has had this false positive

https://forum.piriform.com/topic/48491-firewall-blocking-download/

 

 

Support contact

https://support.ccleaner.com/s/contact-form?language=en_US&form=general

or

support@ccleaner.com

 

Link to comment
Share on other sites
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted

While VirusTotal finds nothing wrong with the Slim build installer, it's a different story if you individually submit CCleaner.exe and CCleaner64.exe to it, then it finds something but only with 1 or 2 scanners and it states Trojan.

As for Jotti finding something, well I typically pay no attention to the ClamWin scanner they have on there and I haven't for years, it's the Linux version and is very prone to giving false positives on allot of installers made for Windows -- I don't know how they have it configured but perhaps it's set to something akin to a paranoid mode (if such a mode exists, it's just speculation). However, when scanning the same files with ClamWin installed on my Windows system it has never produced a detection.

Link to comment
Share on other sites
  • Moderators
Nergal

Nergal

Posted
  • Moderators
Posted
2 hours ago, Parkarjohn said:

This is a remarkable news for the CCleaner users as this is very important for the presence of the Trojan in the software. CCleaner is a very well developed software which helps in the cleaning if the device.  Epson Support has suggested me to use this software. But this is a matter of disappointment that this version is affected by the virus. 

There is no infection (other than far gone past version). This topic refers to a false positive

 

ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION

DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF.

Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark)

ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T.

Support at https://support.ccleaner.com/s/?language=en_US

Pro users file a PRIORITY SUPPORT via email support@ccleaner.com

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept