Jump to content

[False Positive] A malware on CCleaner 5.48.6834.

RicardodeMiranda

By RicardodeMiranda
in CCleaner Bug Reporting

 Share

Recommended Posts

RicardodeMiranda

RicardodeMiranda

Posted
Posted

Hello, everyone.

I'm Ricardo, and I would like to tell you that Kaspersky Internet Security detected a malware on a CCleaner installer. It's called UDS:Trojan.Win32.Droma. It is on this file ccupdate548_pro[1].exe. Please fix it ASAP. My Kaspersky can't allow me to install this new version. And I advise to anyone not to install for a while.

Thanks in advance. And I hope to find this solution.

Best regards.

Ricardo

CCleanerProfessional_Trojan.png

Link to comment
Share on other sites
RicardodeMiranda

RicardodeMiranda

Posted
  • Author
Posted
11 minutes ago, Stephen Piriform said:

Hi there,

Kaspersky is not flagging this file from what I can see: https://www.virustotal.com/#/url/dcbf986874e39ef14eaaea2c6d0e0960b7ef79d039dca17757cc77d87507c33f/detection

Can you confirm that the MD5 filehash for the ccupdate548_pro.exe file you have matches "3c4836f8f949c94bb651a74814617868" ?

Hi, Stephen Piriform.

After clicking on your link, you can see it on the screenshot I took. VirusTotal detected also.

WebsiteDNS8.png

Link to comment
Share on other sites
Guest Stephen CCleaner

Guest Stephen CCleaner

Posted
Posted

I don't think it's anything to be concerned by. This company analyses URLs and flags anything without a good reputation. It looks like they have a simple check that simply flags any URL that downloads an executable. It does not seem that it does any checks on the file itself to see if it is legitimate.

To compare, here is the VirusTotal results for the file itself (not the download URL):

https://www.virustotal.com/#/file/079609c8d786cab5d29b43d315af1d7276805f0f7cc48f180106d38d4c5b2e97/detection

image.png

 

The file also checks out with Kaspersky:

image.png

 

I have reported a false positive to DNS8 so they can investigate.

Link to comment
Share on other sites
RicardodeMiranda

RicardodeMiranda

Posted
  • Author
Posted
44 minutes ago, Stephen Piriform said:

I don't think it's anything to be concerned by. This company analyses URLs and flags anything without a good reputation. It looks like they have a simple check that simply flags any URL that downloads an executable. It does not seem that it does any checks on the file itself to see if it is legitimate.

To compare, here is the VirusTotal results for the file itself (not the download URL):

https://www.virustotal.com/#/file/079609c8d786cab5d29b43d315af1d7276805f0f7cc48f180106d38d4c5b2e97/detection

image.png

 

The file also checks out with Kaspersky:

image.png

 

I have reported a false positive to DNS8 so they can investigate.

Thank you so much for your kind support and screenshots, Stephen Piriform.

Currently, my CCleaner Professional is 5.47.6716. And any preview installers this Kaspersky couldn't detect any trojan.

If they send to you any answer... could you just report to me what they said please?

Thank you so much again.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept