Jump to content
CCleaner Community Forums
HerbEppel

Malwarebytes detects Adware.FusionCore (Solved)

Recommended Posts

I recently renewed my CCleaner license and was surprised to find that Malwarebytes detected Adware.FusionCore in the CCleaner update exe file – see attachment.

For background see https://blog.malwarebytes.com/detections/adware-fusioncore/

I realize malware aspects has been discussed, so apologies if this specific issue has already been addressed, but I couldn't find it in the forum archive.

Herbert Eppel
(Link removed - Nukecad).
 

CC Malware.JPG

Share this post


Link to post
Share on other sites

I see that you have MB4 Premium, and it says v4.0.4. (Although it looks slightly different from normal there).

I've never had Malwarebytes flag the CCleaner installer.
I do know that Malwarebytes regularly review their detection methods so I made sure that my MB4 was up to date, there was an update which required a restart of MB4.
Then I downloaded a new CCleaner installer and checked - a right-click 'Scan with Mawarebytes' of the ccsetup563.exe reported it as clean.

As the link you gave says, FusionCore detections are not malicious, they are PUPs - Potentially Unwanted Programs - specifically bundled software in an installer.
In the case of CCleaner that would be the bundled offer in the Standard installer.

However I'm not sure that detection is the CCleaner installer at all, the pathname looks odd.

To start with the pathname in the detection is all uppercase? ('Windows\Temp\' is usually mixed case).
And I'd expext the CCleaner installer to be in your Downloads folder.

We can only see the start of the path there, could you tell us the name of the target file at the end of the path?
(or even the full path).

 

Share this post


Link to post
Share on other sites

Thanks for your quick, comprehensive and helpful reply 👍

Unfortunately Malwarebytes doesn't seem to allow copying of path names, and I'm having trouble with my OCR software at present, so here is a screenshot.

image.png.256050bad59d58eaaae8490cb7c00dd6.png

Herbert Eppel
(Link removed - Nukecad).

Share this post


Link to post
Share on other sites

Thanks for your reply, but I'm afraid I don't get it, sorry.

Not sure what MD5 hash is, but I assumed the CC-Updates folder in the path name I sent points to CCleaner as the 'culprit', no? 🤔

And in any case, that particular FileZilla setup file isn't present on my system.

Herbert Eppel
(Link removed - Nukecad).

Share this post


Link to post
Share on other sites

When I first looked at original post I thought it was a creative cloud update.

It's odd.

Share this post


Link to post
Share on other sites

Which CCleaner version are you using?

(PS. I don't even have a CC-updates folder in Windows\temp, but that could be a version thing).

If you are still in doubt then I would suggest that you join the Malwarebytes forum and ask one of their experts to take a look at your computer for you.
It's free and they will have a good look for anything odd/wrong and help you put it right.
You don't need to be infected, and you don't need to have a Malwarebytes licence to get their help on the forum.
They are happy to check the computer of anyone who ask them to.
Start by following the instructions here: https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

To expand on what I said about your screenshot looking odd - There are no Notification, Settings, or Help icons top right, the clouds on the background look different to the normal MB4 background, and my scan results windows don't look like that, although admitted I've yet to have a detection on a MB4 Threat scan so it may just be GUI differences.

 

Share this post


Link to post
Share on other sites
3 hours ago, hazelnut said:

When I first looked at original post I thought it was a creative cloud update.

It's odd.

Are we sure this is ccleaner? It seems like we're all reacting to the cc in the file name but this could be any number of things. i've never seen the ccleaner installer create a hash named file in temp, but I could be wrong.

Share this post


Link to post
Share on other sites
3 minutes ago, Nergal said:

Are we sure this is ccleaner? It seems like we're all reacting to the cc in the file name but this could be any number of things. i've never seen the ccleaner installer create a hash named file in temp, but I could be wrong.

Indeed not, it just seems all too odd and may well be something else trying to disguise itself.

Which is why I suggested that he gets the Malwarebytes removal experts to take a look at his system.

Share this post


Link to post
Share on other sites
19 hours ago, HerbEppel said:

Thanks for your quick, comprehensive and helpful reply 👍

Unfortunately Malwarebytes doesn't seem to allow copying of path names, and I'm having trouble with my OCR software at present, so here is a screenshot.

image.png.256050bad59d58eaaae8490cb7c00dd6.png

Herbert Eppel
(Link removed - Nukecad).

 

Doing a search on the path,

     C:\Windows\Temp\CC-Updates\UPDATE-FA2D7D3123A488949AB5ED5991C2CAA2.EXE

I concur with hazelnut that the "CC" in the path refers to Adobe's Creative Cloud software and NOT Ccleaner.

Share this post


Link to post
Share on other sites

First, thanks for all the messages and for your time looking into this, and profuse apologies for wasting your time if it turns out to be a red herring 😳

I simply assumed that "CC" in the path referred to CCleaner because the 'incident' happened shortly after I had renewed my CCleaner license. A further (on reflection probably incorrect) assumption was that CCleaner had performed an update as part of the license update process, but it just dawned on me that I probably already had the latest CCleaner version installed, in which case there would have been no update.

As for Adobe, I wasn't aware that I have any Creative Cloud products installed, but another penny has just dropped in the sense that, shortly after renewing my CCleaner license I discovered CCleaner's interesting and useful Software Updater function and used for the first time. One of the products that was updated during the process was Adobe Digital Editions, which now leads me to the conclusion that this may well be what the "CC" in the path refers to!

Oh well, I for one certainly found this discussion 'educational', and I sure hope that I won't make the same mistakes/incorrect assumptions again in the future 😳

Before I sign off, I would be interested to know how you (cbaumer0628) managed to convert the path from my screenshot to text – do you have some clever on-the-fly OCR software installed on your device? As it happens, I just asked about this in another group yesterday, in view of the fact that my ABBYY ScreenshotReader installation appears to have become corrupted on my Windows 10 PC 😕

Once again, many thanks for your time and patience.

Share this post


Link to post
Share on other sites

Okay so now we know that the CC in this topic refers to Adobe Creative Cloud and not CCleaner.

As to the text conversion, I did the same when searching.... just type it out manually from the screenshot.

Should you have anymore comments about screenshots etc please open a new thread.

I shall lock this thread now.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...