ritchie58 Posted August 30, 2022 Report Share Posted August 30, 2022 Hi all, I was running the junk file CCleaner app when I got a Malicious Activity Protection pop-up message stating that the CCleaner64 executable was malicious in nature. This is a False Positive as Piriform assured me today. I was able to correct this by adding a few custom Exclusion rules & then doing a reboot (see images). I excluded the entire CCleaner Program Files folder & the CCleaner64 executable process since I have a 64bit system. If you encounter this & have a 32bit system add the Program Files\CCleaner executable to the Exclusion list instead. Then do a reboot and CCleaner should be accessible & functional again. If I ran into this FP I'm sure other users will too eventually. Link to comment Share on other sites More sharing options...
ritchie58 Posted August 31, 2022 Author Report Share Posted August 31, 2022 For the Devs, I attempted to submit a False Positive report for this issue at https://www.immunet.com/false_positive but kept getting a server error message. So I made screen shots of all the data I would have submitted (minus my email address), plus the error message I was getting for the Submit FP address. That should be the correct SHA256 hash for the CCleaner64 executable for version 6.0.3.10002. I couldn't copy & paste so I had to manually type in the hash. To double check that SHA256 a screen shot of the hash is located a the bottom of this post. Here is the screen shot of the error message I was getting while attempting to submit the data. Link to comment Share on other sites More sharing options...
Harshal Posted August 31, 2022 Report Share Posted August 31, 2022 Thanks Rithcie. I tried the FP submission form and it submitted the details successfully. Could you please try again; just wanted to make sure if it still happens to you. Link to comment Share on other sites More sharing options...
ritchie58 Posted August 31, 2022 Author Report Share Posted August 31, 2022 (edited) Hi Harshal, Yeah, I could give it another go to see what happens. The default browser I was/am using is Microsoft Edge with the latest updates. Edit: Nope! Same error occurred. I even lowered my security settings to the very basic with the same results. I do have another browser installed, Google Chrome. Just out of curiosity I'll give that a try & see what happens. Edit; I was also unsuccessful using Chrome (see image). The same error occurred. Well, that is weird! You could submit a FP report but it seems I'm not able to! Edited August 31, 2022 by ritchie58 Google Chrome unsuccessful. Link to comment Share on other sites More sharing options...
novirus Posted August 31, 2022 Report Share Posted August 31, 2022 while back Malwarebytes got this cc cleaner as exploit software,guess was hacked or something,maybe its just picked it up,not sure why i use cc cleaner but not avg antiv_____ Link to comment Share on other sites More sharing options...
novirus Posted August 31, 2022 Report Share Posted August 31, 2022 The malware allowed an infected system to be remotely controlled and collect data from your computer. “The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3rd party computer server in the USA BUT LOOKS LIKE they fixed cc cleaner not sure about signatures Link to comment Share on other sites More sharing options...
ritchie58 Posted August 31, 2022 Author Report Share Posted August 31, 2022 This occurred shortly after I got an automatic update through CCleaner's UI. I have since turned CCleaner's automatic update feature off & will manually update the app myself like I use to. I did contact Piriform and they did reassure me that there is nothing malicious going on. I even submitted the .exe for analysis with VirusTotal and no other AV is currently flagging it as malicious so it has to be a False Positive. Best wishes, Ritchie... Link to comment Share on other sites More sharing options...
Scats Posted September 3, 2022 Report Share Posted September 3, 2022 Hey Ritchie! I wonder if its getting flagged due to how the cleaner works to access files to clean. I work in IT as a field tech and some of our scanners will flag Ccleaner for two reasons. The method of file access and the built in reg cleaner get flagged as generic ransomware. The tools I use are custom built and not available for public use as such VT wont have it on their site. I had to set up rules in immunet like you to get past it and its seems to work. I agree with you on turning off auto updates for certain programs, that can help fix any compatibility issues before they become big issues. Link to comment Share on other sites More sharing options...
ritchie58 Posted September 3, 2022 Author Report Share Posted September 3, 2022 Hi Scats, When CCleaner first got flagged as possible ransomware by Immunet I was using the Custom Clean function. But ever since I added those exclusions I haven't had a bit of trouble with it. That's ok with me since CCleaner is my favorite junk file cleaner! Cheers, Ritchie... Link to comment Share on other sites More sharing options...
ritchie58 Posted September 20, 2022 Author Report Share Posted September 20, 2022 Well, I just got an update through the UI to version 6.0.4.10044 of CCleaner. I still have the automatic update feature turned off but got the new build update notification after launching the app. Then I tried updating through the UI just to see what would happen. I'm not sure if the devs have fixed this bug since I haven't heard otherwise or the custom exclusions I added to Immunet are, thankfully, still working. Either way I'm glad everything went smoothly this time! Regards, Ritchie... Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now