I was concerned that someone had recently altered the ccsetup591.zip file on the Avast servers during the weekend, but after hazelnut provided the SHA256 hash I realized that wasn't the case. Just note that it's not normal for a widely-distributed program like CCleaner to still be triggering a Microsoft Defender false positive detection four days after it's released, at least on my system (and given that my MS Defender virus definitions were up-to-date). When I want to update CCleaner Portable I prefer to download and unzip the latest ccleaner5 xx.zip file from and then manually copy the new CCleaner64.exe file over to my USB stick to replace the old executable.Ħ4-bit Win 10 Pro v21H2 build 19044.1586 * Firefox v98.0.1 * Microsoft Defender v.4-0.8 * Malwarebytes Premium v4.5.6.180- * CCleaner Free Portable v I occasionally run a manual check for updates but I always choose "Remind Me Later" because of the unwanted files the "Update Now" internal installer can add - for example, see my 1 How Do I Stop CCleaner Portable v5.76 From Automatically Checking for Updates? about the unwanted Emergency Updater (CCUpdate.exe) and scheduled task that was added to v5.76 when I allowed CCleaner to perform the update. I use CCleaner Free Portable and run CCleaner64.exe from a removable USB stick. I find my Malwarebytes anti-malware is more prone to false positive detections than antivruses like Microsoft Defender, Norton, etc. I believe yesterday's detection of the ccleaner591.zip file is the first detection (false positive or otherwise) I've had from Microsoft Defender since I purchased my laptop back in August 2019, but that might be because I usually monitor the CCleaner forum for about a week before updating to make sure the latest update hasn't introduced any new bugs. When it does one here I do a manual 'Check for Updates' and then try the download again once the defender definitions have updated. Problem solved, and kudos to hazelnut for providing the expected SHA256 hash for the ccsetup591.zip file. My Microsoft Defender virus definition set updated to v1.361.339.0 today (2) and I was able to download the Portable ccsetup591.zip file from without triggering a Trojan:Script/Oneeva.A!m detection, so I'm guessing the v1.361.287.0 definition set I was using yesterday was responsible for the false positive detection. At the time I was using the 32-bit version of the installed version of CCleaner Free and found evidence of this malware on my system (see my 1 post Traces of Floxif Malware From Infected CCleaner v5.33 Installer), which is why I was being so cautious about yesterday's Microsoft Defender detection of a possible trojan in the Portable ccsetup591.zip file. That Floxif trojan evaded detection by antivirus programs for several weeks because the CCleaner binary that included the malware was signed by Avast with a valid digital certificate and whitelisted as "safe". Recall the September 2017 Bleeping Computer articles CCleaner Compromised to Distribute Malware for Almost a Month and CCleaner Malware Incident - What You Need to Know and How to Remove about the Floxif trojan that was bundled inside CCleaner v installers posted on the official Avast/Piriform website. "ccleaner" is owned by "avast." it is not very likely that any of their files are going to be infected with malware. zip file before today so perhaps it's my current virus definition set v1.361.287.0 (installed 1) that's causing the problem.Ħ4-bit Win 10 Pro v21H2 build 19044.1586 * Firefox v98.0.1 * Microsoft Defender v.4-0.8 * Malwarebytes Premium v4.5.6.180- * CCleaner Portable vĭell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620 I'll submit the file to Microsoft at for analysis and see if they can explain. I restored the file and uploaded it to VirusTotal, and the SHA256 hash (ed4855acc0239c7e1c5dd4554a6e360173f23458832420000445a20fa3fc6450) is an identical match to the report at. I wasn't very keen on restoring the ccsetup591.zip file from quarantine before I had some indication that it was likely a false positive. Weird as Virus Total doesn't show MS as detecting it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |