AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Ccleaner builds1/31/2024 ![]() ![]() When it does one here I do a manual 'Check for Updates' and then try the download again once the defender definitions have updated. Problem solved, and kudos to hazelnut for providing the expected SHA256 hash for the ccsetup591.zip file. My Microsoft Defender virus definition set updated to v1.361.339.0 today (2) and I was able to download the Portable ccsetup591.zip file from without triggering a Trojan:Script/Oneeva.A!m detection, so I'm guessing the v1.361.287.0 definition set I was using yesterday was responsible for the false positive detection. At the time I was using the 32-bit version of the installed version of CCleaner Free and found evidence of this malware on my system (see my 1 post Traces of Floxif Malware From Infected CCleaner v5.33 Installer), which is why I was being so cautious about yesterday's Microsoft Defender detection of a possible trojan in the Portable ccsetup591.zip file. That Floxif trojan evaded detection by antivirus programs for several weeks because the CCleaner binary that included the malware was signed by Avast with a valid digital certificate and whitelisted as "safe". Recall the September 2017 Bleeping Computer articles CCleaner Compromised to Distribute Malware for Almost a Month and CCleaner Malware Incident - What You Need to Know and How to Remove about the Floxif trojan that was bundled inside CCleaner v installers posted on the official Avast/Piriform website. "ccleaner" is owned by "avast." it is not very likely that any of their files are going to be infected with malware. zip file before today so perhaps it's my current virus definition set v1.361.287.0 (installed 1) that's causing the problem.Ħ4-bit Win 10 Pro v21H2 build 19044.1586 * Firefox v98.0.1 * Microsoft Defender v.4-0.8 * Malwarebytes Premium v4.5.6.180- * CCleaner Portable vĭell Inspiron 15 5584, Intel i5-8265U CPU, 8 GB RAM, 256 GB Toshiba KBG40ZNS256G NVMe SSD, Intel UHD Graphics 620 I'll submit the file to Microsoft at for analysis and see if they can explain. I restored the file and uploaded it to VirusTotal, and the SHA256 hash (ed4855acc0239c7e1c5dd4554a6e360173f23458832420000445a20fa3fc6450) is an identical match to the report at. I wasn't very keen on restoring the ccsetup591.zip file from quarantine before I had some indication that it was likely a false positive. Weird as Virus Total doesn't show MS as detecting it.
0 Comments
Read More
Leave a Reply. |