CCleaner marked as riskware, pls explain Options

[GoodDog]

Kaspersky (Personal Edition Pro v5.0.391 with database of 05-apr-2006) recently markes CCleaner v1.28.277 as "riskware-not a virus".

Can some developer of this fine product explain me why Ccleaner is capable of being a risk?

I did not have this report with previous versions of Ccleaner btw.

[rridgely]

Its just a false positive. Some other AV's were detecting ccleaner before and all the companies just need to be notified. Thanks for the heads up.

[MrG]

Thanks for the info.
I'll contact them.

[avguser]

Its just a false positive. Some other AV's were detecting ccleaner before and all the companies just need to be notified. Thanks for the heads up.

[b][font=Arial Black]
Hello,
Every week I run an online scanner with Kaspersky and Pandasoftware and expected the usual cookies as usual. But today, I had a shock to find that the Kaspersky online scanner, for the first time ever, detected both CCLEANER 126 and 127 as
RiskTool.Win32.PsKill.n

I also uploaded it to http://virusscan.jotti.org and www.virustotal.com
both of which said that Kaspersky detected this thing!!!

I sent an email this morning to Kaspersky and here is their reply:

Hello!

This is not a false alarm.

This file is detected as not-a-virus:RiskTool.Win32.PsKill.n because it may be used by viruses for malicious purposes.
It is legal software, but potential danger present anyway.

Such files are detected by extended databases set only.
You can switch off extended databases set from your antivirus bases. In this case, software like this, will be not detected in future.

Sincerely yours,
Pavel Zelensky
Virus analyst

Kaspersky Lab Ltd
Moscow, Russia
Tel/Fax: +7 (095) 797-8700
E-mail: newvirus@kaspersky.com
Internet: http://www.kaspersky.com, http://www.viruslist.com


I hope this puts light on this subject!!! And also why is this in CCLEANER anyway?

[DjLizard]

The installer, or ccleaner.exe itself?

The installer kills off any copies of CCleaner currently running before it installs... if that's being flagged as not-a-virus, then Kaspersky needs to get a clue. Flagging the process killing API is pretty stupid... might as well flag the ShellExecuteEx API as well, since it can lead to code execution! oh noes...

I decided to send an uncompressed Dial-a-fix.exe through virusscan.jotti.org to see if DAF's process kill function (which is used to stop copies of winmgmt.exe, helphost.exe, and stuff like that, while doing repairs to WBEM and the Help and Support service) was detected as "not-a-virus" and it wasn't flagged. Damn.

[avguser]

The installer, or ccleaner.exe itself?

The installer kills off any copies of CCleaner currently running before it installs... if that's being flagged as not-a-virus, then Kaspersky needs to get a clue. Flagging the process killing API is pretty stupid... might as well flag the ShellExecuteEx API as well, since it can lead to code execution! oh noes...

I decided to send an uncompressed Dial-a-fix.exe through virusscan.jotti.org to see if DAF's process kill function (which is used to stop copies of winmgmt.exe, helphost.exe, and stuff like that, while doing repairs to WBEM and the Help and Support service) was detected as "not-a-virus" and it wasn't flagged. Damn.

You might like to try this scanner www.virustotal.com
It's just like virusscan.jotti.org but there they scan with 24 scanners not 15 but the limit to send them is 10MB unlike the 15MB with jotti.

[TheTOM_SK]

Russians companies provide the best security products, so I believe them, when they claim, that it is dangerous. Will be CCleaner setup fixed sometimes?

I tried to put CCleaner setup to rar, even rars to rar, it did not help. When I put it to 7-zip, KAV did not detected it, so maybe malicious code will not detect it neither?

I consider CCleaner as the best free security product, because it helps in prevention, which is more important than cleaning with AV, so this situation makes me sad.

[rridgely]

Russians companies provide the best security products, so I believe them, when they claim, that it is dangerous. Will be CCleaner setup fixed sometimes?

I tried to put CCleaner setup to rar, even rars to rar, it did not help. When I put it to 7-zip, KAV did not detected it, so maybe malicious code will not detect it neither?

I consider CCleaner as the best free security product, because it helps in prevention, which is more important than cleaning with AV, so this situation makes me sad.

No, its a mistake. There is no malware in ccleaner.
Why would zipping it in a different format matter anyway? It still does the same thing when executed.

Also ccleaner isnt a "security" program. It does erase online data that clogs up your computer but it does absolutely nothing to prevent infection(unless you consider cookies an infection). CCleaner is meant to clean up junk off your computer. Nothing more nothing less.

[krit86lr]

All that the Kaspersky scanner is doing is WARNING the user that there is a process killer. Therefore, if it isn't a trusted program the user can make an educated decision about whether or not to keep the application. Kaspersky does not report any malware or virus.

The process killer is there to kill any running processes of CCleaner during installation. Nothing more.


I hope that this helps clear things up.

[JoaoVr]

Same Thing Here:

[krit86lr]

Okay. This is getting redundant. Kaspersky WILL label CC as a non-virus risk tool.

But it's not a risk because we know that it can be trusted. All that the Kaspersky scanner is doing is WARNING the user that there is a process killer. Therefore, if it isn't a trusted program the user can make an educated decision about whether or not to keep the application. Kaspersky does not report any malware or virus.

The process killer is there to kill any running processes of CCleaner during installation. Nothing more.

[Andavari]

Indeed it is now redundant. Time to have the thread locked!