Jump to content

ccleaner

Andy Spragg

By Andy Spragg
in Website Blocking

 Share

Recommended Posts

Andy Spragg

Andy Spragg

Posted
Posted
As well as all other 93.188.128.xx are showing as malicious .... please confirm

This thread caught my eye because I'm trying to troubleshoot a connection problem:

http://www.malwarebytes.org/forums/index.php?showtopic=23349

(which might be a complete red herring in this context) and I've been browsing my protection logs tonight for the first time. I have a months worth. Most of them are only 1-2k and just contain IP protection start and stop messages, but a few contain IP block alerts. In particular, the logs for yesterday and the two days before were 30, 52 and 23 k respectively. They're chock full of IP-BLOCK 93.188.128.xx messages - only for the three users of the PC, though, not for me with admin rights. I don't know if these blocks would also have popped up a system tray notification, but I presume someone would have mentioned something if the system tray went as hyper as the logs suggest it would have done. I have had one or two IP addresses blocked recently, that were alerted via the system tray, but there seems to be a lot more "silent" blocking going on than I was aware of. I also don't believe that all these three users would have been intentionally trying to connect to all the IP addresses in turn in the same range. Anyone know the explanation?

Andy

Link to post
Share on other sites
Andy Spragg

Andy Spragg

Posted
  • Author
Posted

|When trying to download latest version of CCleaner from:

http://www.filehippo.com/download_ccleaner...23e981303626f67

I can't say for sure this is an FP - no reason why the site should not have been compromised, I suppose - but on the face of it it seems relatively unlikely. Same result on two attempts a week or so apart. Because I don't know for sure it's a FP, I haven't saved a developer log yet; should I?

Andy

Link to post
Share on other sites
MysteryFCM

MysteryFCM

Posted
Posted

The URL it's trying to load is;

http://fs2.filehippo.com/4536/d710a676e6e14d95970bc2dc6355dbec/ccsetup223.exe

FileHippo itself is about as safe as any other download site (i.e. only as safe as the person browsing it), but the IP is on a range that is well known for criminal activity, which is why it's blocked.

You can however, download CCleaner from the authors website;

http://download.piriform.com/ccsetup223.exe

/edit

Slim build (no bundled rubbish) can be found at;

http://www.ccleaner.com/download/builds/downloadbinslim

Link to post
Share on other sites
Andy Spragg

Andy Spragg

Posted
  • Author
Posted

Sorry, I already tried to reply to this and it came out as a new topic, no idea how. Try again ...

As well as all other 93.188.128.xx are showing as malicious .... please confirm

This thread caught my eye because I'm trying to troubleshoot a connection problem:

http://www.malwarebytes.org/forums/index.php?showtopic=23349

(which might be a complete red herring in this context) and I've been browsing my protection logs tonight for the first time. I have a months worth. Most of them are only 1-2k and just contain IP protection start and stop messages, but a few contain IP block alerts. In particular, the logs for yesterday and the two days before were 30, 52 and 23 k respectively. They're chock full of IP-BLOCK 93.188.128.xx messages - only for the three users of the PC, though, not for me with admin rights. I don't know if these blocks would also have popped up a system tray notification, but I presume someone would have mentioned something if the system tray went as hyper as the logs suggest it would have done. I have had one or two IP addresses blocked recently, that were alerted via the system tray, but there seems to be a lot more "silent" blocking going on than I was aware of. I also don't believe that all these three users would have been intentionally trying to connect to all the IP addresses in turn in the same range. Anyone know the explanation?

Andy

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

This is not a general forum for posting Andy. That is why your post was moved.

Staff and Experts are here to respond to user requests for concerns over a False Positive. If you have one yourself that you're reporting, even if its the same IP then you need to create your own post.

Thank you.

Link to post
Share on other sites
Andy Spragg

Andy Spragg

Posted
  • Author
Posted
This is not a general forum for posting Andy. That is why your post was moved.

Staff and Experts are here to respond to user requests for concerns over a False Positive. If you have one yourself that you're reporting, even if its the same IP then you need to create your own post.

Thank you.

<embarrassed>

Sorry ...

</embarrassed>

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept