Skip to main content

Active Protection Blaock CCleaner

Beginner
Posts: 2
Comments: 6

At random times, I get a notice from Active Protection  that it had blocked an attempt by CCleaner64.exe to modify a backup file.  It gives a file path of C:\Users\Owner\AppDa...E3D9212\hntcgiu4,tib.

I'm not sure what is going on here.  C Cleaner process is running . 

Forum Hero
Posts: 28
Comments: 9180
mvp

Top

Robert, the core function of AAP is to prevent any application other than ATI from modifying backup .TIB files as these are your means of recovery from malware / ransomware etc.

The path you mention for the file path in the AppData folders looks strange as I would not expect to find any Acronis .TIB files in this path and a quick search on my own computer gives no files found.

Regular Poster
Posts: 46
Comments: 235

Top

I notice that " C:\Users\Owner\AppDa...E3D9212\hntcgiu4,tib" ends with ",tib" rather than ".tib".  Is it possible that these are, in fact, just random characters and AAP is being a bit overcautious?

Forum Hero
Posts: 28
Comments: 9180
mvp

Top

Good question Patrick, will need the OP to say whether this was the case or a typing error?

Beginner
Posts: 2
Comments: 6

Top

Typing error, should be .tib, sorry.  I'm not sure why CCleaner is trying to modify the file, but I'd like to find a way to stop this.  I will also check on their forum, if they have one.

Forum Hero
Posts: 28
Comments: 9180
mvp

Top

Robert, have you actually gone to the .TIB file location and checked to see what this file is, i.e. what is the file size, can you double-click on it and browse the contents to show that it is actually an ATI image file etc?

As I said earlier, I can see no reason for a .TIB file to be in any of the AppData folders and have none on 3 different systems that I have checked.

One other thought here tho;, why not just setup an exclusion in CCleaner for *.tib files?  I also use CCleaner and have never seen it trying to touch an .tib files, so what version of CCleaner are you running?  Please ensure that it is not version 5.33 which was compromised with malware recently!  Upgrade to 5.35 if you don't already have it.

2017-10-05 20_55_45-Piriform CCleaner.png

See Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users

Beginner
Posts: 2
Comments: 6

Top

I have finally discovered where the file is and whose it is. It is part of temp file that is part of an installation package of flight sim scenery.  It is an ATI file.  I presume CCleaner was trying to remove the temp folder.   I will work forward from there.  I will also set up that exclusion.  Thanks.

Forum Hero
Posts: 28
Comments: 9180
mvp

Top

Robert, glad you have found the reason for the .tib file - the CCleaner exclusion should do the rest for you.  Thanks for giving your feedback.

Regular Poster
Posts: 40
Comments: 248

Top

In case you missed it, CCleaner had a recent hack in which malware was inserted into the released executable. I'd be extra cautious with it.