0

Trend Micro detects ClipClip 1.0.990 as ransomware

Hello,

Upon installing the latest 1.0.990 version of ClipClip, Trend Micro reports the software as ransomware.

It first identifies the file: "C:\Program Files (x86)\ClipClip\is-CEF1O.tmp" as threat "Ransom_CRYPTEAR.SM". You can read their description here: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom_cryptear.b

Then, as ClipClip continues to work, it also reports the following:

  • "C:\Program Files (x86)\ClipClip\ClipClip.Clouds.dll" as "HEU_CDPLC016"
  • "C:\Users\machine\AppData\Local\Temp\is-7KO1I.tmp\cliC3FF.tmp.tmp" as "HEU_CDPLC004"
  • "C:\Program Files (x86)\ClipClip\ClipClip.Common.dll" as "Ransom_CRYPTEAR.SM"


With this many triggers, it definitely makes your ClipClip program look suspicious.

Trend Micro automatically removes the application and therefore the user is no longer able to use the program.

Would you be interested in working with Trend Micro to figure out what is going on here? Obviously, users of your product who have antivirus installed are not going to use your product anymore.

3 replies

Hello Yaroslav,

Please see the screenshot of Trend Micro Internet Security scanning the directory you mentioned. It clearly identifies ClipClip.exe as malware.

When I try reinstalling the latest version of the software, Trend Micro once again flags the software as ransomware and prevents installation. It would benefit you to work with Trend Micro to fix this issue.

Y

Dear user,

We again made tests. Look at the results:
https://imgur.com/0eiVNRH

Could you provide us with full information about your antivirus?
In addition, it will be helpful if you send us the "ClipClip.exe" file from your "C:\Program Files (x86)\ClipClip" folder. We will make tests with it using your version of Trend Micro antivirus on our computers.


Best Regards
Vitzo Team.

Hello Diogo -

After upgrading to ClipClip 2.1.2386, Trend Micro antivirus reports several files installed by your application as HEU_CDPLC004 and HEU_AEGISCS941. 

It also reports ClipClip.exe itself as ransomware making unauthorized changes. The antivirus removes your files and then requires a system restart to continue.

Could you please work with Trend Micro to ensure that this issue is resolved?

 

Y

Dear user,

Today we have checked ClipClip files (2.1.2386) with antivirus "Trend Micro". The folder path: "C:\Program Files (x86)\ClipClip"

Security scan result:
No Threads Found
Files scanned: 119
Threats resolved: 0
Browser cookies deleted: 0

Trend Micro Maximum Security
Version: 15.0.1212 - USOG395001.5747 (Component versions)
Type: Trial version
Expiration: 1/18/2019
Last update check: 12/18/2018 4:50 AM

Components are up-to-date


Maybe the following scenario will solve your issue:
- Close ClipClip app if it is running;
- Open "Programs and Features" app and uninstall ClipClip program;
- Visit "https://clipclip.com/" webpage to download the last ClipClip version;
- Install ClipClip app;
- Open "C:\Program Files (x86)" folder and right-click on "ClipClip" subfolder;
- Click "Scan for Security Threads" menu item in its context menu;


We hope this will help you.


Best Regards,
Vitzo Team.

Dear user,

Thank you for reporting this issue. It is definitely something we should worry about as we don't want our users to feel suspicious.

I can assure you that this is 100% false positive and I'll personally contact Trend Micro in order to whitelist our app.

I'll let you know once that is fixed.

Best Regards,

Diogo Alves @ ClipClip