Trend Micro detects ClipClip 1.0.990 as ransomware


Upon installing the latest 1.0.990 version of ClipClip, Trend Micro reports the software as ransomware.

It first identifies the file: "C:\Program Files (x86)\ClipClip\is-CEF1O.tmp" as threat "Ransom_CRYPTEAR.SM". You can read their description here: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom_cryptear.b

Then, as ClipClip continues to work, it also reports the following:

  • "C:\Program Files (x86)\ClipClip\ClipClip.Clouds.dll" as "HEU_CDPLC016"
  • "C:\Users\machine\AppData\Local\Temp\is-7KO1I.tmp\cliC3FF.tmp.tmp" as "HEU_CDPLC004"
  • "C:\Program Files (x86)\ClipClip\ClipClip.Common.dll" as "Ransom_CRYPTEAR.SM"

With this many triggers, it definitely makes your ClipClip program look suspicious.

Trend Micro automatically removes the application and therefore the user is no longer able to use the program.

Would you be interested in working with Trend Micro to figure out what is going on here? Obviously, users of your product who have antivirus installed are not going to use your product anymore.

1 reply

Dear user,

Thank you for reporting this issue. It is definitely something we should worry about as we don't want our users to feel suspicious.

I can assure you that this is 100% false positive and I'll personally contact Trend Micro in order to whitelist our app.

I'll let you know once that is fixed.

Best Regards,

Diogo Alves @ ClipClip