Windows 10: CCleaner: A Vast Number of Machines at Risk

I agree.

My two cents, I don't like Avast security software, I'm more of a NOD guy but that's my choice. Wouldn't be surprised that anti virus software gets hacked.

Still gonna use CCleaner until it probably gets bloated like PGP, Acronis and others that got taken over. Hope not... *Wink

 

I'm on Win10 64 bit and CCleaner 64 bit, However I was on the hacked version and updated to the "Safe" version before any of the hacked news came out.

So I checked HKLM\SOFTWARE\Piriform\ and the only subfolder is ccleaner no Agomo of any type, and scanned with Malwarebytes and WinDefender and nothing came up. Does this mean I'm in the clear or should I be looking at anything else?

 

You were clear from the start since you used the 64-bit version of ccleaner, it was only the 32-bit that was affected.

 

I moved away from Avast recently, I felt it was too bloated and intrusive.

 

MBAM found and removed the same "Trojan.Floxif" object on my laptop. Further scans found nothing else. Registry seems to be in good shape.
Edit: I had to manually search the .exe so MBAM could find it.

 

props to Talos Intelligence Group for coming up with a suitably clever headline for their blog post.

I use the portable versions of piriform softs, and actually delete the 32 bit executables because I never use them. I don't think I was ever in any danger from this, but I scanned with MBAM anyhow - nothing bad was found.

 

I did some experiment on a virtual machine with v5.33
At least, it is now detected by Windows Defender Antivirus & MalwareBytes









Code: Category: Backdoor Description: This program provides remote access to the computer it is installed on. Recommended action: Remove this software immediately. Items: taskscheduler:C:\Windows\System32\Tasks\CCleanerSkipUAC file:C:\Program Files\CCleaner\CCleaner.exe file:C:\Windows\System32\Tasks\CCleanerSkipUAC regkey:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53F0D184-E624-492B-9E46-099A892E7B7B} regkey:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC Get more information about this item online.[/quote]








This confirm that the malware is only detected in the 32bits version (in CCleaner.exe only but not CCleaner64.exe)

 

IMPORTANT: If You're A CCleaner User You Need To Read This. | Gizmo's Freeware

Well, make of it what you will. Nothing to lose by updating.. I guess!

 

Last night I went to update my wife's really old free version of CC and the website gave her computer an AVAST scan which I wasn't that pleased about. Later her AV indicated that when it did so it dropped two adware type infections on the machine. Think I'll be leaving ex- Piriform/AVAST products permanently.

 

Avast opens up about CCleaner hack and outlines how it will protect users

 

Interesting. Seems there is more going on that we know about...

 

In another forum I use, most users seem to be jumping ship of CC. Does anyone in here think this is really necessary at this point if you are using 64bit? I have used CC for so long, I guess i am to complacent in my thinking of it, maybe, but right now I think I will continue to use it. Using Windows Defender, MBAM (with rootkit scans, regular HitmanPro and regular EEK scans will hopefully keep me aware if a problem presents itself. Fingers crossed.

 

Sounds like Avast is initiating damage control and now in conflict with Cisco Talos in regards to who was first to identify and analyze the behavior of the malicious code. It was Cisco Talos to registry the suspected domains.

Always thought Avast used shady business tactics in promoting their products.

 

1st off let me say this, its entirely up to the user if they want to remove CCleaner. That is there choice. *Smile
I have been running CCleaner for years the Pro version. I had no infections, no issues. I have no intention of removing my registered version.
On another note, I've also read that installing the latest update for CCleaner 5.34 and CCleaner Cloud 1.07.3214 that it removes the Floxif malware, which I didn't know till recently. So even if a user didn't use a program like MB to remove the malware, latest CCleaner update does this automatically.

Again its up to every individual user to decide what they feel is best for them.

 

For people who use such software as CCleaner, or any other "cleaners" or "optimizers", on their Windows machines this particular issue should not be an issue at all: one virus more, one virus less - it makes no difference. Who cares?