Malware Hits PC Cleanup Tool CCleaner

Malware Hits PC Cleanup Tool CCleaner

Malware Hits PC Cleanup Tool CCleaner

Or from ***Reuters***


So if you have version 5.33.6162 of CCleaner, uninstall it and run antivirus or an antimalware program like Malware Bytes. You'd only have gotten it if you downloaded in August or early September. Piriform has a new version up for download now.

According to How-To Geek it was only the 32 bit version of 5.33.6162 that was affected. Read about it here.

If you have 64 bit Windows, CCleaner installs its 64 bit version. Right-click on the CCleaner shortcut and select Properties. If it says "C:\Program Files\CCleaner\CCleaner64.exe", then you have the 64 bit version.

When I tried to update to V5.34, my AV said it caught a trojan. Will check into this more tomorrow.

I already have version 5.34 and there's been no sign of any malware or virus.

[I run Win7 Enterprise 64-bit.]

I'm not updating till this is figured out...

What version do you have?
If you have an earlier version than version 5.33 you are fine.
If you have version 5.33 you should get rid of it.

Yes... what Jenny said. Get v.5.34 ASAP. The problem is NOT getting it. I kept being sent to File Hippo when I tried to update through the application. So I went to the Piriform website and downloaded 5.34 from there with no problems. No alerts from Defender about the trojan.

Downloaded 5.34 :-)

My Webroot antivirus caught the Trojan in CCLeaner. At first I thought it was a false positive, but it was pretty adamant. I went online and found the article and updated right away to 5.34. BTW...I have 64 bit and the virus was there.

CCleaner updates so much, I usually skip a few. Guess I got unlucky on the one I chose.

How odd that you got it, JKEerie !!

I have Win7 64-bit and have used every CCleaner update without any problems whatsoever ....

EDIT :

Just received an "auto" download for CCleaner to version 5.35 !! So maybe 5.34 had a problem

My Windows Defender picked it up right away too. Mad, if you used a version before 5.34 to clean your computer and your anti-virus didn't pick it up, you were mostly likely a victim and wouldn't know it.

Even if your version was like 5.28

Hi Mad! Apparently, some 64 bit systems were potentially impacted via a secondary payload. Fortunately, that How to Geek article showed a way to look into your registry to see if you were potentially infected. I did so and don't have the key indicator.

Between this and the Equifax debacle, I'm feeling less and less secure these days!

Well I run Norton scans on a regular basis and throw in a Malwarebytes quite often also and neither have sounded any alarms.

I'll get my Son in Law to do a registry check for anything offensive but I'm pretty sure my machine is clean

This particular malware didn't install any malicious programs or spyware on your computer - it collected information and then got out. The registry check is a good idea. I did it and was relieve to find I didn't have it either because I'm pretty sure I ran the previous version about a month ago.

Info about the registry entry to look for. https://www.ghacks.net/2017/09/21/ccleaner-malware-second-payload-discovered/


JK, the Equifax debacle is bad enough, but how they handled it just makes me furious.

No, only version 5.33 was infected.

Yes, only 5.33 as Jenny said. Sorry, I missed that post.

I agree with you there, Drac, regarding Equifax. I ended up with the notification that my info was compromised, so I froze my credit. I already had alerts on as part of my ID theft protection through AARP. Still...we're supposed to be able to trust companies, banks, software providers, etc to have adequate security measures in place to keep us "safe." I don't think that is possible anymore and we all need to be very vigilant.

Yup... Reading through the timeline of this breach is just mind-boggling. The hackers were wandering around in their system for months before they found it.

Wouldn't be at all surprised if Equifax is basically history after this mess . By the way Drac , just in case you had not known , Avast purchased Piriform some time ago , so , Ccleaner is an Avast tool now .

Yes, I know about Piriform being purchased by Avast - was very disappointed to hear it.

There are now reports that the CCleaner breach was part of a targeted attack.
https://www.wired.com/story/ccleaner-malware-targeted-tech-firms/

Some people believe that reformatting and restoring from a backup is the only way to be sure there isn't a lingering infection. Here's what Cisco's Talos Intelligence posted about it.
http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html


and discussions at slashdot, including why 32-bit computers were targeted (more apt to be old business machines).
https://it.slashdot.org/story/17/09/21/1...ific-tech-firms

I don't plan on recommending CCleaner anymore, unless they already have an old version they downloaded months ago and none of the improvements listed in the version history apply to them.
https://www.piriform.com/ccleaner/version-history

I didn't realize Avast had bought Piriform (on July 2017 according to Wikipedia), though that alone wouldn't make me avoid CCleaner. I can't find any info on how CCleaner v5.33 was infected. If it was an inside job by an employee, it could happen again.

+_+_+_+_+_+_+_+_+

Equifax hired a music major as chief security officer
http://www.marketwatch.com/story/equifax...icer-2017-09-15

Equifax set up a website that was supposed to tell you if you were "potentially" affected at
https://www.equifaxsecurity2017.com
However people have reported getting conflicting results -- sometimes it says yes, sometimes no for the same individual. It's been suggested this site is just a way to get people to enroll in their credit monitoring service, which may be "free" at the moment but will start charging later, attempting to profit after the breach.

Very troubling news about CCleaner...

Signing up for the Equifax free credit monitoring also includes signing away your rights to joining a class action lawsuit in the future. They are REALLY getting slammed for that.

Being an ignoramus, Draclvr

Is Windows Defender used on other Windows versions than Win10 ??

I think Windows Defender started with Vista - and supports every operating system since. It's on my Windows 7 computer.

Windows Defender on versions previous to Windows 8 was more of an anti-spam program. Starting with Windows 8, it was a full-fledged anti-virus program, albeit not a very good one. It replaced the old Microsoft Security Essentials. It has slowly been improved greatly, but I'm not sure where it stands with the paid anti-virus programs now. It used to rank towards the middle or lower. I really like using it with Malwarebytes Pro.

Thanks for that info, Marian and Draclvr

EDIT :

My Son in Law kindly checked the registry on my Win7 machine for me, and, as we both fully expected, there were no aliens present !!

I have every confidence in my "Norton and Malwarebytes" security combination

Well reading through this thread again, no one actually seems to have suffered a successful attack

So far, so good anyway! That's always good news!