Page 12 of 14 FirstFirst ... 21011121314 LastLast
  1.    22 Sep 2017 #111
    Join Date : Sep 2017
    Posts : 2
    Windows 10

    What I don't understand is that the second play load checks for 32bit or 64bit and gets either a 32bit or 64bit dll. But on a 64bit system, the 64bit ccleaner isn't infected just the ccleaner.exe. (32bit version).

    I'm also wondering if the virus is active only when ccleaner is running in the system tray and if the first and second payload is even able to drop if ccleaner on a 32bit machine isn't running in the system tray and that feature is turned off. As this is the first feature of ccleaner I turn off upon installation.

    I'm also wondering if it even goes through with the 2nd payload if the IP address it collects from the user in stage 1 doesn't match a large tech company.
      My ComputerSystem Spec
  2.    22 Sep 2017 #112
    Join Date : Jul 2015
    Posts : 229
    Windows 10 Pro

    For anyone using ccleaner, make sure to remove this after you make it upgrade.

    Click image for larger version. 

Name:	2017-09-22.png 
Views:	44 
Size:	307.8 KB 
ID:	154595

    And this is using the 64 bit version only btw.

    Click image for larger version. 

Name:	2017-09-22 (1).png 
Views:	15 
Size:	83.2 KB 
ID:	154596
      My ComputerSystem Spec
  3.    23 Sep 2017 #113
    Join Date : Sep 2017
    Posts : 2
    Windows 10

    Quote Originally Posted by vgchat View Post
    For anyone using ccleaner, make sure to remove this after you make it upgrade.

    Click image for larger version. 

Name:	2017-09-22.png 
Views:	44 
Size:	307.8 KB 
ID:	154595

    And this is using the 64 bit version only btw.

    Click image for larger version. 

Name:	2017-09-22 (1).png 
Views:	15 
Size:	83.2 KB 
ID:	154596
    That's because the 32bit and 64bit are packaged in the same installer. It unpacked the installer and flagged ccleaner (32bit). it's also just in your temporary internet folder from downloading ccleaner. Probably wouldn't do any harm just sitting there. Only if you run it.
      My ComputerSystem Spec
  4.    24 Sep 2017 #114
    Join Date : May 2016
    Massachusetts
    Posts : 239
    Windows 10 Pro 32-bit

    I've read all of the posts and the only the CCleaner 32-bit v5.33 is supposed to be affected.
    I picked up a 64-bit desktop last week and turned it on yesterday and it has CCleaner 64-bit v5.35 with Floxif on it.
    When I booted up the computer, Windows Defender notified me and I let WD remove it after taking the following screenshots.
    In post #113, it's mentioned ""That's because the 32bit and 64bit are packaged in the same installer. It unpacked the installer and flagged ccleaner (32bit). I suspect that's possible, but that just proves a 64bit can be affected.
    I don't recall which posts it has been mentioned, but it seems v5.35 is supposed to remove whichever infection from v5.33 is included.
    That didn't happen on the computer I picked up.
    Anyway I immediately had Windows Defender remove Floxif but didn't read all of the posts until the computer was cleaned out.
    Click image for larger version. 

Name:	64-bit CCleaner v5_35 with Floxif Sep 23.PNG 
Views:	123 
Size:	31.4 KB 
ID:	154792
      My ComputerSystem Spec
  5.    24 Sep 2017 #115
    Join Date : Mar 2017
    Posts : 5,734
    64-bit Windows 10 Pro

    Quote Originally Posted by JohnBurns View Post
    I agree, with CC and recently Kaspersky AntiVirus I have made decisions for myself, which many users in these forums disagree with. It's all personal judgment and none of us seem to be perfect in that lol. None of the apps are perfect either, I guess.
    Kaspersky AV is OK to use. The story about them is BS.
      My ComputerSystem Spec
  6.    24 Sep 2017 #116
    Join Date : Oct 2014
    Arnold, MD
    Posts : 28,966
    Triple boot - Win 10 Pro, Win 10 Pro Insider (2) - (and a sprinkling of VMs)

    Quote Originally Posted by MeAndMyComputer View Post
    I've read all of the posts and the only the CCleaner 32-bit v5.33 is supposed to be affected.
    I picked up a 64-bit desktop last week and turned it on yesterday and it has CCleaner 64-bit v5.35 with Floxif on it.
    When I booted up the computer, Windows Defender notified me and I let WD remove it after taking the following screenshots.
    In post #113, it's mentioned ""That's because the 32bit and 64bit are packaged in the same installer. It unpacked the installer and flagged ccleaner (32bit). I suspect that's possible, but that just proves a 64bit can be affected.
    I don't recall which posts it has been mentioned, but it seems v5.35 is supposed to remove whichever infection from v5.33 is included.
    That didn't happen on the computer I picked up.
    Anyway I immediately had Windows Defender remove Floxif but didn't read all of the posts until the computer was cleaned out.
    Click image for larger version. 

Name:	64-bit CCleaner v5_35 with Floxif Sep 23.PNG 
Views:	123 
Size:	31.4 KB 
ID:	154792
    You're fine now. 5.35 was issued only because the package was re-certified with a new signed certificate. The one from previous versions had the old certification signature from Symantec.
      My ComputersSystem Spec
  7.    24 Sep 2017 #117
    Join Date : Feb 2016
    Posts : 44
    Windows 10

    The portable version of CCleaner is safe. I don't see why anyone would use the install version... and that goes for lots of other software.
      My ComputerSystem Spec
  8.    24 Sep 2017 #118
    Join Date : Jan 2014
    Central West NSW Australia
    Posts : 803
    7 and 10 on various machines

    Quote Originally Posted by Josey Wales View Post
    Kaspersky AV is OK to use. The story about them is BS.
    Agreed I have used Kaspersky for the last seven years and apart for a little dummy spit once with the trial version of MBAM not a hint of anything crap. I have yet to try out the free version but from what I can make of it it lacks only a few features of the paid for and some of those I don't use anyway.
      My ComputerSystem Spec
  9.    24 Sep 2017 #119
    Join Date : Mar 2017
    Posts : 43
    W10 Pro 64, version 1703

    Quote Originally Posted by ICIT2LOL View Post
    Agreed I have used Kaspersky for the last seven years and apart for a little dummy spit once with the trial version of MBAM not a hint of anything crap. I have yet to try out the free version but from what I can make of it it lacks only a few features of the paid for and some of those I don't use anyway.
    ICIT, I've had Kaspersky for a few years now and my experience has been very good just like yours.
      My ComputerSystem Spec
  10.    25 Sep 2017 #120
    Join Date : Jan 2014
    Central West NSW Australia
    Posts : 803
    7 and 10 on various machines

    Quote Originally Posted by DC10 View Post
    ICIT, I've had Kaspersky for a few years now and my experience has been very good just like yours.
    Yes mate I have had no issues with it really and it is so cheap and I keep thinking I should try the free version because looking at it there are very few features it doesn't have that are in the paid for and rankly I don't use.
      My ComputerSystem Spec

 
Page 12 of 14 FirstFirst ... 21011121314 LastLast


Similar Threads
Thread Forum
Router flaws put AT&T customers at hacking risk
Router flaws put ATT customers at hacking risk | ZDNet
Windows 10 News
Your Device Is At Risk Because It’s Out Of Date Message In Windows 10
Just an FYI.. I received this on two machines yesterday evening. MS should word it better, or something. In a nutshell it just means Windows hasn't auto checked/installed the latest updates yet. I manually checked, and everything went well, and...
Windows Updates and Activation
RISK will not play after last XBOB ONE update.
After the last XBOX ONE update my RISK game will not play. It gets as far as connecting to the UBISOFT server, locks up, and kicks me back out to the Home screen. I went through the whole XBOX ONE Game Won't Start trouble shooter, ...
Gaming
Is upgrading to Win 10 to much of a risk?
I WAS planing to do the in-place upgrade to Windows 10, and then do a clean install after that. But I got a message that a friend of mine tried the in place upgrade and it fried her CPU! Now she has no computer, and can't afford to do anything...
Installation and Upgrade
Draconian OS W10 putting kids at added risk?
MS REQUIRES you to use their privacy obliterating online account in order to be able to set up family filters in W10. Does anyone else find this to be completely and absolutely unacceptable? The content filter was a fairly helpful tool. Now MS...
User Accounts and Family Safety
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 23:23.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums