CCleaner: A Vast Number of Machines at Risk

Page 2 of 14 FirstFirst 123412 ... LastLast
  1. Josey Wales's Avatar
    Posts : 17,424
    Win 10 RS5 64 Bit
       18 Sep 2017 #10

    CCleaner Hacked

    CCleaner Hacked - Malware Spread to 2.2 Million Users - MajorGeeks

    Here is the official summary and apology:

    "We would like to apologize for a security incident that we have recently found in CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191. A suspicious activity was identified on September 12th, 2017, where we saw an unknown IP address receiving data from software found in version 5.33.6162 of CCleaner, and CCleaner Cloud version 1.07.3191, on 32-bit Windows systems. Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process. We also immediately contacted law enforcement units and worked with them on resolving the issue. Before delving into the technical details, let me say that the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version. Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm.

    Technical description
    An unauthorized modification of the CCleaner.exe binary resulted in an insertion of a two-stage backdoor capable of running code received from a remote IP address on affected systems.

    The malware was also programmed to collect a bunch of user data, including:

    Name of the computer
    List of installed software, including Windows updates
    List of running processes
    MAC addresses of first three network adapters
    Additional information whether the process is running with administrator privileges, whether it is a 64-bit system, etc.

    Talos’ report warns that the malware was found in CCleaner version 5.33, which was actively distributed between August 15 and September 12. What is particularly jarring is that it appears the infected app was signed with a valid certificate Symantec issued to Piriform (recently acquired by Avast)."

    Be sure to update your CCleaner immediately with version 5.34.6207 or better yet, get a better drive cleaner and replace it with Wise Disk Cleaner. It would also be a good idea to scan your system with a trusted application like Malwarebytes.

    Click image for larger version. 

Name:	ccleaner 1.jpg 
Views:	177 
Size:	34.4 KB 
ID:	153944
      My ComputerSystem Spec

  2. Fisher Mann's Avatar
    Posts : 321
    Win 10 Pro x64 18277 Fast
       18 Sep 2017 #11

    I just ran a scan on my 64 bit machine and this is what I got:
    This is CC Pro version.

    Click image for larger version. 

Name:	CC Cleaner.JPG 
Views:	176 
Size:	21.2 KB 
ID:	153946

    Click image for larger version. 

Name:	CC Version.JPG 
Views:	176 
Size:	21.4 KB 
ID:	153947
      My ComputersSystem Spec

  3. axe0's Avatar
    Posts : 13,858
    Windows 10 Pro
       18 Sep 2017 #12

    For some easier ID'ing if you've been infected, search in HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner\Agomo for the following keys values
    - MUID: randomly generated number identifying a particular system. Possibly also to be used as communication encryption key.
    - TCID: timer value used for checking whether to perform certain actions (communication, etc.)
    - NID: IP address of secondary CnC server
    If they are present, you're infected!

    Addionally, the Agomo key should not be present in your registry.
    Last edited by axe0; 18 Sep 2017 at 09:30. Reason: Correction
      My ComputersSystem Spec

  4. Wiley Coyote's Avatar
    Posts : 1,052
    Windows 10 Home x64 Version 1809 (OS Build 17763.253)
       18 Sep 2017 #13

    HUMPH! My complaint about the last CCleaner update installing AVAST even after I declined pales in comparison to this.
      My ComputerSystem Spec

  5. Josey Wales's Avatar
    Posts : 17,424
    Win 10 RS5 64 Bit
       18 Sep 2017 #14

    axe0 said: View Post
    For some easier ID'ing if you've been infected, search in HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner\Agomo for the following keys

    If they are present, you're infected!
    Thanks for the info Mine is clean.
      My ComputerSystem Spec

  6. Posts : 237
    Microsoft Windows 10 x64
       18 Sep 2017 #15

    having CCleaner 5.34.6207 (64bits) Tech Edition
    Just run MalwareByte

    nothing detected
      My ComputerSystem Spec

  7. Berton's Avatar
    Posts : 5,877
    Win10 Home and Pro, Win10 Insider Preview, WinXP Home Premium, Linux Mint
       18 Sep 2017 #16

    I use the Portable versions of Piriform's programs, nothing installed.
      My ComputerSystem Spec

  8.    18 Sep 2017 #17

    Berton said: View Post
    I use the Portable versions of Piriform's programs, nothing installed.
    Probably a good idea.

    Are there any possible downsides to that?

    Wondering if Speccy is next?

    A buyout by Avast can't be good in the long run. Maybe a reduction in the features of the free versions as they attempt to get paid for their buyout.
      My ComputerSystem Spec

  9.    18 Sep 2017 #18

    Speccy isn't as well known as ccleaner so there won't be so many victims for them.
      My ComputersSystem Spec

  10. Josey Wales's Avatar
    Posts : 17,424
    Win 10 RS5 64 Bit
       18 Sep 2017 #19

    No one is 100% safe, if you want to be pull your Ethernet plug and play solitaire all day.:)
      My ComputerSystem Spec

Page 2 of 14 FirstFirst 123412 ... LastLast

Related Threads
Router flaws put ATT customers at hacking risk | ZDNet
Just an FYI.. I received this on two machines yesterday evening. MS should word it better, or something. In a nutshell it just means Windows hasn't auto checked/installed the latest updates yet. I manually checked, and everything went well, and...
After the last XBOX ONE update my RISK game will not play. It gets as far as connecting to the UBISOFT server, locks up, and kicks me back out to the Home screen. I went through the whole XBOX ONE Game Won't Start trouble shooter, ...
Is upgrading to Win 10 to much of a risk? in Installation and Upgrade
I WAS planing to do the in-place upgrade to Windows 10, and then do a clean install after that. But I got a message that a friend of mine tried the in place upgrade and it fried her CPU! Now she has no computer, and can't afford to do anything...
Draconian OS W10 putting kids at added risk? in User Accounts and Family Safety
MS REQUIRES you to use their privacy obliterating online account in order to be able to set up family filters in W10. Does anyone else find this to be completely and absolutely unacceptable? The content filter was a fairly helpful tool. Now MS...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 21:22.
Find Us