Page 2 of 14 FirstFirst 123412 ... LastLast
  1.    18 Sep 2017 #11
    Join Date : Mar 2017
    Posts : 5,734
    64-bit Windows 10 Pro

    CCleaner Hacked

    CCleaner Hacked - Malware Spread to 2.2 Million Users - MajorGeeks

    Here is the official summary and apology:

    "We would like to apologize for a security incident that we have recently found in CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191. A suspicious activity was identified on September 12th, 2017, where we saw an unknown IP address receiving data from software found in version 5.33.6162 of CCleaner, and CCleaner Cloud version 1.07.3191, on 32-bit Windows systems. Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process. We also immediately contacted law enforcement units and worked with them on resolving the issue. Before delving into the technical details, let me say that the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version. Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm.

    Technical description
    An unauthorized modification of the CCleaner.exe binary resulted in an insertion of a two-stage backdoor capable of running code received from a remote IP address on affected systems.

    The malware was also programmed to collect a bunch of user data, including:

    Name of the computer
    List of installed software, including Windows updates
    List of running processes
    MAC addresses of first three network adapters
    Additional information whether the process is running with administrator privileges, whether it is a 64-bit system, etc.

    Talos’ report warns that the malware was found in CCleaner version 5.33, which was actively distributed between August 15 and September 12. What is particularly jarring is that it appears the infected app was signed with a valid certificate Symantec issued to Piriform (recently acquired by Avast)."

    Be sure to update your CCleaner immediately with version 5.34.6207 or better yet, get a better drive cleaner and replace it with Wise Disk Cleaner. It would also be a good idea to scan your system with a trusted application like Malwarebytes.

    Click image for larger version. 

Name:	ccleaner 1.jpg 
Views:	176 
Size:	34.4 KB 
ID:	153944
      My ComputerSystem Spec
  2.    18 Sep 2017 #12
    Join Date : Apr 2017
    Mountains of Western NC
    Posts : 295
    Win 10 Pro x64 17040 Skippy

    I just ran a scan on my 64 bit machine and this is what I got:
    This is CC Pro version.

    Click image for larger version. 

Name:	CC Cleaner.JPG 
Views:	175 
Size:	21.2 KB 
ID:	153946

    Click image for larger version. 

Name:	CC Version.JPG 
Views:	175 
Size:	21.4 KB 
ID:	153947
      My ComputersSystem Spec
  3.    18 Sep 2017 #13
    Join Date : Jun 2015
    Posts : 12,858
    Windows 10 Pro

    For some easier ID'ing if you've been infected, search in HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner\Agomo for the following keys values
    - MUID: randomly generated number identifying a particular system. Possibly also to be used as communication encryption key.
    - TCID: timer value used for checking whether to perform certain actions (communication, etc.)
    - NID: IP address of secondary CnC server
    If they are present, you're infected!

    Addionally, the Agomo key should not be present in your registry.
    Last edited by axe0; 18 Sep 2017 at 09:30. Reason: Correction
      My ComputersSystem Spec
  4.    18 Sep 2017 #14
    Join Date : Feb 2017
    Posts : 479
    Windows 10 Home x64, V1709 (16299.64)

    HUMPH! My complaint about the last CCleaner update installing AVAST even after I declined pales in comparison to this.
      My ComputersSystem Spec
  5.    18 Sep 2017 #15
    Join Date : Mar 2017
    Posts : 5,734
    64-bit Windows 10 Pro

    Quote Originally Posted by axe0 View Post
    For some easier ID'ing if you've been infected, search in HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner\Agomo for the following keys

    If they are present, you're infected!
    Thanks for the info Mine is clean.
      My ComputerSystem Spec
  6.    18 Sep 2017 #16
    Join Date : Oct 2016
    Posts : 134
    Microsoft Windows 10 x64

    having CCleaner 5.34.6207 (64bits) Tech Edition
    Just run MalwareByte

    nothing detected
      My ComputerSystem Spec
  7.    18 Sep 2017 #17
    Join Date : Aug 2014
    Forever West
    Posts : 3,922
    Win10 Home and Pro, Win10 Insider Preview, Win7 Home, Linux Mint

    I use the Portable versions of Piriform's programs, nothing installed.
      My ComputerSystem Spec
  8.    18 Sep 2017 #18
    Join Date : Aug 2014
    Posts : 169
    Windows 10 Home, 64-bit

    Quote Originally Posted by Berton View Post
    I use the Portable versions of Piriform's programs, nothing installed.
    Probably a good idea.

    Are there any possible downsides to that?

    Wondering if Speccy is next?

    A buyout by Avast can't be good in the long run. Maybe a reduction in the features of the free versions as they attempt to get paid for their buyout.
      My ComputerSystem Spec
  9.    18 Sep 2017 #19

    Speccy isn't as well known as ccleaner so there won't be so many victims for them.
      My ComputersSystem Spec
  10.    18 Sep 2017 #20
    Join Date : Mar 2017
    Posts : 5,734
    64-bit Windows 10 Pro

    No one is 100% safe, if you want to be pull your Ethernet plug and play solitaire all day.
      My ComputerSystem Spec

Page 2 of 14 FirstFirst 123412 ... LastLast

Similar Threads
Thread Forum
Router flaws put AT&T customers at hacking risk
Router flaws put ATT customers at hacking risk | ZDNet
Windows 10 News
Your Device Is At Risk Because It’s Out Of Date Message In Windows 10
Just an FYI.. I received this on two machines yesterday evening. MS should word it better, or something. In a nutshell it just means Windows hasn't auto checked/installed the latest updates yet. I manually checked, and everything went well, and...
Windows Updates and Activation
RISK will not play after last XBOB ONE update.
After the last XBOX ONE update my RISK game will not play. It gets as far as connecting to the UBISOFT server, locks up, and kicks me back out to the Home screen. I went through the whole XBOX ONE Game Won't Start trouble shooter, ...
Is upgrading to Win 10 to much of a risk?
I WAS planing to do the in-place upgrade to Windows 10, and then do a clean install after that. But I got a message that a friend of mine tried the in place upgrade and it fried her CPU! Now she has no computer, and can't afford to do anything...
Installation and Upgrade
Draconian OS W10 putting kids at added risk?
MS REQUIRES you to use their privacy obliterating online account in order to be able to set up family filters in W10. Does anyone else find this to be completely and absolutely unacceptable? The content filter was a fairly helpful tool. Now MS...
User Accounts and Family Safety
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 23:24.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App

Windows 10 Forums