CCleaner: A Vast Number of Machines at Risk

Page 3 of 14 FirstFirst 1234513 ... LastLast
  1. Fisher Mann's Avatar
    Posts : 477
    Win 10 Pro x64 19645 Fast
       #20

    I submitted the detection to Piraform and to Malwarebytes. Just hoping it's a false positive but too many circumstances lead me to believe this may just be an another attack on CCleaner. Had that program many, many years, now I am wondering about keeping it.

    Turns out that was Ransomware. Deep Scanning that machine with WD now. 32 bit machine scanned and found nothing devious.

    I don't know what triggers ransomware, but I have not cold started the machine in several days and use hibernate at night. It is also Bit Lockered if that mattered.
    Last edited by Fisher Mann; 18 Sep 2017 at 10:10.
      My Computers

  2. Gordon7's Avatar
    Posts : 182
    Win 10 rs1 - build 14393.1944
       #21

    From Talos; people that had ver. 5.33 installed ask this:

    CCleaner: A Vast Number of Machines at Risk-magical-snap-2017.09.18-17.08-001.png

    CCleaner: A Vast Number of Machines at Risk-magical-snap-2017.09.18-17.09-002.png

    http://blog.talosintelligence.com/20...s-malware.html
      My Computer

  3. EdTittel's Avatar
    Posts : 4,100
    Windows 10
       #22

    Holy cruft! All copies of the ccsetup533 on all of my PCs were infected. I just blogged about this here with some specific remediation advice. Ouch! CCleaner 5.33 32-bit Carries Malicious Payload - Windows Enterprise Desktop
    Thanks again for passing this along, Swarfega/Tweakhound/Talos.
    --Ed--
      My Computers

  4. z3r010's Avatar
    Posts : 9,903
    Windows 10 Workstation x64
       #23

    EdTittel said:
    Holy cruft! All copies of the ccsetup533 on all of my PCs were infected. I just blogged about this here with some specific remediation advice. Ouch! CCleaner 5.33 32-bit Carries Malicious Payload - Windows Enterprise Desktop
    Thanks again for passing this along, Swarfega/Tweakhound/Talos.
    --Ed--
    Unlucky Ed
      My Computers


  5. Posts : 79
    Windows 7
       #24

    Seems even Ccleaner 64-bit may have had Trojan.Nyetya in the pile.

    Malwarebytes did find and quarantine, doing scans as I type.

    It's a good day for paranoia, K9 attempted to eat iPhone today[emoji849].
      My Computer

  6. Fisher Mann's Avatar
    Posts : 477
    Win 10 Pro x64 19645 Fast
       #25

    Frozenoem1 said:
    Seems even Ccleaner 64-bit may have had Trojan.Nyetya in the pile.

    Malwarebytes did find and quarantine, doing scans as I type.

    It's a good day for paranoia, K9 attempted to eat iPhone today[emoji849].
    That's what I had. Malwarebytes picked it up. It's Ransomware!!! Sent to Piraform.
      My Computers

  7. Fisher Mann's Avatar
    Posts : 477
    Win 10 Pro x64 19645 Fast
       #26

    After Malwarebytes quarantined the Trojan ran another scan with it and then deep full scan with WD no further threats found.
    Feel lucky...so far.
      My Computers

  8. sygnus21's Avatar
    Posts : 5,342
    Win 10 Pro (x64) 20H2 (19042.906)
       #27

    This is disturbing as this could happen to any common third party app that's free and widely distributed. Guess we need to be extra cautious when downloading such apps now. This is why I also do a manual scan before opening anything. Still...
      My Computers

  9. Fisher Mann's Avatar
    Posts : 477
    Win 10 Pro x64 19645 Fast
       #28

    sygnus21 said:
    This is disturbing as this could happen to any common third party app that's free and widely distributed. Guess we need to be extra cautious when downloading such apps now. This is why I also do a manual scan before opening anything. Still...
    My CC was the paid Pro version which I've had for years. So who knows anymore, It's getting to be a minefield out there.
      My Computers

  10. Wiley Coyote's Avatar
    Posts : 1,097
    Windows 10 Home x64 Version 1809 (OS Build 17763.437)
       #29

    Frozenoem1 said:
    ...It's a good day for paranoia...[emoji849].
    Ran a Defender full scan, MBAM & AdwCleaner all came up clean. Even did the Registry search as mentioned above with no hits. This is making me paranoid for sure.

    Edit:

    2 hours later and I've scanned this thing with everything but a cat and it still comes up clean. This usually isn't the way my luck runs, but I'll take it.
    Last edited by Wiley Coyote; 18 Sep 2017 at 13:59.
      My Computer


 
Page 3 of 14 FirstFirst 1234513 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 23:45.
Find Us




Windows 10 Forums