Windows 10: CCleaner: A Vast Number of Machines at Risk

Page 6 of 14 FirstFirst ... 45678 ... LastLast
  1.    18 Sep 2017 #51

    Bwahaha! AVAST distributing malware.... I'll just stick with MS provided Defender for now.
      My ComputerSystem Spec


  2. Posts : 540
    Windows 10 Home x64, V1709 (16299.248)
       18 Sep 2017 #52

    NavyLCDR said: View Post
    ... AVAST distributing malware....
    I knew I couldn't be the only one to see the irony in this.
      My ComputersSystem Spec


  3. Posts : 1,647
    W7 Ultimate SP1 (64 bit), LM 18.3 MATE (64 bit), W10 Home (64 bit)
       18 Sep 2017 #53

    Registry Key is irrelevant


    Josey Wales said: View Post
    No one is 100% safe, if you want to be pull your Ethernet plug and play solitaire all day.
    Old games (like the ones I have) don't require 24/7 Internet access either.

    It seems the installer I downloaded is clean.
    Regedit can't find "Agomo" on any of my PCs or VMs (XP, W7 & W10 - 32 bit or 64 bit).

    Update
    It looks like the Registry Key is irrelevant!

    MBAM just detected something on my main PC ("funnily enough" Avast detected nothing).

    Click image for larger version. 

Name:	MBAM - CCleaner Malware.png 
Views:	23 
Size:	55.3 KB 
ID:	154015
    Last edited by lehnerus2000; 18 Sep 2017 at 20:19. Reason: Update
      My ComputerSystem Spec


  4. Posts : 13,164
    Windows 10 Pro
       18 Sep 2017 #54

    lehnerus2000 said: View Post
    Old games (like the ones I have) don't require 24/7 Internet access either.

    It seems the installer I downloaded is clean.
    Regedit can't find "Agomo" on any of my PCs or VMs (XP, W7 & W10 - 32 bit or 64 bit).

    Update
    It looks like the Registry Key is irrelevant!

    MBAM just detected something on my main PC ("funnily enough" Avast detected nothing).

    Click image for larger version. 

Name:	MBAM - CCleaner Malware.png 
Views:	23 
Size:	55.3 KB 
ID:	154015
    The registry keys are relevant, Mbam detected the malicious code that begin everything.
    The first stage of the payloader loads a dll into memory and executes the dll that contains all important functionality including the registry part.
      My ComputersSystem Spec


  5. Posts : 3,086
    10.4 Home 1709 x64
       19 Sep 2017 #55

    OldMike65 said: View Post
    Think some of you folks are getting carried away on this......Never removed mine, and I have no issues, no threats, nothing....everything checks out just fine.
    Indeed, all this malware does, that it collects some system info, pretty much every software does that.

    Secondly, taking control over remote devices using cloud version, every remote software is deceptible to this, TeamViewer had been hacked and had its installer altered a few times, so that is to be expected from cloud.

    First of all, the bottom line is: to the best of our knowledge, no harm was done to any CCleaner users as the threat was removed before it had a chance to fully activate.
    This is really not about downplaying the issue. This is a statement based on a pretty thorough analysis, partially shared below and partially still embargoed because of the ongoing investigation.

    Now, some facts:
    - Avast acquired a company (Piriform) which was in the process of being hacked. We have good evidence that the attack started at least several weeks before the acquisition.
    - Immediately after we first learned about something wrong with the CCleaner product (which was on September 12, i.e. 6 days ago) we started working on it and have been working on it around the clock since then.
    - The #1 priority for us was to protect the CCleaner customers and minimize the actual customer impact of the incident.
    - For that reason, we first focused on fully understanding the malicious code and disconnecting the bad actors from their ability to control the backdoor, i.e. taking down the CnC servers.
    - The CnC server was taken down on September 15, three days after we first learned about the incident. Given how difficult these things tend to be, we consider this a very good result and I don't see how we could have done it any better. (By that time, the secondary CnC servers (the DGA domains) were already sinkholed as well, so that technically cut the attackers off their ability to control the backdoor).
    CCleaner and installing avast with out permission...
      My ComputerSystem Spec


  6. Posts : 113
    Windows 10 Enterprise 1709 16299.15 and off we go
       19 Sep 2017 #56

    Update to the CCleaner 5.33.6162 Security Incident September 19

    Thanks TairikuOkami for the link.

    It is quite obvious that the fake news syndrome is spreading fast and in every facet of life.

    Hackers trying to infiltrate software is not new in any sense. I have trusted CCleaner for years and it seams that Avast also saw a great product in acquiring it. Unfortunately just as if your Equifax info were stolen by hackers, you'd have to read up to find out if you feel secure about your info.

    This info from Avast is quite clear.
      My ComputerSystem Spec

  7.    19 Sep 2017 #57

    lehnerus2000 said: View Post
    Old games (like the ones I have) don't require 24/7 Internet access either.

    It seems the installer I downloaded is clean.
    Regedit can't find "Agomo" on any of my PCs or VMs (XP, W7 & W10 - 32 bit or 64 bit).

    Update
    It looks like the Registry Key is irrelevant!

    MBAM just detected something on my main PC ("funnily enough" Avast detected nothing).

    Click image for larger version. 

Name:	MBAM - CCleaner Malware.png 
Views:	23 
Size:	55.3 KB 
ID:	154015
    Did you do a full or quick scan with MBM?
      My ComputersSystem Spec


  8. Posts : 3,086
    10.4 Home 1709 x64
       19 Sep 2017 #58

    Official news release: Update to the CCleaner 5.33.6162 Security Incident

    Zardoc said: View Post
    This info from Avast is quite clear.
    Unfortunately the damage is done, not just to Piriform, but to Avast as well, long term.
      My ComputerSystem Spec


  9. Posts : 113
    Windows 10 Enterprise 1709 16299.15 and off we go
       19 Sep 2017 #59

    TairikuOkami said: View Post
    Official news release: Update to the CCleaner 5.33.6162 Security Incident


    Unfortunately the damage is done, not just to Piriform, but to Avast as well, long term.
    I agree.

    My two cents, I don't like Avast security software, I'm more of a NOD guy but that's my choice. Wouldn't be surprised that anti virus software gets hacked.

    Still gonna use CCleaner until it probably gets bloated like PGP, Acronis and others that got taken over. Hope not...
      My ComputerSystem Spec

  10.    19 Sep 2017 #60

    I'm on Win10 64 bit and CCleaner 64 bit, However I was on the hacked version and updated to the "Safe" version before any of the hacked news came out.

    So I checked HKLM\SOFTWARE\Piriform\ and the only subfolder is ccleaner no Agomo of any type, and scanned with Malwarebytes and WinDefender and nothing came up. Does this mean I'm in the clear or should I be looking at anything else?
      My ComputerSystem Spec


 
Page 6 of 14 FirstFirst ... 45678 ... LastLast

Related Threads
Router flaws put ATT customers at hacking risk | ZDNet
Just an FYI.. I received this on two machines yesterday evening. MS should word it better, or something. In a nutshell it just means Windows hasn't auto checked/installed the latest updates yet. I manually checked, and everything went well, and...
After the last XBOX ONE update my RISK game will not play. It gets as far as connecting to the UBISOFT server, locks up, and kicks me back out to the Home screen. I went through the whole XBOX ONE Game Won't Start trouble shooter, ...
Is upgrading to Win 10 to much of a risk? in Installation and Upgrade
I WAS planing to do the in-place upgrade to Windows 10, and then do a clean install after that. But I got a message that a friend of mine tried the in place upgrade and it fried her CPU! Now she has no computer, and can't afford to do anything...
Draconian OS W10 putting kids at added risk? in User Accounts and Family Safety
MS REQUIRES you to use their privacy obliterating online account in order to be able to set up family filters in W10. Does anyone else find this to be completely and absolutely unacceptable? The content filter was a fairly helpful tool. Now MS...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 14:05.
Find Us