CCleaner: A Vast Number of Machines at Risk

Page 7 of 14 FirstFirst ... 56789 ... LastLast
  1. swarfega's Avatar
    Posts : 7,086
    Windows 10 Pro 64-bit
    Thread Starter
       #60

    Karizma said:
    I'm on Win10 64 bit and CCleaner 64 bit, However I was on the hacked version and updated to the "Safe" version before any of the hacked news came out.

    So I checked HKLM\SOFTWARE\Piriform\ and the only subfolder is ccleaner no Agomo of any type, and scanned with Malwarebytes and WinDefender and nothing came up. Does this mean I'm in the clear or should I be looking at anything else?
    You were clear from the start since you used the 64-bit version of ccleaner, it was only the 32-bit that was affected.
      My Computers

  2. swarfega's Avatar
    Posts : 7,086
    Windows 10 Pro 64-bit
    Thread Starter
       #61

    Zardoc said:
    I agree.

    My two cents, I don't like Avast security software, I'm more of a NOD guy but that's my choice. Wouldn't be surprised that anti virus software gets hacked.

    Still gonna use CCleaner until it probably gets bloated like PGP, Acronis and others that got taken over. Hope not...
    I moved away from Avast recently, I felt it was too bloated and intrusive.
      My Computers


  3. Posts : 21
    Windows 10
       #62

    lehnerus2000 said:
    Old games (like the ones I have) don't require 24/7 Internet access either. :)

    It seems the installer I downloaded is clean.
    Regedit can't find "Agomo" on any of my PCs or VMs (XP, W7 & W10 - 32 bit or 64 bit).

    Update
    It looks like the Registry Key is irrelevant!

    MBAM just detected something on my main PC ("funnily enough" Avast detected nothing).
    MBAM found and removed the same "Trojan.Floxif" object on my laptop. Further scans found nothing else. Registry seems to be in good shape.
    Edit: I had to manually search the .exe so MBAM could find it.
      My Computer

  4. yu gnomi's Avatar
    Posts : 82
    10 Pro
       #63

    props to Talos Intelligence Group for coming up with a suitably clever headline for their blog post.

    I use the portable versions of piriform softs, and actually delete the 32 bit executables because I never use them. I don't think I was ever in any danger from this, but I scanned with MBAM anyhow - nothing bad was found.
      My Computer

  5. D4ni3l's Avatar
    Posts : 307
    Microsoft Windows 10 x64
       #64

    I did some experiment on a virtual machine with v5.33
    At least, it is now detected by Windows Defender Antivirus & MalwareBytes





    Code:
    Category: Backdoor
    
    Description: This program provides remote access to the computer it is installed on.
    
    Recommended action: Remove this software immediately.
    
    Items: 
    taskscheduler:C:\Windows\System32\Tasks\CCleanerSkipUAC
    file:C:\Program Files\CCleaner\CCleaner.exe
    file:C:\Windows\System32\Tasks\CCleanerSkipUAC
    regkey:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53F0D184-E624-492B-9E46-099A892E7B7B}
    regkey:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC
    
    Get more information about this item online.





    This confirm that the malware is only detected in the 32bits version (in CCleaner.exe only but not CCleaner64.exe)
    Last edited by D4ni3l; 19 Sep 2017 at 08:52.
      My Computer

  6. dalchina's Avatar
    Posts : 29,928
    Win 10 Pro (1903)
       #65

    Ccleaner has been compromised- says Gizmo - update now


    IMPORTANT: If You're A CCleaner User You Need To Read This. | Gizmo's Freeware

    Well, make of it what you will. Nothing to lose by updating.. I guess!
      My Computers

  7. Fisher Mann's Avatar
    Posts : 477
    Win 10 Pro x64 19645 Fast
       #66

    Last night I went to update my wife's really old free version of CC and the website gave her computer an AVAST scan which I wasn't that pleased about. Later her AV indicated that when it did so it dropped two adware type infections on the machine. Think I'll be leaving ex- Piriform/AVAST products permanently.
      My Computers

  8. DavidE's Avatar
    Posts : 357
    Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64
       #67
      My Computer

  9. Josey Wales's Avatar
    Posts : 24,724
    Win 10 Pro 21359.1
       #68

    As an extra measure, the entire Piriform staff will be moved onto Avast's internal IT system -- something which has already been done for the Piriform build environment.
    Interesting. Seems there is more going on that we know about...
      My Computer

  10. JohnBurns's Avatar
    Posts : 509
    Windows 10 Version 1909 (Build 18363.815
       #69

    In another forum I use, most users seem to be jumping ship of CC. Does anyone in here think this is really necessary at this point if you are using 64bit? I have used CC for so long, I guess i am to complacent in my thinking of it, maybe, but right now I think I will continue to use it. Using Windows Defender, MBAM (with rootkit scans, regular HitmanPro and regular EEK scans will hopefully keep me aware if a problem presents itself. Fingers crossed.
      My Computer


 
Page 7 of 14 FirstFirst ... 56789 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:01.
Find Us




Windows 10 Forums