Sounds like Avast is initiating damage control and now in conflict with Cisco Talos in regards to who was first to identify and analyze the behavior of the malicious code. It was Cisco Talos to registry the suspected domains.
Always thought Avast used shady business tactics in promoting their products.
1st off let me say this, its entirely up to the user if they want to remove CCleaner. That is there choice. :)
I have been running CCleaner for years the Pro version. I had no infections, no issues. I have no intention of removing my registered version.
On another note, I've also read that installing the latest update for CCleaner 5.34 and CCleaner Cloud 1.07.3214 that it removes the Floxif malware, which I didn't know till recently. So even if a user didn't use a program like MB to remove the malware, latest CCleaner update does this automatically.
Again its up to every individual user to decide what they feel is best for them.
For people who use such software as CCleaner, or any other "cleaners" or "optimizers", on their Windows machines this particular issue should not be an issue at all: one virus more, one virus less - it makes no difference. Who cares?
Poor phrasing on my part.
I should have written, "don't rely on finding the Registry Key, check the installer directly".
There must be more to it than just running the infected installer.
I installed CC v5.33 on multiple systems including my XP install & XP VM (both 32 bit).
I can't find that Registry Key.
Something must have stopped the malware from installing/running.
It wasn't my AV, as I didn't get any AV alerts during installation.
I'm using Avast on my physical installs and AVG on my VMs.
Avast is set to run a Quick Scan every day and a Full Scan on Sundays.
This means that several Full Scans found nothing.
I run MBAM Quick Scans every week (roughly).
I selected the CC installer and ran MBAM on it directly (using the Context Menu option).
I'm not sure what type of scan MBAM performed.
I always set all MBAM AV scan options to "On".
I also checked the installed exe files, but they are apparently clean.
Here is my contribution to the info here. I am running Windows 10 Pro x64. No problems on my system at all for two years. Wandered over to Piriform on August 15th to download CCleaner because I had not had it on my system in a while. Just my luck that I got the version with the malware attached, although I did not know of the problem at the time, of course. I installed CCleaner and used it once or twice in the ensuing month. I also rebooted and shut down/restarted several times in that time frame.
I see the news about the malware the afternoon the problem was reported, and I immediately begin attempting to check out my machine. Well, for the first time ever, I am unable to show hidden files and folders to look inside my Users/UserName folders. Hmmmm. I could do it before I installed CCleaner. I do it regularly since I am a power user and check things over often. Despite having "show hidden files and folders" selected and overriding the "hide protected operating system files" settings, I get nothing...nada. Just my regular folders and files only. When I go under the "view" tab and check the "hidden files" checkbox, it immediately UNchecks itself right in front of my eyes. That is NOT normal. Needless to say, I spent several hours last night resetting passwords for all my banking and important logins via my iPad, and I will be formatting my laptop HD and reinstalling Windows today (sigh). I will also be changing my network wireless password. I also noticed about five days ago, before I got wind of this malware issue, that I got a BSOD in Windows 10 for the first time ever with a message about a .sys file. Hmmm again.
So, if anyone got this malware riding on the CCleaner executable, 32 bit or 64 bit, I would highly recommend being safe now rather than very sorry later. Change your passwords from a clean device ASAP. Understand that many security suites will not flag a program or even a threat these days if the program or threat is thought of as a low risk and trusted program. Yes, that can happen. It just depends on the right set of circumstances. Windows Defender did not pick this up on my machine on download or at all. Bitdefender only picked it up after a forced direct file scan. Kaspersky did not pick this up on our secondary machine until after the announcement came out and a definition update showed up. If the malware was downloaded to your machine, and you installed the CCleaner version in question, and IF you value your data and computing environment, then a reformat and reinstall is in order. Running processes can be hidden, registry keys can be hidden, programs deemed "safe" as part of a group in order to reduce scanning overhead for security suites can be unsafe. Those of us who think of ourselves as PC experts can be caught with our pants down despite our best efforts and smarts. It would be foolish and arrogant to assume that because you have been computing since the early 90s (me) or earlier that you will never have a virus or malware problem. Remember, it is not paranoia if they really are out to get you.
As Windows defender Antivirus detect it, we can check there is no rootkit in a PChttps://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-offline said:
Quote
