Page 1 of 14 12311 ... LastLast
  1.    18 Sep 2017 #1

    CCleaner: A Vast Number of Machines at Risk


    For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner… During the installation of CCleaner 5.33, the 32-bit CCleaner binary that was included also contained a malicious payload that featured a Domain Generation Algorithm (DGA) as well as hardcoded Command and Control (C2) functionality. We confirmed that this malicious version of CCleaner was being hosted directly on CCleaner’s download server as recently as September 11, 2017.

    The only advice I have as of now is uninstall CCleaner. A newer version of CCleaner is out (v5.34) but it is unknown if this eliminates the problem.
    Quote from Tweakhound.com

    Click image for larger version. 

Name:	image7[1].png 
Views:	37 
Size:	28.0 KB 
ID:	153916

    Sources:
    1. Cisco's Talos Intelligence Group Blog: CCleanup: A Vast Number of Machines at Risk
    2. CCleaner Compromised - TweakHound
      My ComputersSystem Spec
  2.    18 Sep 2017 #2
    Join Date : Jan 2014
    Indiana/Florida
    Posts : 1,504
    Windows 10 Home x64

    Beat me to it swarfega!

    Looks like I'm safe but am still apprehensive. I run a Pro x64 version of Ccleaner but will be doing a very detailed check..... just in case.

    Now.... I have been using Ccleaner for many many years and have always been happy with it and recommended it to family and friends. But this news has me worried to say the least. I cannot help but notice that this has occurred since Avast bought Piriform which in turn has made me wonder about the parent companies products also. I stopped using Avast once they bought AVG, but how can a company whose sole purpose in being is computer security have let this happen?
      My ComputerSystem Spec
  3.    18 Sep 2017 #3
    Join Date : Aug 2015
    Maine
    Posts : 38,460
    Windows10Pro 64Bit

    From Piriform's Forum

    Posted Today, 02:12 AM

    We recently determined that older versions of our Piriform CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 had been compromised. We resolved this quickly and believe no harm was done to any of our users. This compromise only affected customers with the 32-bit version of the v5.33.6162 of CCleaner and the v1.07.3191 of CCleaner Cloud. No other Piriform or CCleaner products were affected. We encourage all users of the 32-bit version of CCleaner v5.33.6162 to download v5.34 here: download. We apologize and are taking extra measures to ensure this does not happen again.
      My ComputersSystem Spec
  4.    18 Sep 2017 #4
    Join Date : Nov 2013
    Chicagoland
    Posts : 33,759
    Dual boot Windows 10 FCU Pro x 64 & Insider 10 Pro

    Thanks for posting this, swarfega.

    Ironic to say the least.
      My ComputersSystem Spec
  5.    18 Sep 2017 #5

    I have uninstalled it for now. I won't need it until next Saturday anyway, hopefully they will have addressed this by then.

    They have acknowledged this: Piriform - Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users
      My ComputersSystem Spec
  6.    18 Sep 2017 #6
    Join Date : Jan 2015
    Poughkeepsie, NY
    Posts : 278
    Windows 10 64 Bit

    As for myself, I removed ccleaner and use bleachbit instead.

    Henry
      My ComputerSystem Spec
  7.    18 Sep 2017 #7

    Quote Originally Posted by indianacarnie View Post
    Beat me to it swarfega!

    Looks like I'm safe but am still apprehensive. I run a Pro x64 version of Ccleaner but will be doing a very detailed check..... just in case.

    Now.... I have been using Ccleaner for many many years and have always been happy with it and recommended it to family and friends. But this news has me worried to say the least. I cannot help but notice that this has occurred since Avast bought Piriform which in turn has made me wonder about the parent companies products also. I stopped using Avast once they bought AVG, but how can a company whose sole purpose in being is computer security have let this happen?
    I would not jump ship just yet, but as I said above, I would uninstall it just to be safe. I have the Pro version as well.
      My ComputersSystem Spec
  8.    18 Sep 2017 #8
    Join Date : Sep 2015
    Staffordshire
    Posts : 362
    Windows 10 Pro

    Wasn't too happy at Pirform getting taken over by Avast and now this! Thanks for the heads up.
    64 bit version here two have been updated to 5.34 anyway, the third spare PC which I only switch on for updates once a month was still on 5.33 however downloaded an urgent update without having to go to the download site. Just to be sure checked the registry for the HKLM\SOFTWARE\Piriform\Agomo entry on all PC's nothing found.

    The only 32bit OS machine I had was wiped and replaced with Linux at the beginning of August.

    Makes you wonder if someone hacked the Ccleaner downloads that easily what else they may have messed with.
      My ComputersSystem Spec
  9.    18 Sep 2017 #9
    Join Date : Aug 2015
    Maine
    Posts : 38,460
    Windows10Pro 64Bit

    Quote Originally Posted by clam1952 View Post
    Wasn't too happy at Pirform getting taken over by Avast and now this! Thanks for the heads up.
    64 bit version here two have been updated to 5.34 anyway, the third spare PC which I only switch on for updates once a month was still on 5.33 however downloaded an urgent update without having to go to the download site. Just to be sure checked the registry for the HKLM\SOFTWARE\Piriform\Agomo entry on all PC's nothing found.

    The only 32bit OS machine I had was wiped and replaced with Linux at the beginning of August.

    Makes you wonder if someone hacked the Ccleaner downloads that easily what else they may have messed with.
    I did the same as you, checked my registry, found no "Piriform\Agomo entry" and I only run the 64bit versions also. I see no reason to remove my Pro version.
      My ComputersSystem Spec
  10.    18 Sep 2017 #10
    Join Date : Oct 2013
    Posts : 25,194
    64-bit Windows 10 Pro build 17040
      My ComputersSystem Spec

 
Page 1 of 14 12311 ... LastLast


Similar Threads
Thread Forum
Router flaws put AT&T customers at hacking risk
Router flaws put ATT customers at hacking risk | ZDNet
Windows 10 News
Your Device Is At Risk Because It’s Out Of Date Message In Windows 10
Just an FYI.. I received this on two machines yesterday evening. MS should word it better, or something. In a nutshell it just means Windows hasn't auto checked/installed the latest updates yet. I manually checked, and everything went well, and...
Windows Updates and Activation
RISK will not play after last XBOB ONE update.
After the last XBOX ONE update my RISK game will not play. It gets as far as connecting to the UBISOFT server, locks up, and kicks me back out to the Home screen. I went through the whole XBOX ONE Game Won't Start trouble shooter, ...
Gaming
Is upgrading to Win 10 to much of a risk?
I WAS planing to do the in-place upgrade to Windows 10, and then do a clean install after that. But I got a message that a friend of mine tried the in place upgrade and it fried her CPU! Now she has no computer, and can't afford to do anything...
Installation and Upgrade
Draconian OS W10 putting kids at added risk?
MS REQUIRES you to use their privacy obliterating online account in order to be able to set up family filters in W10. Does anyone else find this to be completely and absolutely unacceptable? The content filter was a fairly helpful tool. Now MS...
User Accounts and Family Safety
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 23:24.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums