CCleaner: A Vast Number of Machines at Risk

Page 1 of 14 12311 ... LastLast
    CCleaner: A Vast Number of Machines at Risk

    CCleaner: A Vast Number of Machines at Risk


    Posted: 18 Sep 2017
    For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner… During the installation of CCleaner 5.33, the 32-bit CCleaner binary that was included also contained a malicious payload that featured a Domain Generation Algorithm (DGA) as well as hardcoded Command and Control (C2) functionality. We confirmed that this malicious version of CCleaner was being hosted directly on CCleaner’s download server as recently as September 11, 2017.

    The only advice I have as of now is uninstall CCleaner. A newer version of CCleaner is out (v5.34) but it is unknown if this eliminates the problem.
    Quote from Tweakhound.com

    CCleaner: A Vast Number of Machines at Risk-image7-1-.png

    Sources:
    1. Cisco's Talos Intelligence Group Blog: CCleanup: A Vast Number of Machines at Risk
    2. CCleaner Compromised - TweakHound
    swarfega's Avatar Posted By: swarfega
    18 Sep 2017

  1. indianacarnie's Avatar
    Posts : 1,327
    Windows 10 Home x64
       #1

    Beat me to it swarfega! :)

    Looks like I'm safe but am still apprehensive. I run a Pro x64 version of Ccleaner but will be doing a very detailed check..... just in case.

    Now.... I have been using Ccleaner for many many years and have always been happy with it and recommended it to family and friends. But this news has me worried to say the least. I cannot help but notice that this has occurred since Avast bought Piriform which in turn has made me wonder about the parent companies products also. I stopped using Avast once they bought AVG, but how can a company whose sole purpose in being is computer security have let this happen?
      My Computer

  2. OldMike65's Avatar
    Posts : 106,528
    Windows10 Pro (x64) 20H2 19042.928
       #2

    From Piriform's Forum

    Posted Today, 02:12 AM

    We recently determined that older versions of our Piriform CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 had been compromised. We resolved this quickly and believe no harm was done to any of our users. This compromise only affected customers with the 32-bit version of the v5.33.6162 of CCleaner and the v1.07.3191 of CCleaner Cloud. No other Piriform or CCleaner products were affected. We encourage all users of the 32-bit version of CCleaner v5.33.6162 to download v5.34 here: download. We apologize and are taking extra measures to ensure this does not happen again.
      My Computers


  3. Posts : 5,834
    Dual boot Windows 10 FCU Pro x 64 & current Insider 10 Pro
       #3

    Thanks for posting this, swarfega.

    Ironic to say the least.
      My Computers

  4. swarfega's Avatar
    Posts : 7,087
    Windows 10 Pro 64-bit
    Thread Starter
       #4

    I have uninstalled it for now. I won't need it until next Saturday anyway, hopefully they will have addressed this by then.

    They have acknowledged this: Piriform - Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users
      My Computers

  5. Hewjr100's Avatar
    Posts : 538
    Windows 10 Pro
       #5

    As for myself, I removed ccleaner and use bleachbit instead.

    Henry
      My Computer

  6. swarfega's Avatar
    Posts : 7,087
    Windows 10 Pro 64-bit
    Thread Starter
       #6

    indianacarnie said:
    Beat me to it swarfega! :)

    Looks like I'm safe but am still apprehensive. I run a Pro x64 version of Ccleaner but will be doing a very detailed check..... just in case.

    Now.... I have been using Ccleaner for many many years and have always been happy with it and recommended it to family and friends. But this news has me worried to say the least. I cannot help but notice that this has occurred since Avast bought Piriform which in turn has made me wonder about the parent companies products also. I stopped using Avast once they bought AVG, but how can a company whose sole purpose in being is computer security have let this happen?
    I would not jump ship just yet, but as I said above, I would uninstall it just to be safe. I have the Pro version as well.
      My Computers

  7. clam1952's Avatar
    Posts : 812
    Windows 10 Pro 20H2 build 19042.928
       #7

    Wasn't too happy at Pirform getting taken over by Avast and now this! Thanks for the heads up.
    64 bit version here two have been updated to 5.34 anyway, the third spare PC which I only switch on for updates once a month was still on 5.33 however downloaded an urgent update without having to go to the download site. Just to be sure checked the registry for the HKLM\SOFTWARE\Piriform\Agomo entry on all PC's nothing found.

    The only 32bit OS machine I had was wiped and replaced with Linux at the beginning of August.

    Makes you wonder if someone hacked the Ccleaner downloads that easily what else they may have messed with.
      My Computers

  8. OldMike65's Avatar
    Posts : 106,528
    Windows10 Pro (x64) 20H2 19042.928
       #8

    clam1952 said:
    Wasn't too happy at Pirform getting taken over by Avast and now this! Thanks for the heads up.
    64 bit version here two have been updated to 5.34 anyway, the third spare PC which I only switch on for updates once a month was still on 5.33 however downloaded an urgent update without having to go to the download site. Just to be sure checked the registry for the HKLM\SOFTWARE\Piriform\Agomo entry on all PC's nothing found.

    The only 32bit OS machine I had was wiped and replaced with Linux at the beginning of August.

    Makes you wonder if someone hacked the Ccleaner downloads that easily what else they may have messed with.
    I did the same as you, checked my registry, found no "Piriform\Agomo entry" and I only run the 64bit versions also. I see no reason to remove my Pro version.
      My Computers

  9. Brink's Avatar
    Posts : 56,311
    64-bit Windows 10 Pro for Workstations build 21359
       #9
      My Computers


 
Page 1 of 14 12311 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:19.
Find Us




Windows 10 Forums