I received this at work. I don't use CCleaner myself though.

quote:

FYI if you use CCleaner at home or otherwise.

CCleaner distribution servers were infected with malware payload.

http://blog.talosintelligence....ributes-malware.html

I've used CCLeaner almost religiously for decades on all may computers.
No observed problems, but I will be on the lookout.

Wow. Hacking anti-malware software to reconfigure it to distribute malware. Sneaky.

I do use CCleaner on occasion. Luckily, it appears that this issue only applies to folks who used version 5.33 from August 15, 2017 through September 12, 2017. I have not used CCleaner in probably 6 months or so.

Damn. I use CCleaner everyday.

Double Damn that Piriform was recently bought by Avast.

quote:

Luckily, it appears that this issue only applies to folks who used version 5.33 from August 15, 2017 through September 12, 2017.

Yeah, hopefully that is all it is.

problem verified by Piriform

https://www.piriform.com/news/...32-bit-windows-users

Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users


I use CCleaner but on a 64 bit system

Seeing this tells me in no uncertain terms "uninstall" immediately if not sooner. I have enough problems with out adding any more.

quote:

Originally posted by sdy:
Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users


I use CCleaner but on a 64 bit system

Oh, good. Mine's 64 bit too.

Fwiw, 64-bit here and Malwarebytes caught the Trojan.

Immunet confirms it's cleaned.

I am also using Malwarebytes, so maybe that saved me.

Give it a scan, Crom. Just in case.

I'm using the free version and the scan caught it.

Heck, I'm scanning it again!

Wow. I use Ccleaner only a handful of times a year, and I happened to use the exact version (5.33.6162) on 9/11 on two important machines, to free space on C drives. Fortunately they're 64 bit. I'm surprised 64 bit machines were apparently not impacted.

My registries look fine, no attempted connections to the mentioned IPs in our firewall, no file hash match.

quote:

Originally posted by jehzsa:
Give it a scan, Crom. Just in case.

I'm using the free version and the scan caught it.

Heck, I'm scanning it again!

Oh my. I will run MBAM and Immunet this evening.

just to be sure I checked my Registry Key

I am clean

details:

https://www.bleepingcomputer.c...w-and-how-to-remove/

Re-scanned using Malwarebytes and Immunet. Came clear. Also checked the Registry Key. Nothing there.

I recall that when Malwarebytes was going through the Registry the Floxif/trojan threat was detected. Yes, like watching paint dry.

Again, don't assume that 64-bits are not infected. Mine was.

My thread was locked but I downloaded latest version of Malware and ran a scan too. Nothing there. Whew!

Crap. I will have to check the computers at work when I go back. Thankfully all my home stuff haa been 64bit for awhilw.

Malwarebytes identified the CCleaner installer itself (in the trash bin), and a file in the Google Chrome cache on my two 64-machines, but no actual infection.