SIGforum
Do you use CCleaner?
September 18, 2017, 08:41 AM
PatenDo you use CCleaner?
I received this at work. I don't use CCleaner myself though.
quote:
FYI if you use CCleaner at home or otherwise.
CCleaner distribution servers were infected with malware payload.
http://blog.talosintelligence....ributes-malware.html
September 18, 2017, 09:08 AM
CromI've used CCLeaner almost religiously for decades on all may computers.
No observed problems, but I will be on the lookout.
"Crom is strong! If I die, I have to go before him, and he will ask me, 'What is the riddle of steel?' If I don't know it, he will cast me out of Valhalla and laugh at me."
September 18, 2017, 09:24 AM
RogueJSKWow. Hacking anti-malware software to reconfigure it to distribute malware. Sneaky.
I do use CCleaner on occasion. Luckily, it appears that this issue only applies to folks who used version 5.33 from August 15, 2017 through September 12, 2017. I have not used CCleaner in probably 6 months or so.
September 18, 2017, 09:26 AM
marksman41Damn. I use CCleaner everyday.
Double Damn that Piriform was recently bought by Avast.
September 18, 2017, 09:28 AM
smschulzquote:
Luckily, it appears that this issue only applies to folks who used version 5.33 from August 15, 2017 through September 12, 2017.
Yeah, hopefully that is all it is.
September 18, 2017, 09:31 AM
sdyproblem verified by Piriform
https://www.piriform.com/news/...32-bit-windows-usersSecurity Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users
I use CCleaner but on a 64 bit system
September 18, 2017, 09:32 AM
SIG 229RSeeing this tells me in no uncertain terms "uninstall" immediately if not sooner. I have enough problems with out adding any more.
SigP229R
Harry Callahan "A man has got to know his limitations".
Teddy Roosevelt "Talk soft carry a big stick"
I Cor10: 13 "1611KJV"
September 18, 2017, 09:49 AM
RogueJSKquote:
Originally posted by sdy:
Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users
I use CCleaner but on a 64 bit system
Oh, good. Mine's 64 bit too.
September 18, 2017, 10:09 AM
jehzsaFwiw, 64-bit here and
Malwarebytes caught the Trojan.
Immunet confirms it's cleaned.
***************************
Knowing more by accident than on purpose.
September 18, 2017, 10:17 AM
CromI am also using Malwarebytes, so maybe that saved me.
"Crom is strong! If I die, I have to go before him, and he will ask me, 'What is the riddle of steel?' If I don't know it, he will cast me out of Valhalla and laugh at me."
September 18, 2017, 10:21 AM
jehzsaGive it a scan, Crom. Just in case.
I'm using the free version and the scan caught it.
Heck, I'm scanning it again!
***************************
Knowing more by accident than on purpose.
September 18, 2017, 10:23 AM
rusbroWow. I use Ccleaner only a handful of times a year, and I happened to use the exact version (5.33.6162) on 9/11 on two important machines, to free space on C drives. Fortunately they're 64 bit. I'm surprised 64 bit machines were apparently not impacted.
My registries look fine, no attempted connections to the mentioned IPs in our firewall, no file hash match.
September 18, 2017, 10:26 AM
rusbroquote:
Originally posted by jehzsa:
Give it a scan, Crom. Just in case.
I'm using the free version and the scan caught it.
Heck, I'm scanning it again!
Oh my. I will run MBAM and Immunet this evening.
September 18, 2017, 10:59 AM
sdyjust to be sure I checked my Registry Key
I am clean
details:
https://www.bleepingcomputer.c...w-and-how-to-remove/September 18, 2017, 11:20 AM
jehzsaRe-scanned using Malwarebytes and Immunet. Came clear. Also checked the Registry Key. Nothing there.
I recall that when Malwarebytes was going through the Registry the Floxif/trojan threat was detected. Yes, like watching paint dry.
Again, don't assume that 64-bits are not infected. Mine was.
***************************
Knowing more by accident than on purpose.
September 18, 2017, 03:47 PM
fiasconvaMy thread was locked but I downloaded latest version of Malware and ran a scan too. Nothing there. Whew!
"Even if the world were perfect it wouldn't be." ... Yogi Berra September 18, 2017, 04:39 PM
ChowserCrap. I will have to check the computers at work when I go back. Thankfully all my home stuff haa been 64bit for awhilw.
Not minority enough! September 19, 2017, 09:27 AM
rusbroMalwarebytes identified the CCleaner installer itself (in the trash bin), and a file in the Google Chrome cache on my two 64-machines, but no actual infection.