General / Off-Topic ALERT ccleaner !

[Kingston@#]

ccleaner has been hacked. check your version!
A security company has issued a warning after its software was compromised by malicious hackers.
"suspicious activity" on 12 September that led it to discover version 5.33 had been "illegally modified" before it had been made available to the public.

 

[Kerrash]

I hope it doesn't affect too many people.
Thankfully, I became self-sufficient long ago with maintaining my PC without the need for tools like this

 

[Kingston@#]

I hope it doesn't affect too many people.
Thankfully, I became self-sufficient long ago with maintaining my PC without the need for tools like this

I don't use it myself. I have seen that a lot of users on here do, felt a warning needed to be placed on here.
according to user data 2.4m dl.

 

[Ben Ryder]

Thanks for the warning.

 

[Cmdr Wullfen]

Don't use it my self and haven't for a while but that's a good find and great shout Commander.

+1 right on

Also, wow

 

[GuruNot]

I hope it doesn't affect too many people.
Thankfully, I became self-sufficient long ago with maintaining my PC without the need for tools like this

Its a very commonly used app. I personally use it clear out old registry remnants. Amazing what actually gets left behind after an uninstaller runs.

Fortunately it was the 32bit binary that was modified, on 64 bit OSes the 64bit version runs by default.

A good breakdown here which includes indicators: http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html

 

[Deleted member 110222]

What should I do? Uninstall CCleaner? Is the above post saying 64bit systems are fine? I'm confused.

 

[GuruNot]

What should I do? Uninstall CCleaner? Is the above post saying 64bit systems are fine? I'm confused.

I personally have not found any evidence of the registry keys mentioned in the article on my PC, nor when looking back through a months worth of Internet/endpoint web protection logs found any evidence of any connection attempts to the domains and IP mentioned in the talos article.

I am reasonably sure my PC is clean, but I have still uninstalled CCleaner.

It takes a little while for the dust to settle on these sorts of events but in the short term if you are even remotely in doubt I would suggest you uninstall.

If you find evidence of the registry keys under HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\Agomo it would suggest you were affected and it may be worth a restore/rebuild.

Edit:

FYI Version 5.34 is meant to be clean, https://forum.piriform.com/index.php?showtopic=48868.

http://www.piriform.com/news/blog/2...eaner-cloud-v1073191-for-32-bit-windows-users

 

[lokvette]

Thanks for the heads up, I use it from time to time and was indeed on v5.33

 

[Kingston@#]

there is a link for latest 5.34 at the bottom of article from developer.
uninstall in safe mode and install 5.34 is my advice!

 

[Patrick_68000]

Thanks for the information. I use the version 5.01 and very rarely

 

[Kingston@#]

What should I do? Uninstall CCleaner? Is the above post saying 64bit systems are fine? I'm confused.

if it doubt, get rid.
I personally think that 64bit works on software that's 64bit and will utilise 32bit if any software on your system is 32bit. there are plenty of 32bit SW still around.

 

[Kingston@#]

Its a very commonly used app. I personally use it clear out old registry remnants. Amazing what actually gets left behind after an uninstaller runs.

Fortunately it was the 32bit binary that was modified, on 64 bit OSes the 64bit version runs by default.

A good breakdown here which includes indicators: http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html

+1 for the follow up

 

[Kingston@#]

mods can you pin this to the top for about 2 weeks so it doesn't get lost!

 

[Deleted member 110222]

if it doubt, get rid.
I personally think that 64bit works on software that's 64bit and will utilise 32bit if any software on your system is 32bit. there are plenty of 32bit SW still around.

Gone. Got my best mate, who I trust with my life and happens to be extremely skilled in these things, to purge it from my system.

 

[Jenner]

mods can you pin this to the top for about 2 weeks so it doesn't get lost!

Sorry, but that's not really something we pin. This is a game forum, not an IT security site.

I work in the IT field and I get MS-ISAC alert emails all the time. It's not something that I or the mod team can really be responsible for policing here on the Frontier forum, though.

 

[Arry]

Ok, How do I find which version I have. I can't find: 5 point anything in the properties window?

 

[SpeakerToAliens]

Read it on the Register earlier today. I just downloaded 5.34 from piriform and Kaspersky killed it! I don't know whether that's because they've started flagging ccsetup as dodgy anyway or because the new download is itself actually infected. Uninstalled ccleaner anyway. Awaiting developments...

 

[GuruNot]

Ok, How do I find which version I have. I can't find: 5 point anything in the properties window?

In windows explorer navigate to the program folder, right click the exe, click properties, look at the details tab. It should be listed as file version / product version.

 

[Arry]

In windows explorer navigate to the program folder, right click the exe, click properties, look at the details tab. It should be listed as file version / product version.

Thanks.