Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users

It appears when we installed a later version, it deleted the infection if we had it. I have been running the paid pro version for years. I didn't see any suspicious
things happening during Aug 15th from either Appguard or Voodooshield. I run Win 10 64 bit and latest insider update.

 

"Affected systems need to be restored to a state before August 15, 2017 or reinstalled"
it's a lot , today is 18 September
at they could release a tool to clean up this malware
are we sure antivirus like eset dected it?
at least malwarebyte should detect it or?
thanks

 

Hi.
Which antivirus detect malware?
TH.

 

Home machine restored to a date prior to August 15th. Also is now uninstalled for good.

Any good alternatives?

 

I read somewhere that Clamwin is the only one, but I don't know if is true.

 

+ Immunet

 

Ya, I too didn't see nothing from AppGuard and Comodo FW: I only would to be sure that nothing remained in my pc after 5.34 v. installing: it's only for I'm a bit paranoid for hobby

 

Someone running x64 Win over on Eset forum just found the malware on his device - Eset now has a sig for it. So it just isn't 32 bit OS's that are affected.

Also Cisco recommends the following if the malware is found which I concur with:

https://blogs.cisco.com/security/talos/ccleanup-a-vast-number-of-machines-at-risk

 

Search the following hash on VT:

Code:

6f7840c77f99049d788155c1351e1560b62b8ad18ad0e9adda8218b9f432f0a9

Webroot, Clamwin, ...
The detection ratio seems to rise.

 

Wondering if 5.34 deleted HKLM\SOFTWARE\Piriform\Agomo. If so, because CC Cleaner installs both 32X and 64X versions, might not know for sure if you were exposed.

Still wondering if you had to actually run the 32X version for it to have installed the malware.

 

hi
eset detects it malware but from 16099 , in short released today

 

https://techcrunch.com/2017/09/18/avast-reckons-ccleaner-malware-infected-2-27m-users/

 

Thanks. Gonna detach my laptop's hdd and do an offline scan on another machine, grrr.
Think there are more chances to detect (and remove if possible) the malware this way.

I expect more infos on howto remove this malware in the next days.

 

I have installed 5.33 and added some registry keys. After installing of v5.34 the registry keys are still there.

 

I didn't keep a backup that far back and think I will stay put for now. Maybe run a Eset online scan.

 

Hi stapp,
Could you please post (quote) the content for those of us who don't use twitter. Thanks.

 

"...Affected systems need to be restored to a state before August 15, 2017 or reinstalled..."

http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html

 

Thanks @mood

 

Just checked and Malwarebytes flags it too now and I did a scan about a half hour ago with nothing detected.

 

I upgraded to 5.34 a few days ago and HKLM\SOFTWARE\Piriform\Agomo is not there now on four x64 machines.

But I don't know if it was when 5.33 was on my machines.

 

This one is not showing up on VT yet.

 

Links please!
Here you go, this is the Eset forum thread:
https://forum.eset.com/topic/13175-...ccleaner-cloud-v1073191-had-been-compromised/

The following are looking like the Eset definitions (in update # 16099)
Win32/CCleaner.A
Win32/CCleaner.B

 

hi yes detected only from today @ 13:00 europe time (UTC/GMT +02:00)

 

So glad I don't use Piriform stuff at all.

The couple of times when it was tested it just didn't match up with RWipe.

Sorry all you folks have been bitten by them like this. Ugh

 

One more reason not to use Mega-Super-Power cleaner tools.