Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users

A screenshot with details (data column), please?

 

I remember I installed CCleaner recently for temporary use. I did scan with RogueKiller Anti-Malware free and it only detected unrelated PUPs. So I should be all good?

Edit: Nevermind, I saw the posts above.

 

Zero Seriousness
In the changelog of the updated version, no reference to the real reason why the update was released.
https://www.piriform.com/ccleaner/version-history
Disappointing

 

https://blog.avast.com/update-to-th...alposts_us&utm_source=twitter&utm_medium=post

 

They had to release new version before they took down CnC infrastructure so they couldn't make it public ATM. At least I understand it that way from their announcement.

 

i would do a NPE scan just for the sake of being sure, NPE can find a lot of weird nasty ****.

 

I hope that they are right and that they have enough data to be sure of it.

 

If you mean Norton Power Eraser - Major PASS! Way to dangerous! Can and has removed important Windows files resulting in a non-booting paperweight.

 

Lol, aand potentially with a backdoor on it too

 

nobody said you should blindly delete everything NPE flags dangerous, but it's good to see maybe something you missed...

 

Mmm, maybe something YOU missed. I won't use it, period! I've seen the results = a completely crippled machine. No thanks.

 

For this particular issue, unless I'm missing something, all you need do is check the registry key mention in this link posted earlier.

https://www.bleepingcomputer.com/ho...dent-what-you-need-to-know-and-how-to-remove/

No need for NPE.

 

Yes, that's all. If you've updated to the new version of CCleaner, you don't have to do anything. When you update, the malicious version of CCleaner get replaced with a clean version.

 

Better solution would be to restore a system image previous the infected CCleaner version. Well.... but do we have the assurance that all previous CCleaner version weren't infected ?

 

Yes and other software from Piriform can be questioned also. As long as they don't find out how this happened everything is possible.

 

I have Windows x64 and (now) CCleaner 5.34 - and up-to-date CCleaner Cloud(!) - and do not have the HKLM\SOFTWARE\Piriform\Agomo key.

But MB3 scan now picks up the following threats:

Registry Key: 1
Trojan.Floxif.Trace, HKLM\SOFTWARE\WOW6432NODE\PIRIFORM\AGOMO

Registry Value: 1
Trojan.Floxif.Trace, HKLM\SOFTWARE\WOW6432NODE\PIRIFORM\AGOMO|TCID

But these appear to be related to CCleaner Cloud (previously Agomo) account, because after quarantining these, I had to re-sign in to my account, so I suspect these may be FPs.

I may now remove CCleaner Cloud, but I quite like how it informs one of all installs e.g. silent Microsoft OneNote updates. But given recent events here, I am now wary of data sent out.

 

Thinking that if you would otherwise still want to use CC Cleaner you should copy and paste your post on The MB Forums (maybe try False Positives) before you jump ship.

https://forums.malwarebytes.com/forum/40-malwarebytes-for-home-support/

 

On my Windows 8.1 x64/Windows 10 x64 machine I don't see these reg keys even I run multiple times the floxified version in the past days.

 

I'll wait for Piriform/Avast researchers for more infos. Thanks.

 

But you probably do not have CCleaner Cloud (initially called Agomo) installed, which I think is responsible for those keys.

 

AFAIK it affected 32 bit only.

 

Nope, backdoored CCleaner.exe created those keys (also). I've tested it in VM with regular 5.33 desktop installation.