Me too, still on 5.32.6129 (slim version) (64 bit). I downloaded it on 22 July 2017. To be honest, I find what stapp quoted in this post not really assuring, because it says that "The compromise may have started on July 3rd". Maybe there is nothing wrong with 5.32.6129 but ... Not that I have that regkey, but this is what you get when systems of companies get compromised.
I understand. But if backdoor try - tried, till I updated at 5.34 v. now I speak theoretically - to send info we have: 1 my fw block it because all permissions are denied. 2 the backdoor anyway trying to connect launch some processor service, and the HIPS should alert that a " legitimate " program try to do a new thing respect previous permission; or during the installing the backdoor whitelisting gave all kind of permissions ?
Was reading somewhere that the infection was 32/64 bit aware. I just can not remember where I read that.
Yes in this case you're definitely safe. 1. if your FW blocks outgoing connections CCleaner couldn't communicate with CnC 2. if it tried to launch new service or process HIPS would alert you (it didn't try to do it in this case); during install of software update whitelisting wouldn't give any permissions since backdoor was not triggered during install and HIPS got nothing to learn. It was triggered 10 or more minutes later, when you first run CCleaner, as it was part of CCleaner binary and backdoor didn't run on it's own.
I shut off my monitor for a hour and my computer shut off. I started my computer up again I ran malwaresbytes and Quarantined the trojan. Somehow I didn't didn't install v5.33 so I didn't have the reg key but I had v5.33 in my download folder.
I rather go with the portable one as well. Here's a permalink to always download the newest version: Code: https://www.piriform.com/ccleaner/download/portable/downloadfile
Thank you. Mine is essentially an academic discussion, I didn't think I had damages.on only thing is disturbing, although I did a scan with PowerTool and PcHunter: may be the 5.34 v was not able to delete the backdoor and it remains hidden in my system.
Thanks mood - think I will wait awhile before updating - perhaps 12 months! I have downloaded it though and can confirm that the counter signature is still by Symantec. Interesting that the Slim version was released at the same time.
Probably because of the bundled cr@pware that comes with the regular download. The Slim version will be allowed without any bother.
I recommend the portable one much more than slim version. Crapware free for sure: Code: https://www.piriform.com/ccleaner/download/portable/downloadfile
I will wait for a while, just to be sure Also waiting for explanation if they figured out how it happened first time.
So it seems that it was targeted attack and at least 20 machines got second stage payload. Not good at all.