CCleaner v5

Discussion in 'other software & services' started by anon, Nov 25, 2014.

  1. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    Me too, still on 5.32.6129 (slim version) (64 bit).
    I downloaded it on 22 July 2017. To be honest, I find what stapp quoted in this post not really assuring, because it says that "The compromise may have started on July 3rd". Maybe there is nothing wrong with 5.32.6129 but ... Not that I have that regkey, but this is what you get when systems of companies get compromised.
     
  2. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen

    I understand. But if backdoor try - tried, till I updated at 5.34 v. now I speak theoretically - to send info we have:

    1 my fw block it because all permissions are denied.
    2 the backdoor anyway trying to connect launch some processor service, and the HIPS should alert that a " legitimate " program try to do a new thing respect previous permission; or during the installing the backdoor whitelisting gave all kind of permissions ?
     
  3. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Was reading somewhere that the infection was 32/64 bit aware. I just can not remember where I read that.
     
  4. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    LOL, everywhere even on these forums. :ninja:
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Yes in this case you're definitely safe.
    1. if your FW blocks outgoing connections CCleaner couldn't communicate with CnC
    2. if it tried to launch new service or process HIPS would alert you (it didn't try to do it in this case); during install of software update whitelisting wouldn't give any permissions since backdoor was not triggered during install and HIPS got nothing to learn. It was triggered 10 or more minutes later, when you first run CCleaner, as it was part of CCleaner binary and backdoor didn't run on it's own.
     
  6. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,910
    Location:
    USA
    I shut off my monitor for a hour and my computer shut off. I started my computer up again I ran malwaresbytes and Quarantined the trojan. Somehow I didn't didn't install v5.33 so I didn't have the reg key but I had v5.33 in my download folder.
     
  7. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    if you want slim get the portable
     
  8. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    I rather go with the portable one as well.

    Here's a permalink to always download the newest version:
    Code:
    https://www.piriform.com/ccleaner/download/portable/downloadfile
     
  9. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen
    Thank you. Mine is essentially an academic discussion, I didn't think I had damages.on only thing is disturbing, although I did a scan with PowerTool and PcHunter: may be the 5.34 v was not able to delete the backdoor and it remains hidden in my system.
     
  10. guest

    guest Guest

  11. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    445
    Location:
    Mercia
    Thanks mood - think I will wait awhile before updating - perhaps 12 months! :)

    I have downloaded it though and can confirm that the counter signature is still by Symantec.
    Interesting that the Slim version was released at the same time.
     
  12. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,344
    Location:
    Italy
  13. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    To make people a bit happy after dramatic events, lol.
     
  14. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    445
    Location:
    Mercia
  15. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    6,167
    hi
    to have smartscreen should i enable windows defender?
    and why does it flag as dangerous
    thanks
     
  16. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,344
    Location:
    Italy
    Slim version is OK.:thumb:
     
  17. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,344
    Location:
    Italy
    I do not know.:rolleyes:
     
  18. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    445
    Location:
    Mercia
    Probably because of the bundled cr@pware that comes with the regular download. The Slim version will be allowed without any bother.
     
  19. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    I recommend the portable one much more than slim version. Crapware free for sure:

    Code:
    https://www.piriform.com/ccleaner/download/portable/downloadfile
     
  20. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I will wait for a while, just to be sure :)
    Also waiting for explanation if they figured out how it happened first time.
     
  21. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Yup that is what I am doing now. Portable version ftw.
     
  22. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
  23. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    So it seems that it was targeted attack and at least 20 machines got second stage payload. Not good at all.
     
  24. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    And that was only for the few days logging was active. Probably more like 100's over the period.
     
  25. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,501
    Location:
    .
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.