Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users

Discussion in 'other security issues & news' started by stapp, Sep 18, 2017.

  1. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    It appears when we installed a later version, it deleted the infection if we had it. I have been running the paid pro version for years. I didn't see any suspicious
    things happening during Aug 15th from either Appguard or Voodooshield. I run Win 10 64 bit and latest insider update.
     
  2. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,844
    "Affected systems need to be restored to a state before August 15, 2017 or reinstalled"
    it's a lot , today is 18 September
    at they could release a tool to clean up this malware
    are we sure antivirus like eset dected it?
    at least malwarebyte should detect it or?
    thanks
     
  3. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,213
    Location:
    Italy
    Hi.
    Which antivirus detect malware?
    TH.
     
  4. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    4,925
    Home machine restored to a date prior to August 15th. Also is now uninstalled for good.

    Any good alternatives?
     
  5. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,092
    Location:
    Europe, UE citizen

    I read somewhere that Clamwin is the only one, but I don't know if is true.
     
  6. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,213
    Location:
    Italy
    + Immunet
     
  7. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,092
    Location:
    Europe, UE citizen
    Ya, I too didn't see nothing from AppGuard and Comodo FW: I only would to be sure that nothing remained in my pc after 5.34 v. installing: it's only for I'm a bit paranoid for hobby :D
     
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,399
    Location:
    U.S.A.
    Someone running x64 Win over on Eset forum just found the malware on his device - Eset now has a sig for it. So it just isn't 32 bit OS's that are affected.

    Also Cisco recommends the following if the malware is found which I concur with:
    https://blogs.cisco.com/security/talos/ccleanup-a-vast-number-of-machines-at-risk
     
  9. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,700
    Search the following hash on VT:
    Code:
    6f7840c77f99049d788155c1351e1560b62b8ad18ad0e9adda8218b9f432f0a9
    Webroot, Clamwin, ...
    The detection ratio seems to rise.
     
  10. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,630
    Location:
    DC Metro Area
    Wondering if 5.34 deleted HKLM\SOFTWARE\Piriform\Agomo. If so, because CC Cleaner installs both 32X and 64X versions, might not know for sure if you were exposed.

    Still wondering if you had to actually run the 32X version for it to have installed the malware.
     
  11. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,844
    hi
    eset detects it malware but from 16099 , in short released today
     
  12. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,770
    Location:
    U.S.A. (South)
  13. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,027
    Location:
    Mexico
    Thanks. Gonna detach my laptop's hdd and do an offline scan on another machine, grrr.
    Think there are more chances to detect (and remove if possible) the malware this way.

    I expect more infos on howto remove this malware in the next days.
     
  14. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,700
    I have installed 5.33 and added some registry keys. After installing of v5.34 the registry keys are still there.
     
  15. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    I didn't keep a backup that far back and think I will stay put for now. Maybe run a Eset online scan.
     
  16. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,962
  17. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,630
    Location:
    DC Metro Area
  18. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,630
    Location:
    DC Metro Area
    Thanks @mood
     
  19. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Just checked and Malwarebytes flags it too now and I did a scan about a half hour ago with nothing detected.
     
  20. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,416
    Location:
    Under a bushel ...
    I upgraded to 5.34 a few days ago and HKLM\SOFTWARE\Piriform\Agomo is not there now on four x64 machines.

    But I don't know if it was when 5.33 was on my machines.
     
  21. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    This one is not showing up on VT yet.
     
  22. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,962
  23. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,844
  24. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,770
    Location:
    U.S.A. (South)
    So glad I don't use Piriform stuff at all.

    The couple of times when it was tested it just didn't match up with RWipe.

    Sorry all you folks have been bitten by them like this. Ugh
     
  25. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,359
    One more reason not to use Mega-Super-Power cleaner tools. :thumb:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.