Jump to content

Anyone have CCleaner on their puter?


Recommended Posts

I do. Been using it for years, so was surprised to get this today:

 

"The popular third-party CCLEANER application has been found to contain malware that infects your computer and may allow attackers to take ownership of it. This application allows users to ‘clean’ up their system to optimise and enhance performance.

There have been over 5 billions downloads of this application worldwide, and is particularly popular in Australia.

Give the malicious nature of the malware payload, we estimate this risk to be RED (i.e. take immediate actions to stop an potential attack to your business).

Notes:

  • Any CCLEANER installed on your computer between August 15 and September 12 this year (2017) from its official website is infected with malware.
  • Once installed it will collect system information and attempt to contact the hacker’s servers to retrieve further instructions to compromise your computer.
  • This affects 32-bit Windows installations only (so most Windows platforms are safe), however action should be taken on all installations.

If you have downloaded or installed CCleaner application:

Step 1: Uninstall CCleaner and re-install the latest version from the official website.
Step 2: Update your anti-virus software.
Step 3: Run a full scan with your anti-virus software.
Step 4: The Command and Control servers have reportedly been taken down. However where possible, detect or block outgoing network communications going to the following IPs:

  • ab6d54340c1a[.]com
  • aba9a949bc1d[.]com
  • ab2da3d400c20[.]com
  • ab3520430c23[.]com
  • ab1c403220c27[.]com
  • ab1abad1d0c2a[.]com
  • ab8cee60c2d[.]com
  • ab1145b758c30[.]com
  • ab890e964c34[.]com
  • ab3d685a0c37[.]com
  • ab70a139cc3a[.]com
  • 216[.]126[.]225[.]148


Reminder:

  • All systems should be fully patched at the earliest possible time.
  • Local administrator privileges should not be granted to users for everyday use. This severely limits the damage and prevents further exploitation by malware and attackers.
  • Be aware when downloading and installing untrusted applications that claim to repair, optimise and clean your computer."
  • Like 2
  • Thanks 1
Link to comment
Share on other sites



Thanks for the heads up.

My CCleaner did its first inline update a week ago instead of having to download it each time.

I have uninstalled it now and reinstalled from your link.

 

If you use "keep cookies", best to run CCleaner once. Uninstall version. Reinstall new one and then before running the cleaning part on the new one, go to options and recheck all your cookies you want to keep again as it will will be lost from the uninstall.

  • Like 1
Link to comment
Share on other sites

That's why I'm using a little bit older version, I rarely update the program so haven't hit that yet.

 

I was lucky in that there are somethings I don't like auto updating.

 

Good community heads up there, Wolster.

Link to comment
Share on other sites



Ah!

 

I use the 64bit version anyway, and it appears the infected versions were 32bit ones. AS stated in wolster's post *sigh*

Avast and Piriform have both confirmed that the Windows 32-bit version of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 were affected by the malware.

Edited by Muon N'
Link to comment
Share on other sites

Had it for years. Thanks for the warning.

 

More here: We recently determined that older versions of our Piriform CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 had been compromised. We estimate that 2.27 million people used the affected software. We resolved this quickly and believe no harm was done to any of our users. This compromise only affected customers with the 32-bit version of the v5.33.6162 of CCleaner and the v1.07.3191 of CCleaner Cloud. No other Piriform or CCleaner products were affected. We encourage all users of the 32-bit version of CCleaner v5.33.6162 to download v5.34 here: download. We apologize and are taking extra measures to ensure this does not happen again.

Issue Summary: Our new parent company, the security company Avast, determined on the 12th of September that the 32-bit version of our CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 products, which may have been used by up to 3% of our users, had been compromised in a sophisticated manner. Piriform CCleaner v5.33.6162 was released on the 15th of August, and a regularly scheduled update to CCleaner, without compromised code, was released on the 12th of September. CCleaner Cloud v1.07.3191 was released on the 24th of August, and updated with a version without compromised code on September 15. The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3rd party computer server in the USA. We have no indications that any other data has been sent to the server. Working with US law enforcement, we caused this server to be shut down on the 15th of September before any known harm was done. It would have been an impediment to the law enforcement agency’s investigation to have gone public with this before the server was disabled and we completed our initial assessment. Between the 12th and the 15th, we took immediate action to make sure that our Piriform CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 users were safe - we worked with download sites to remove CCleaner v5.33.6162, we pushed out a notification to update CCleaner users from v5.33.6162 to v5.34, we automatically updated those where it was possible to do so, and we automatically updated CCleaner Cloud users from v1.07.3191 to 1.07.3214.

We are continuing to investigate how this compromise happened, who did it, and why. We are working with US law enforcement in their investigation. A more technical description of the issue is on our Piriform blog at: www.piriform.com/news/blog. Again, we sincerely apologize for this and are committed to making sure nothing similar happens again. We encourage any user of the 32-bit version of CCleaner v5.33.6162 to download the latest version of Piriform CCleaner found here: www.piriform.com/ccleaner/download/standard.

Link to comment
Share on other sites

4 hours ago, michaelw said:

why even use these third party programs ?

 

they generally do more harm than good.

 

http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html

You mean you do not install any other software. eg. AV, Jriver, Roon or any other not related to operating system?

I have been using CCleaner for over 10 years and its been one of my go to tools for any setup.

I am sure we are going to see many more programs hacked in the future too. Unfortunately its just the times we live in now.

  • Like 1
Link to comment
Share on other sites



1 hour ago, Kaynin said:

Thanks Wol, I've used it for years.  Thankfully I run 64-bit Windows.  Anyway, uninstall and re-install here we go...

Hay ya'

 

CCleaner comes in 32bit and 64bit versions and either can be installed on 64bit windows, so It's the version of CCleaner you need to look at to see if there can be an issue.

Link to comment
Share on other sites

11 hours ago, rocky500 said:

You mean you do not install any other software. eg. AV, Jriver, Roon or any other not related to operating system?

I have been using CCleaner for over 10 years and its been one of my go to tools for any setup.

I am sure we are going to see many more programs hacked in the future too. Unfortunately its just the times we live in now.

i was speaking in the context of this thread, 3rd party registry cleaner type programs like ccleaner, advanced system care etc.

 

none of the professional IT guys i know use these, nor do they recommend them for home use.

 

in their words, keeping your system up to date and the supplied windows tools are all you need.

 

  • Like 2
Link to comment
Share on other sites

1 hour ago, michaelw said:

i was speaking in the context of this thread, 3rd party registry cleaner type programs like ccleaner, advanced system care etc.

 

none of the professional IT guys i know use these, nor do they recommend them for home use.

 

in their words, keeping your system up to date and the supplied windows tools are all you need.

 

I agree on the 3rd party registry cleaners for sure.

I only use CCleaner for the cleaning part, which is does a super job.

Link to comment
Share on other sites

2 hours ago, michaelw said:

i was speaking in the context of this thread, 3rd party registry cleaner type programs like ccleaner, advanced system care etc.

 

none of the professional IT guys i know use these, nor do they recommend them for home use.

 

in their words, keeping your system up to date and the supplied windows tools are all you need.

 

In general I agree, see these types of things on PCs and It's the first things to go if I'm cleaning up/working on one (something I avoid these days).

 

But this one I have never found an issue with after looking at it extensively and testing, so been using it for years, yup...I can be lazy ;)

Link to comment
Share on other sites



Yup, quicker than trawling through the Reg', not that those things take long, but other functions can take a lot longer than a mouse click does.

 

Those startups can be done through MS Config also, but that takes as long as manually removing the Reg' entries.

Edited by Muon N'
Link to comment
Share on other sites

  • 5 months later...
Guest Muon N'

I only avoided the bad code of those specified versions because i was running the 64bit version of CCCleaner and not the 32bit versions that were exploited.

 

I'm still on Win7 also.

Link to comment
Share on other sites



Been using CCCleaner for a LONG time.  My current (Dell XPS) laptop is nearing its sixth birthday :ohmy: running 64 bit Win 7.  I guess that's why I've seen no problems with the machine.  CCCleaner is very handy for cleaning out the crud out of your file system and out of your registry when you install/uninstall/update programs.  It's also very handy for starting and stopping Windows services.  I'll probably keep using it if and when I ever upgrade this computer and move to Win 10.

Link to comment
Share on other sites

Was using CCleaner for a long time (15-20 years!) and was my go to tool for ensuring the system performance was up to scratch.  However, when I switched to Win10, two things deterred me. Read about CCleaner causing problems with Win10. As well Win 10 gave my old laptop a new lease of life, running faster. Decided not to use CCleaner and have not seen the need to do so.

 

CCleaner's registry tool can be dangerous and my suggestion is always to do a backup before cleaning the registry.  I am IT savvy and can find my way around.  However, for most people, CCleaner's registry and file cleaning tools are run automatically, without understanding the implications. Hence, the reason why IT Pros do not recommend them.

Edited by Snoopy8
Typos
  • Like 1
Link to comment
Share on other sites

Guest Muon N'

@brumby

 

Just to be clear, the compromised 32bit versions of CCCleeaner were the issue, not what version of windows it might have been.

 

Whether the Windows OS was 32bit or 64bit was irrelevant as you could install the 32bit CCCleaner versions that had the bad code in them under a 64bit Windows OS.

 

What you would have had to been looking at was what version of CCCleaner was installed at the time these compromised ones were, the 32bit or 64bit versions of CCCleaner.

 

Edited by Muon N'
Link to comment
Share on other sites

  • 2 years later...
  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...
To Top