wolster Posted September 20, 2017 Share Posted September 20, 2017 I do. Been using it for years, so was surprised to get this today: "The popular third-party CCLEANER application has been found to contain malware that infects your computer and may allow attackers to take ownership of it. This application allows users to ‘clean’ up their system to optimise and enhance performance.There have been over 5 billions downloads of this application worldwide, and is particularly popular in Australia.Give the malicious nature of the malware payload, we estimate this risk to be RED (i.e. take immediate actions to stop an potential attack to your business).Notes: Any CCLEANER installed on your computer between August 15 and September 12 this year (2017) from its official website is infected with malware. Once installed it will collect system information and attempt to contact the hacker’s servers to retrieve further instructions to compromise your computer. This affects 32-bit Windows installations only (so most Windows platforms are safe), however action should be taken on all installations. If you have downloaded or installed CCleaner application:Step 1: Uninstall CCleaner and re-install the latest version from the official website.Step 2: Update your anti-virus software.Step 3: Run a full scan with your anti-virus software.Step 4: The Command and Control servers have reportedly been taken down. However where possible, detect or block outgoing network communications going to the following IPs: ab6d54340c1a[.]com aba9a949bc1d[.]com ab2da3d400c20[.]com ab3520430c23[.]com ab1c403220c27[.]com ab1abad1d0c2a[.]com ab8cee60c2d[.]com ab1145b758c30[.]com ab890e964c34[.]com ab3d685a0c37[.]com ab70a139cc3a[.]com 216[.]126[.]225[.]148 Reminder: All systems should be fully patched at the earliest possible time. Local administrator privileges should not be granted to users for everyday use. This severely limits the damage and prevents further exploitation by malware and attackers. Be aware when downloading and installing untrusted applications that claim to repair, optimise and clean your computer." 2 1 Link to comment Share on other sites More sharing options...
rocky500 Posted September 20, 2017 Share Posted September 20, 2017 Thanks for the heads up. My CCleaner did its first inline update a week ago instead of having to download it each time. I have uninstalled it now and reinstalled from your link. If you use "keep cookies", best to run CCleaner once. Uninstall version. Reinstall new one and then before running the cleaning part on the new one, go to options and recheck all your cookies you want to keep again as it will will be lost from the uninstall. 1 Link to comment Share on other sites More sharing options...
michaelw Posted September 20, 2017 Share Posted September 20, 2017 (edited) why even use these third party programs ? they generally do more harm than good. http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html Edited September 20, 2017 by michaelw 1 Link to comment Share on other sites More sharing options...
groovem Posted September 20, 2017 Share Posted September 20, 2017 I have the Mac version, though I have not run it for at least two years. 1 Link to comment Share on other sites More sharing options...
Guest Muon N' Posted September 20, 2017 Share Posted September 20, 2017 That's why I'm using a little bit older version, I rarely update the program so haven't hit that yet. I was lucky in that there are somethings I don't like auto updating. Good community heads up there, Wolster. Link to comment Share on other sites More sharing options...
Guest Muon N' Posted September 20, 2017 Share Posted September 20, 2017 (edited) Ah! I use the 64bit version anyway, and it appears the infected versions were 32bit ones. AS stated in wolster's post *sigh* Avast and Piriform have both confirmed that the Windows 32-bit version of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 were affected by the malware. Edited September 20, 2017 by Muon N' Link to comment Share on other sites More sharing options...
(ツ) Posted September 20, 2017 Share Posted September 20, 2017 Had it for years. Thanks for the warning. More here: We recently determined that older versions of our Piriform CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 had been compromised. We estimate that 2.27 million people used the affected software. We resolved this quickly and believe no harm was done to any of our users. This compromise only affected customers with the 32-bit version of the v5.33.6162 of CCleaner and the v1.07.3191 of CCleaner Cloud. No other Piriform or CCleaner products were affected. We encourage all users of the 32-bit version of CCleaner v5.33.6162 to download v5.34 here: download. We apologize and are taking extra measures to ensure this does not happen again. Issue Summary: Our new parent company, the security company Avast, determined on the 12th of September that the 32-bit version of our CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 products, which may have been used by up to 3% of our users, had been compromised in a sophisticated manner. Piriform CCleaner v5.33.6162 was released on the 15th of August, and a regularly scheduled update to CCleaner, without compromised code, was released on the 12th of September. CCleaner Cloud v1.07.3191 was released on the 24th of August, and updated with a version without compromised code on September 15. The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3rd party computer server in the USA. We have no indications that any other data has been sent to the server. Working with US law enforcement, we caused this server to be shut down on the 15th of September before any known harm was done. It would have been an impediment to the law enforcement agency’s investigation to have gone public with this before the server was disabled and we completed our initial assessment. Between the 12th and the 15th, we took immediate action to make sure that our Piriform CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 users were safe - we worked with download sites to remove CCleaner v5.33.6162, we pushed out a notification to update CCleaner users from v5.33.6162 to v5.34, we automatically updated those where it was possible to do so, and we automatically updated CCleaner Cloud users from v1.07.3191 to 1.07.3214. We are continuing to investigate how this compromise happened, who did it, and why. We are working with US law enforcement in their investigation. A more technical description of the issue is on our Piriform blog at: www.piriform.com/news/blog. Again, we sincerely apologize for this and are committed to making sure nothing similar happens again. We encourage any user of the 32-bit version of CCleaner v5.33.6162 to download the latest version of Piriform CCleaner found here: www.piriform.com/ccleaner/download/standard. Link to comment Share on other sites More sharing options...
Kaynin Posted September 20, 2017 Share Posted September 20, 2017 Thanks Wol, I've used it for years. Thankfully I run 64-bit Windows. Anyway, uninstall and re-install here we go... Link to comment Share on other sites More sharing options...
rocky500 Posted September 20, 2017 Share Posted September 20, 2017 4 hours ago, michaelw said: why even use these third party programs ? they generally do more harm than good. http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html You mean you do not install any other software. eg. AV, Jriver, Roon or any other not related to operating system? I have been using CCleaner for over 10 years and its been one of my go to tools for any setup. I am sure we are going to see many more programs hacked in the future too. Unfortunately its just the times we live in now. 1 Link to comment Share on other sites More sharing options...
Guest Muon N' Posted September 20, 2017 Share Posted September 20, 2017 (edited) @rocky500 Agreed, CCleaner is not the bad guy here. Edited September 20, 2017 by Muon N' Link to comment Share on other sites More sharing options...
Guest Muon N' Posted September 20, 2017 Share Posted September 20, 2017 1 hour ago, Kaynin said: Thanks Wol, I've used it for years. Thankfully I run 64-bit Windows. Anyway, uninstall and re-install here we go... Hay ya' CCleaner comes in 32bit and 64bit versions and either can be installed on 64bit windows, so It's the version of CCleaner you need to look at to see if there can be an issue. Link to comment Share on other sites More sharing options...
Guest Muon N' Posted September 20, 2017 Share Posted September 20, 2017 Might be useful for folk to install Microsoft's EMET for a bit of extra hardening of protection against threats of similar natures. Someone here recommended it ages ago, so i had a look at it and I have used it ever since https://support.microsoft.com/en-us/help/2458544/the-enhanced-mitigation-experience-toolkit Link to comment Share on other sites More sharing options...
michaelw Posted September 20, 2017 Share Posted September 20, 2017 11 hours ago, rocky500 said: You mean you do not install any other software. eg. AV, Jriver, Roon or any other not related to operating system? I have been using CCleaner for over 10 years and its been one of my go to tools for any setup. I am sure we are going to see many more programs hacked in the future too. Unfortunately its just the times we live in now. i was speaking in the context of this thread, 3rd party registry cleaner type programs like ccleaner, advanced system care etc. none of the professional IT guys i know use these, nor do they recommend them for home use. in their words, keeping your system up to date and the supplied windows tools are all you need. 2 Link to comment Share on other sites More sharing options...
rocky500 Posted September 21, 2017 Share Posted September 21, 2017 1 hour ago, michaelw said: i was speaking in the context of this thread, 3rd party registry cleaner type programs like ccleaner, advanced system care etc. none of the professional IT guys i know use these, nor do they recommend them for home use. in their words, keeping your system up to date and the supplied windows tools are all you need. I agree on the 3rd party registry cleaners for sure. I only use CCleaner for the cleaning part, which is does a super job. Link to comment Share on other sites More sharing options...
Guest Muon N' Posted September 21, 2017 Share Posted September 21, 2017 2 hours ago, michaelw said: i was speaking in the context of this thread, 3rd party registry cleaner type programs like ccleaner, advanced system care etc. none of the professional IT guys i know use these, nor do they recommend them for home use. in their words, keeping your system up to date and the supplied windows tools are all you need. In general I agree, see these types of things on PCs and It's the first things to go if I'm cleaning up/working on one (something I avoid these days). But this one I have never found an issue with after looking at it extensively and testing, so been using it for years, yup...I can be lazy Link to comment Share on other sites More sharing options...
swervyn Posted September 21, 2017 Share Posted September 21, 2017 CC Cleaner is very handy for disabling all those Windoze start up programs too 1 Link to comment Share on other sites More sharing options...
Guest Muon N' Posted September 21, 2017 Share Posted September 21, 2017 (edited) Yup, quicker than trawling through the Reg', not that those things take long, but other functions can take a lot longer than a mouse click does. Those startups can be done through MS Config also, but that takes as long as manually removing the Reg' entries. Edited September 21, 2017 by Muon N' Link to comment Share on other sites More sharing options...
audiofeline Posted March 12, 2018 Share Posted March 12, 2018 I've used ccleaner for years, without any problem. I don't upgrade regularly (actually for a few years), as I'm using win7 and assume the updates are relevant for win8. Link to comment Share on other sites More sharing options...
Guest Muon N' Posted March 12, 2018 Share Posted March 12, 2018 I only avoided the bad code of those specified versions because i was running the 64bit version of CCCleaner and not the 32bit versions that were exploited. I'm still on Win7 also. Link to comment Share on other sites More sharing options...
Guest Sime Posted March 12, 2018 Share Posted March 12, 2018 Poor Windows folk Link to comment Share on other sites More sharing options...
brumby Posted March 12, 2018 Share Posted March 12, 2018 Been using CCCleaner for a LONG time. My current (Dell XPS) laptop is nearing its sixth birthday running 64 bit Win 7. I guess that's why I've seen no problems with the machine. CCCleaner is very handy for cleaning out the crud out of your file system and out of your registry when you install/uninstall/update programs. It's also very handy for starting and stopping Windows services. I'll probably keep using it if and when I ever upgrade this computer and move to Win 10. Link to comment Share on other sites More sharing options...
Snoopy8 Posted March 12, 2018 Share Posted March 12, 2018 (edited) Was using CCleaner for a long time (15-20 years!) and was my go to tool for ensuring the system performance was up to scratch. However, when I switched to Win10, two things deterred me. Read about CCleaner causing problems with Win10. As well Win 10 gave my old laptop a new lease of life, running faster. Decided not to use CCleaner and have not seen the need to do so. CCleaner's registry tool can be dangerous and my suggestion is always to do a backup before cleaning the registry. I am IT savvy and can find my way around. However, for most people, CCleaner's registry and file cleaning tools are run automatically, without understanding the implications. Hence, the reason why IT Pros do not recommend them. Edited March 12, 2018 by Snoopy8 Typos 1 Link to comment Share on other sites More sharing options...
Guest Muon N' Posted March 12, 2018 Share Posted March 12, 2018 (edited) @brumby Just to be clear, the compromised 32bit versions of CCCleeaner were the issue, not what version of windows it might have been. Whether the Windows OS was 32bit or 64bit was irrelevant as you could install the 32bit CCCleaner versions that had the bad code in them under a 64bit Windows OS. What you would have had to been looking at was what version of CCCleaner was installed at the time these compromised ones were, the 32bit or 64bit versions of CCCleaner. Edited March 12, 2018 by Muon N' Link to comment Share on other sites More sharing options...
Noomie Posted July 6, 2020 Share Posted July 6, 2020 I've been using it for 3 years and I didn't even know that Link to comment Share on other sites More sharing options...
Recommended Posts