Jump to content

wolster

Anyone have CCleaner on their puter?

Recommended Posts

Moderator

I do. Been using it for years, so was surprised to get this today:

 

"The popular third-party CCLEANER application has been found to contain malware that infects your computer and may allow attackers to take ownership of it. This application allows users to ‘clean’ up their system to optimise and enhance performance.

There have been over 5 billions downloads of this application worldwide, and is particularly popular in Australia.

Give the malicious nature of the malware payload, we estimate this risk to be RED (i.e. take immediate actions to stop an potential attack to your business).

Notes:

  • Any CCLEANER installed on your computer between August 15 and September 12 this year (2017) from its official website is infected with malware.
  • Once installed it will collect system information and attempt to contact the hacker’s servers to retrieve further instructions to compromise your computer.
  • This affects 32-bit Windows installations only (so most Windows platforms are safe), however action should be taken on all installations.

If you have downloaded or installed CCleaner application:

Step 1: Uninstall CCleaner and re-install the latest version from the official website.
Step 2: Update your anti-virus software.
Step 3: Run a full scan with your anti-virus software.
Step 4: The Command and Control servers have reportedly been taken down. However where possible, detect or block outgoing network communications going to the following IPs:

  • ab6d54340c1a[.]com
  • aba9a949bc1d[.]com
  • ab2da3d400c20[.]com
  • ab3520430c23[.]com
  • ab1c403220c27[.]com
  • ab1abad1d0c2a[.]com
  • ab8cee60c2d[.]com
  • ab1145b758c30[.]com
  • ab890e964c34[.]com
  • ab3d685a0c37[.]com
  • ab70a139cc3a[.]com
  • 216[.]126[.]225[.]148


Reminder:

  • All systems should be fully patched at the earliest possible time.
  • Local administrator privileges should not be granted to users for everyday use. This severely limits the damage and prevents further exploitation by malware and attackers.
  • Be aware when downloading and installing untrusted applications that claim to repair, optimise and clean your computer."

Share this post


Link to post
Share on other sites

Thanks for the heads up.

My CCleaner did its first inline update a week ago instead of having to download it each time.

I have uninstalled it now and reinstalled from your link.

 

If you use "keep cookies", best to run CCleaner once. Uninstall version. Reinstall new one and then before running the cleaning part on the new one, go to options and recheck all your cookies you want to keep again as it will will be lost from the uninstall.

Share this post


Link to post
Share on other sites

I have the Mac version, though I have not run it for at least two years.

Share this post


Link to post
Share on other sites

That's why I'm using a little bit older version, I rarely update the program so haven't hit that yet.

 

I was lucky in that there are somethings I don't like auto updating.

 

Good community heads up there, Wolster.

Share this post


Link to post
Share on other sites

Ah!

 

I use the 64bit version anyway, and it appears the infected versions were 32bit ones. AS stated in wolster's post *sigh*

Avast and Piriform have both confirmed that the Windows 32-bit version of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 were affected by the malware.

Edited by Noum

Share this post


Link to post
Share on other sites


Had it for years. Thanks for the warning.

 

More here: We recently determined that older versions of our Piriform CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 had been compromised. We estimate that 2.27 million people used the affected software. We resolved this quickly and believe no harm was done to any of our users. This compromise only affected customers with the 32-bit version of the v5.33.6162 of CCleaner and the v1.07.3191 of CCleaner Cloud. No other Piriform or CCleaner products were affected. We encourage all users of the 32-bit version of CCleaner v5.33.6162 to download v5.34 here: download. We apologize and are taking extra measures to ensure this does not happen again.

Issue Summary: Our new parent company, the security company Avast, determined on the 12th of September that the 32-bit version of our CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 products, which may have been used by up to 3% of our users, had been compromised in a sophisticated manner. Piriform CCleaner v5.33.6162 was released on the 15th of August, and a regularly scheduled update to CCleaner, without compromised code, was released on the 12th of September. CCleaner Cloud v1.07.3191 was released on the 24th of August, and updated with a version without compromised code on September 15. The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3rd party computer server in the USA. We have no indications that any other data has been sent to the server. Working with US law enforcement, we caused this server to be shut down on the 15th of September before any known harm was done. It would have been an impediment to the law enforcement agency’s investigation to have gone public with this before the server was disabled and we completed our initial assessment. Between the 12th and the 15th, we took immediate action to make sure that our Piriform CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 users were safe - we worked with download sites to remove CCleaner v5.33.6162, we pushed out a notification to update CCleaner users from v5.33.6162 to v5.34, we automatically updated those where it was possible to do so, and we automatically updated CCleaner Cloud users from v1.07.3191 to 1.07.3214.

We are continuing to investigate how this compromise happened, who did it, and why. We are working with US law enforcement in their investigation. A more technical description of the issue is on our Piriform blog at: www.piriform.com/news/blog. Again, we sincerely apologize for this and are committed to making sure nothing similar happens again. We encourage any user of the 32-bit version of CCleaner v5.33.6162 to download the latest version of Piriform CCleaner found here: www.piriform.com/ccleaner/download/standard.

Share this post


Link to post
Share on other sites

Thanks Wol, I've used it for years.  Thankfully I run 64-bit Windows.  Anyway, uninstall and re-install here we go...

Share this post


Link to post
Share on other sites
4 hours ago, michaelw said:

why even use these third party programs ?

 

they generally do more harm than good.

 

http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html

You mean you do not install any other software. eg. AV, Jriver, Roon or any other not related to operating system?

I have been using CCleaner for over 10 years and its been one of my go to tools for any setup.

I am sure we are going to see many more programs hacked in the future too. Unfortunately its just the times we live in now.

Share this post


Link to post
Share on other sites
1 hour ago, Kaynin said:

Thanks Wol, I've used it for years.  Thankfully I run 64-bit Windows.  Anyway, uninstall and re-install here we go...

Hay ya'

 

CCleaner comes in 32bit and 64bit versions and either can be installed on 64bit windows, so It's the version of CCleaner you need to look at to see if there can be an issue.

Share this post


Link to post
Share on other sites

Might be useful for folk to install Microsoft's EMET for a bit of extra hardening of protection against threats of similar natures.

 

Someone here recommended it ages ago, so i had a look at it and I have used it ever since https://support.microsoft.com/en-us/help/2458544/the-enhanced-mitigation-experience-toolkit

Share this post


Link to post
Share on other sites


11 hours ago, rocky500 said:

You mean you do not install any other software. eg. AV, Jriver, Roon or any other not related to operating system?

I have been using CCleaner for over 10 years and its been one of my go to tools for any setup.

I am sure we are going to see many more programs hacked in the future too. Unfortunately its just the times we live in now.

i was speaking in the context of this thread, 3rd party registry cleaner type programs like ccleaner, advanced system care etc.

 

none of the professional IT guys i know use these, nor do they recommend them for home use.

 

in their words, keeping your system up to date and the supplied windows tools are all you need.

 

Share this post


Link to post
Share on other sites
1 hour ago, michaelw said:

i was speaking in the context of this thread, 3rd party registry cleaner type programs like ccleaner, advanced system care etc.

 

none of the professional IT guys i know use these, nor do they recommend them for home use.

 

in their words, keeping your system up to date and the supplied windows tools are all you need.

 

I agree on the 3rd party registry cleaners for sure.

I only use CCleaner for the cleaning part, which is does a super job.

Share this post


Link to post
Share on other sites
2 hours ago, michaelw said:

i was speaking in the context of this thread, 3rd party registry cleaner type programs like ccleaner, advanced system care etc.

 

none of the professional IT guys i know use these, nor do they recommend them for home use.

 

in their words, keeping your system up to date and the supplied windows tools are all you need.

 

In general I agree, see these types of things on PCs and It's the first things to go if I'm cleaning up/working on one (something I avoid these days).

 

But this one I have never found an issue with after looking at it extensively and testing, so been using it for years, yup...I can be lazy ;)

Share this post


Link to post
Share on other sites

CC Cleaner is very handy for disabling all those Windoze start up programs too

Share this post


Link to post
Share on other sites

Yup, quicker than trawling through the Reg', not that those things take long, but other functions can take a lot longer than a mouse click does.

 

Those startups can be done through MS Config also, but that takes as long as manually removing the Reg' entries.

Edited by Noum

Share this post


Link to post
Share on other sites

I've used ccleaner for years, without any problem.  I don't upgrade regularly (actually for a few years), as I'm using win7 and assume the updates are relevant for win8.

Share this post


Link to post
Share on other sites


I only avoided the bad code of those specified versions because i was running the 64bit version of CCCleaner and not the 32bit versions that were exploited.

 

I'm still on Win7 also.

Share this post


Link to post
Share on other sites
Guest Sime

Poor Windows folk :baby:

Share this post


Link to post
Share on other sites

Been using CCCleaner for a LONG time.  My current (Dell XPS) laptop is nearing its sixth birthday :ohmy: running 64 bit Win 7.  I guess that's why I've seen no problems with the machine.  CCCleaner is very handy for cleaning out the crud out of your file system and out of your registry when you install/uninstall/update programs.  It's also very handy for starting and stopping Windows services.  I'll probably keep using it if and when I ever upgrade this computer and move to Win 10.

Share this post


Link to post
Share on other sites
Posted (edited)

Was using CCleaner for a long time (15-20 years!) and was my go to tool for ensuring the system performance was up to scratch.  However, when I switched to Win10, two things deterred me. Read about CCleaner causing problems with Win10. As well Win 10 gave my old laptop a new lease of life, running faster. Decided not to use CCleaner and have not seen the need to do so.

 

CCleaner's registry tool can be dangerous and my suggestion is always to do a backup before cleaning the registry.  I am IT savvy and can find my way around.  However, for most people, CCleaner's registry and file cleaning tools are run automatically, without understanding the implications. Hence, the reason why IT Pros do not recommend them.

Edited by Snoopy8
Typos

Share this post


Link to post
Share on other sites
Posted (edited)

@brumby

 

Just to be clear, the compromised 32bit versions of CCCleeaner were the issue, not what version of windows it might have been.

 

Whether the Windows OS was 32bit or 64bit was irrelevant as you could install the 32bit CCCleaner versions that had the bad code in them under a 64bit Windows OS.

 

What you would have had to been looking at was what version of CCCleaner was installed at the time these compromised ones were, the 32bit or 64bit versions of CCCleaner.

 

Edited by Muon N'

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×