CCleaner 5.37 - Do you trust it 100%?

[Node]

BleachBit is a nice alternative for anyone searching for a nice alternative. It's so nice that even Hillary Clinton used it to wipe her famous email server.

 

[HarborFront]

I'm using it as one of the cleaners

 

[tim one]

Uhmm...at this point I'm no more so sure to use Ccleaner.
Moreover, EAM warned me about something strange on CCupdate.exe... (I don't remember exactly what).
I quarantined it, this story is lasting too, I will uninstall it permanently.

 

[TairikuOkami]

NO. CCleaner behaves more like adware now and the worst part is, that it eroded my trust in Avast. I no longer recommend it (it caused other issues as well).

Wise Care 365 Pro might be my next stop or something else.

Same, I have setup Wise Disk Cleaner to run at shutdown, unfortunately it removes all logins, not at restart though, strange.
So I have started to use browser's autosave for passwords, I know, but only for forums and unimportant stuff like that.

As for reg cleaning, I have moved to Wise and Regseeker (since Wise Free cleans only HKCU).

Block with firewall.

CCleaner injects explorer and connects via the browser regardless, if it is blocked or not.

 

[Mr.X]

CCleaner injects explorer and connects via the browser regardless

Could you please elaborate this please?

 

[TairikuOkami]

Could you please elaborate this please?

It was mentioned in the other thread, like after install it opens a browser and connects. It can be blocked only via some HIPS capability (Comodo/Zone Alarm).
By default, it has got admin rights and realtime monitoring enabled. So theoretically, when it detects a browser running, it might do anything, like hidden within iframes.

 

[cruelsister]

Mr X- CCleaner will open to Default browser and go to a Piriform page when you check for updates. This will occur with either the installed (even though it has a built in CCUpdate module) or with the Portable version. But BOTH versions will on first run connect (through CCleaner.exe) to the CloudFlare/GlobalSign server in San Fransisco. This connection seems to be a one time only thing and so probably transmits basic user data (an installation was done at a certain geographical location). By the way, I am not bothering to mention the ubiquitous connect to the SF Prirform servers at 151.101.184.64 which occurs every time you use CCleaner.

With the malicious CCleaner 5.33 I suppose what tipped off the person that discovered the connection to Blackhat command was the persistence of a continuing CCleaner.exe connection to the server in Los Angeles in addition to the SF onetimer. Then it was just a hunt for the reg entries that caused the connection.

 

[boredog]

CS

Was that VT link you provided for the new CC version being flagged by all those AV's? If so what reason do they have for flagging it now?

 

[Mr.X]

CCleaner will open to Default browser and go to a Piriform page when you check for updates. This will occur with either the installed (even though it has a built in CCUpdate module) or with the Portable version

That in red letters matters to me as I use the portable version and unchecked "Automatically check for updates to CCleaner" feature in Options > Settings since the beginning when I started using the portable. To be honest, I haven't seen any other attempt of injection or triggering a default browser instance at all.

ccleaner.exe is not blocked in the firewall but if tried to connect, this would block it. Again, I haven't seen any attempt of calling home or any other place.

 

[HarborFront]

NO. CCleaner behaves more like adware now and the worst part is, that it eroded my trust in Avast. I no longer recommend it (it caused other issues as well).


Same, I have setup Wise Disk Cleaner to run at shutdown, unfortunately it removes all logins, not at restart though, strange.
So I have started to use browser's autosave for passwords, I know, but only for forums and unimportant stuff like that.

As for reg cleaning, I have moved to Wise and Regseeker (since Wise Free cleans only HKCU).


CCleaner injects explorer and connects via the browser regardless, if it is blocked or not.

You mean the Wise Registry Cleaner Pro cleans the entire registry vs its FREE version which cleans only the HKCU? Is there a comparison table to show the differences between the 2 versions?

Thanks

 

[TairikuOkami]

You mean the Wise Registry Cleaner Pro cleans the entire registry vs its FREE version which cleans only the HKCU?

Yes, if you try to enable it in settings, it is locked for Pro.
RegSeeker does not allow deep cleaning, but it is already dangerous as it is.

EDIT: Just reading it, maybe I was wrong, again, it is just for user management, but it certainly does not clean some HKLM items, which even weaker CCleaner cleans.

 

[cruelsister]

Boredog- That VT link wasn't to CCleaner itself, but instead to a malware file (ransomware distributed by the Neutrino EK) that connected a while back to the same IP that PiriForm now used to acquire usage statistics (104.31.75.124); CCleaner Portable will also connect to that IP. But note that this is on First run only, and only on a system that has never had CCleaner installed.

The portable version will also check that the version used is the latest by a connection to 151.101.184.64, but also only on first run.

 

[HarborFront]

Yes, if you try to enable it in settings, it is locked for Pro.
RegSeeker does not allow deep cleaning, but it is already dangerous as it is.

EDIT: Just reading it, maybe I was wrong, again, it is just for user management, but it certainly does not clean some HKLM items, which even weaker CCleaner cleans.

I'm using the free Eusing RegCleaner. It cleans more

Eusing Free Registry Cleaner: Safely scan and repair registry problems - Spyware FREE.

 

[roger_m]

I'm using the free Eusing RegCleaner. It cleans more

Including valid registry keys. It has always had major issues with false positives.

 

[Prorootect]

Great CS, someone needs to give you a nice bottle of wine....I'll chip in....now can anyone recommend a similar software?

I'm using old version of CCleaner - v4.17.4808, and too (sometimes) WISE Disk Cleaner 7.
No problems.

 

[darko999]

I just download updated version manually, blocked ccleaner by firewall like many others do; it's worth. I like the software and it has some useful features. I also deleted the Ccleaner UAC skip task, it's shady.

 

[ForgottenSeer 58943]

I just download updated version manually, blocked ccleaner by firewall like many others do; it's worth. I like the software and it has some useful features. I also deleted the Ccleaner UAC skip task, it's shady.

SkipUAC tasks are common with all tools like this. Otherwise they wouldn't work properly so nothing shady there for the most part. I still won't use Ccleaner, but that is a personal choice. Plenty of other solutions that do the job and since we mostly use Chromebooks, I just powerwash, which is a 20-30 second full restore. For the few desktops left in the home - Wise Portable, Kerish, Privazer, all good options IMO.

 

[darko999]

SkipUAC tasks are common with all tools like this. Otherwise they wouldn't work properly so nothing shady there for the most part. I still won't use Ccleaner, but that is a personal choice. Plenty of other solutions that do the job and since we mostly use Chromebooks, I just powerwash, which is a 20-30 second full restore. For the few desktops left in the home - Wise Portable, Kerish, Privazer, all good options IMO.

The program could ask for elevation like usually other programs do, thing is UAC skip for Ccleaner is pointless. I just run it and it ask for elevation, I'll see if it is the proper moment to give that elevation, but leting Ccleaner skip elevation prompt is by no means good just IMO.

 

[ForgottenSeer 55474]

I have Ccleaner Professional plus and I mostly use wisecare pro

 

[ForgottenSeer 67480]

I using Kerish Doctor 2 years and no problems. What about CCleaner: I used him from 2012 to 2014 year and it's not a bad choice, but much i preffer test Kerish Doctor.