Ccleaner Infected - How to make sure PC is clean?

[giulia]

hi
today i read about
Piriform - Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users
&
Piriform - Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users

eset detects only from today with Update signature 16099 @ 2017-09-18 as
Win32/CCleaner.A
Win32/CCleaner.B

but detects only the old ccleaner installers
i read about ->

Affected systems need to be restored to a state before August 15, 2017 or reinstalled

today it's 18 ,September ,it's a month
i can't restore an image on 4 machines

what can i do ?
i tried malwarebyte , a full scan , all clean
is there a way to check if i have this malware ,i know about the registry ?
is there something more deep?
have you restored an image?

about virus b.->Virus Bulletin :: Malicious CCleaner update points to a major weakness in our infrastructure

thanks

 

[ispx]

welcome to the war zone

 

[giulia]

welcome to the war zone

hi
why are you laughing ?

 

[ispx]

hop in giulia :

Malware found in official Ccleaner installers

Poll - CCleaner trust poll

 

[L S]

Check these 2 ""War Zones"" ....... this is going on all day
Poll - CCleaner trust poll
Malware found in official Ccleaner installers

 

[giulia]

hop in giulia :

Malware found in official Ccleaner installers

Poll - CCleaner trust poll

hi
yes i have voted , i won't use it anymore
but about

Cisco: reinstall machines or roll back to a previous version.

i can't do it
do somebody perform a deep test with a virtual machine and a copy of inflected ccleaner ?

 

[ispx]

@giulia,

hope this helps :

Malware found in official Ccleaner installers

 

[L S]

Infected file ccleaner is scaned only on Virus Total & By our Antimalware and Antivirus Softwares ...... I don't know about deep scan on a virtual machines - at least not here ..... till now. :/

 

[shmu26]

All you have to do is uninstall CCleaner, and you are good.

 

[ispx]

All you have to do is uninstall CCleaner, and you are good.

easier said than done. no offense but you don't know how malware works.

 

[shmu26]

easier said than done. no offense but you are know about how malware works.

In this case, the downloader is the main exe file of CCleaner. This will not work in other cases, though.

 

[shukla44]

All you have to do is uninstall CCleaner, and you are good.

Yes, i agree, the damage is done, just uninstall it, so there will be no more damages.

 

[L S]

I Manualy Deleted ""Agomo"" in my Registry Editor & Updated CCleaner to new version 5.34

 

[shmu26]

Yes, i agree, the damage is done, just uninstall it, so there will be no more damages.

Right. No one actually got damage, it was a backdoor, but was not actually used.

 

[ispx]

No one actually got damage, it was a backdoor, but was not actually used

is that an assumption or you have a source to back that up.

 

[shukla44]

is that an assumption or you have a source to back that up.

Just an assumption, no source....nada, zip...
But that doesn't mean it's not correct.

 

[shmu26]

Guys, just read the articles that were published. I am no malware expert, far from it. I just read the reports, that's all.

 

[ispx]

contradiction multiplied by 2 :

Yes, i agree, the damage is done, just uninstall it, so there will be no more damages.

if the damage is done uninstalling it is not going to undo that damage. the malware has infiltrated the system.

Just an assumption, no source....nada, zip...
But that doesn't mean it's not correct.

how on earth is an assumption correct? please do not mislead other users with your assumptions.

I just read the reports, that's all

from what you read you came to this conclusion :

All you have to do is uninstall CCleaner, and you are good.

 

[shukla44]

contradiction multiplied by 2 :



if the damage is done uninstalling it is not going to undo that damage. the malware has infiltrated the system.



how on earth is an assumption correct? please do not mislead other users with your assumptions.

By infiltrated the system, surely u mean collected data & stuff cause nobody else reported otherwise that this malware backdoor did any actual harm to their system.
So by uninstalling, no MORE damage (by damage i mean data collection) can be done.

If i am wrong, please enlighten us, what should be done?

 

[shmu26]

@ispx have a nice day
I am going back to work now...