Ccleaner Infected - How to make sure PC is clean?

O

Orion

Level 2
Verified
Apr 8, 2016
83
Guys,come on...kaspersky is having and has had hacks on their own IT systems and no one gave it such a hard time.

Piriform infrastructure is completely seperate and in no way related to avast's IT machines.The malware or say malcode inside ccleaner was messed with possibly by insecure infrastucture and this happened before the purchase and some people are telling avast did it.I was lol because this thing went under the radar for about weeks since the release of version 5.33 and why not go tell this to kaspersky who has its own systems hijacked once and now is in trouble with laws and privacy.

No we will just complain!......right move on.Now if any of you are avast users you are safe because they managed to detect it now and the domains were sinkholed as soon as discovered by cisco.

Also if they themselves did it why would they involve law enforcement? Unless they want to hit the hammer on their own leg.Think about it.Be reasonable.
 
Last edited:
  • Like
Reactions: Syafiq, frogboy and L S
F

ForgottenSeer 58943

I've banned Piriform products from my network. I can't risk someone in this household installing that product after this fiasco.

If you have a UTM/NGFW with Application Control on your network you can see if it already has a signature for CCleaner. If it does, set it to block. If it doesn't create a DLP Fingerprint of their product and ban it. Barring that, add their IP addresses/Domains to your blacklist.

s1.pir.fm
www.piriform.com
service.piriform.com
license.piriform.com

Use wildcards where appropriate, such as: *pir.fm

piriform.png
 
Last edited by a moderator:
  • Like
Reactions: Syafiq, Venustus and Sunshine-boy
F

ForgottenSeer 58943

Also, has anyone considered the Corporate/Enterprise damage of this?

Piriform brags about how many firms use their Cloud Based Cleaner (Agomo). In case nobody noticed, this also infected their cloud application and was AUTO-UPDATED on anyone on their cloud system...

What's the fallout from that? I wonder if the GoT leaks just a few weeks ago was related?

Samsung, Oracle, Intel, Princeton, Staplpes, Airbus, HBO, Siemens, GE, AVIVA, DHL, Sega, etc..

companies.png
 
  • Like
Reactions: Syafiq, TairikuOkami, Venustus and 3 others
R

roger_m

Level 41
Verified
Top Poster
Content Creator
Dec 4, 2014
3,029
ForgottenSeer 58943 said:
I'd format any PC that had this installed. Or, if you use RollbackRX or something, roll it back. I wouldn't ever trust it was fully removed.
Click to expand...
Only the ccleaner exe file is infected. If you update to a newer version of CCleaner, or uninstall it, then the infection will be gone. Doing anything more than this is pointless.
 
  • Like
Reactions: AtlBo, Syafiq, Venustus and 2 others
A

Aktiffiso

Level 8
Verified
Aug 24, 2013
395
Incredible I have this infected version and i changue my passwords during the time of infection, no one of my security products detect it. Did i have to changue my passwords again?
 
  • Like
Reactions: AtlBo, Syafiq and frogboy
F

ForgottenSeer 58943

Aktiffiso said:
Incredible I have this infected version and i changue my passwords during the time of infection, no one of my security products detect it. Did i have to changue my passwords again?
Click to expand...

According to Cisco, you need to format your PC (or win10 reset it). I'd change your PW's just to be safe.
 
  • Like
Reactions: AtlBo, Syafiq and Venustus
A

Aktiffiso

Level 8
Verified
Aug 24, 2013
395
Hi brothers in the time of ccleaner hack i have the hacked version installed. I go to all my accounts and start to changue all my passwords and put they on Enpass. In that time i dont know ccleaner are hacked. I have too many security soft like Adguard, Winantirasom, Emsisoft but no one detect ccleaner hacked. Now i follow cisco and i format my pc reinstall all my software now. Do you think i have to changue all my passwords again? Only update Enpass file or create another file? or not use password manager and create my own pass?. Do you think the ccleaner virus infect enpass ? I have enpass backup file on D: drive and i dont delete it when i format. What do you think i have to do. Sorry the paranoid
 
  • Like
Reactions: AtlBo
Solarquest

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Aktiffiso said:
Hi brothers in the time of ccleaner hack i have the hacked version installed. I go to all my accounts and start to changue all my passwords and put they on Enpass. In that time i dont know ccleaner are hacked. I have too many security soft like Adguard, Winantirasom, Emsisoft but no one detect ccleaner hacked. Now i follow cisco and i format my pc reinstall all my software now. Do you think i have to changue all my passwords again? Only update Enpass file or create another file? or not use password manager and create my own pass?. Do you think the ccleaner virus infect enpass ? I have enpass backup file on D: drive and i dont delete it when i format. What do you think i have to do. Sorry the paranoid
Click to expand...

I see it this way...this was not done by "kids" and we don't know what they did.
Before experts said stage 2 never happened, then they discovered on a server a list with 20 targets that got stage 2 MW...but they don't know what happened before the list was created, what malware was used in stage 2....since you decided to reinstall all, I would also change all passwords.
 
  • Like
Reactions: AtlBo and Sunshine-boy
legendcampos

legendcampos

Level 6
Verified
Aug 22, 2014
286
The problem is the said "reliable digital signature" already causes 80% of the software release the passage, the other 20% holding the infection is the behavior blocker and the cloud.
 
O

Orion

Level 2
Verified
Apr 8, 2016
83
Looks like Talos and some other company got into the mood of slapping avast back and fourth with literally baseless statements when avast has already analyzed the threat and released article on them with proper proof to support their claims.

Looks like some companies want to make a dirty cash in on this incident by blaming avast like something like this hasnt happened to anyone in the industry ever (Dont foget the kaspersky drama and hijack on avira website etc).Also leo from emsisoft made some un-professional and dirty statements about avast in his video...again a "dirty cash in and bash" method.

So you share intel and samples among yourselves everyday and meet up at big events but when it comes to such incidents some employee from a competitor company comes out with wrong facts and says "they totally deserve ##### for it".Sorry but if you are a employee in the industry such acts are not welcome.I am sure people at emsisoft and others also will not be pleased by this if they know about it.

You don't need to FORMAT your system because from the avast threat lab article on their blog only about 40 systems in IT firms were infected and that too according to geological location..

Disgusting...
 
  • Like
Reactions: roger_m
You must log in or register to reply here.

Similar threads

Bot
    • Like
Announcing Windows 11 Insider Preview Build 23451
Replies
0
Views
595
Windows 11
Bot
Bot
oldschool
    • Like
    • Wow
    • Applause
Windows 10 is a security disaster waiting to happen. How will Microsoft clean up its mess?
Replies
25
Views
3,640
News Archive
Moonhorse
Moonhorse
oldschool
    • Like
    • Applause
    • +Reputation
The case for slowing down AI
Replies
5
Views
895
News Archive
oldschool
oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top