Advice Request CCleaner trust poll

Please provide comments and solutions that are helpful to the author of this topic.

Will you continue to use CCleaner?

  • Yes

    Votes: 60 47.6%

  • No

    Votes: 43 34.1%

  • Yes, but now with delay and doubt

    Votes: 26 20.6%
  • Total voters
    126
Status
Not open for further replies.
F

ForgottenSeer 58943

_CyberGhosT_ said:
I had a lifetime key for many years and swore by this product, after they sold I uninstalled and went to the Cybertronsoft solution
"Privacy Eraser" and have not looked back, I think you can guess what I voted ;)
I use it for the automated browser cleaning, which is what I used Ccleaner for.
Link: Privacy Eraser: 1-click browsing history deletion, PC optimization & more
From one Ex-Ccleaner fan to another, try this and you will thank me. PeAcE
Click to expand...

Bro, this is a great find!

I've tested this for the last couple of hours. Literally the ONLY thing this does once installed is check for an update on launch to;

www.cybertronsoft.com/download/privacy-eraser/update.xml

Absolutely no telemetry, random net sessions, nothing. If you disable update checks on launch it doesn't even do that. It's completely self contained from what I can tell and very efficient.
 
  • Like
Reactions: Parsh, uninfected1, Iapepe and 6 others
F

ForgottenSeer 55474

Hello, People, I trust piriform, always have always will, and I was lucky that my two systems (w. 8.1 & w. 10 home) both are 64 bit.:)
 
  • Like
Reactions: askmark
uninfected1

uninfected1

Level 11
Verified
Top Poster
Well-known
Jan 28, 2016
525
There's no way I would feel happy continuing to use CCleaner after this so I've uninstalled it. I'll give privacy eraser a go (thanks for the link cyberghost!).

I seem to recall CCleaner came top in a poll on here not that long ago for the best free non security program. Somehow I don't think it would come anywhere near top if that poll was held today.
 
Last edited:
  • Like
Reactions: Sunshine-boy, Venustus and frogboy
Venustus

Venustus

Level 59
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
An old article but worth reading:
Speed test! Five PC clean-up utilities: Do they really work?
benchmarks-100027086-orig.png


And:
PC Cleaning Apps are a Scam: Here’s Why (and How to Speed Up Your PC)
(Not related directly to CCleaner)
 
Last edited:
  • Like
Reactions: Sunshine-boy, L S, amico81 and 4 others
Parsh

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
omidomi said:
Nice.
thanks , due to links it seems also 64 bit version was infected?:oops:
"The 32-bit trojan is TSMSISrv.dll, the 64-bit trojan is EFACli64.dll."
Click to expand...
What that section says (on the Talos page, not the other blog):
Stage 2 Payloads
The stage 2 installer is GeeSetup_x86.dll. This installer checks the OS version and then drops either a 32-bit or 64-bit version of a trojanized tool. The x86 version is using a trojanized TSMSISrv.dll, which drops VirtCDRDrv (which matches the filename of a legitimate executable that is part of Corel) using a similar method to the backdoored CCleaner tool. The x64 version drops a trojanized EFACli64.dll file named SymEFA which is the filename taken from a legitimate executable that is part of "Symantec Endpoint". None of the files that are dropped are signed or legitimate.

Effectively, they patch a legitimate binary to package their malware. Additionally, the setup put an encoded PE in the registry :
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\001
........
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\004
The purpose of the trojanized binary is to decode and execute this PE in registry. This PE performs queries to additional C2 servers and executes in-memory PE files. This may complicate detection on some systems since the executable files are never stored directly on the file system.
Click to expand...
According to the above text, the Stage-2 payload ie. GeeSetup_x86.dll downloads/drops a Trojanized 'tool' according to the OS version detected on the infected machine. The 32-bit version of this 'tool' uses a (trojanized) TSMSISrv.dll while the 64-bit version of this 'tool' drops a (trojanized) EFACli64.dll.
So the 32/64-bit is pertaining to the downloaded trojan tool and not Ccleaner.
Since no info regarding CCleaner versions is mentioned, we can assume that the ones in talk are 32-bit CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (as shared previously).
 
  • Like
Reactions: Sunshine-boy, omidomi, frogboy and 1 other person
I

insanity

Level 5
Verified
Oct 9, 2016
216
I still trust Ccleaner; those incidents occur from time to time; so if you ditch Piriform today, then later another software gets compromised and you ditch it too and so this never ends. That being said, I'm not a huge fun of PC (and mobile) cleaners, optimizers, boosters, battery savers etc. They are more of a placebo, and sometimes do more bad than good.
 
  • Like
Reactions: L S, frogboy and roger_m
JakeXPMan

JakeXPMan

Level 17
Verified
Top Poster
Well-known
Oct 20, 2014
804
I feel fine using Ccleaner... I have backups, life is short... and I really like their softwares.
If anything I'm going to try to use more, I want to get Speccy installed again soon.


I always respected Piriform infected or not. I hope they dont lose too much profits.
 
  • Like
Reactions: L S and frogboy
Cortex

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
I think because of the incident it’s safer than it ever was. I wasn't affected by the problem use the Pro version on this PC so happy to use CCleaner. I have a triple lifetime licence for Wise 365 which is pretty good & can recommend it without too much trepidation :)
 
  • Like
Reactions: frogboy and JakeXPMan
F

ForgottenSeer 58943

Music4Ever said:
I think because of the incident it’s safer than it ever was. I wasn't affected by the problem use the Pro version on this PC so happy to use CCleaner. I have a triple lifetime licence for Wise 365 which is pretty good & can recommend it without too much trepidation :)
Click to expand...

I wouldn't bet on that. Often compromised programs end up having more compromises later.

Something needs to be said about not using what 'everyone' else is using.. Bigger target.. CCleaner was one of the biggest targets in the world. So the effort to APT/TAO it would pay off. Imagine that effort being expended for something just a few thousand people use?
 
  • Like
Reactions: roger_m and Sunshine-boy
Status
Not open for further replies.

Similar threads

jv16
    • Like
    • Thanks
    • Applause
Serious Discussion Uninstalr: Or how I tested all the Windows uninstallers and ended up making a new one
Replies
158
Views
14,068
System utilities
upnorth
upnorth
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review ESET Smart Security Premium 2024
Replies
18
Views
1,167
Video Reviews - Security and Privacy
Dave Russo
Dave Russo
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Avira Free Security 2024
Replies
12
Views
1,709
Video Reviews - Security and Privacy
lvseqiji
L

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top