After reading this article, do you still trust Piriform and use Ccleaner?

  • Yes, i will still use their products.

    Votes: 57 48.3%
  • No, i lost faith on them, i will look for another solution.

    Votes: 61 51.7%
  • Total voters
    118

JB007

Level 19
Verified
I analysed with HitmanPro :
CCHP1.PNG CCHP2.PNG
Code:
HitmanPro 3.7.20.286
www.hitmanpro.com

   Computer name . . . . : HOME
   Windows . . . . . . . : 10.0.0.15063.X64/8
   User name . . . . . . : Home\........
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Paid (295 days left)

   Scan date . . . . . . : 2017-09-23 21:38:26
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 33s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 2

   Objects scanned . . . : 2 017 696
   Files scanned . . . . : 58 583
   Remnants scanned  . . : 427 534 files / 1 531 579 keys

Malware _____________________________________________________________________

   C:\Program Files\CCleaner\CCleaner.exe
      Size . . . . . . . : 7 680 216 bytes
      Age  . . . . . . . : 51.4 days (2017-08-03 11:42:22)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 6F7840C77F99049D788155C1351E1560B62B8AD18AD0E9ADDA8218B9F432F0A9
      Product  . . . . . : CCleaner
      Publisher  . . . . : Piriform Ltd
      Description  . . . : CCleaner
      Version  . . . . . : 5.33.00.6162
      Copyright  . . . . : Copyright © 2005-2017 Piriform Ltd
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Bitdefender  . . . : Trojan.PRForm.A
    > Kaspersky  . . . . : Backdoor.Win32.InfeCleaner.a
    > HitmanPro  . . . . : Troj/Mogoa-A
      Fuzzy  . . . . . . : 87.0
      Startup
         C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
The 3 engines of HitmanPro have detected the threat but before this analyse I run a deep scan with Bitdefender and it found nothing !
 

Attachments

Gandalf_The_Grey

Level 24
Verified
I analysed with HitmanPro :
View attachment 167944 View attachment 167945
Code:
HitmanPro 3.7.20.286
www.hitmanpro.com

   Computer name . . . . : HOME
   Windows . . . . . . . : 10.0.0.15063.X64/8
   User name . . . . . . : Home\........
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Paid (295 days left)

   Scan date . . . . . . : 2017-09-23 21:38:26
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 33s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 2

   Objects scanned . . . : 2 017 696
   Files scanned . . . . : 58 583
   Remnants scanned  . . : 427 534 files / 1 531 579 keys

Malware _____________________________________________________________________

   C:\Program Files\CCleaner\CCleaner.exe
      Size . . . . . . . : 7 680 216 bytes
      Age  . . . . . . . : 51.4 days (2017-08-03 11:42:22)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 6F7840C77F99049D788155C1351E1560B62B8AD18AD0E9ADDA8218B9F432F0A9
      Product  . . . . . : CCleaner
      Publisher  . . . . : Piriform Ltd
      Description  . . . : CCleaner
      Version  . . . . . : 5.33.00.6162
      Copyright  . . . . : Copyright © 2005-2017 Piriform Ltd
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Bitdefender  . . . : Trojan.PRForm.A
    > Kaspersky  . . . . : Backdoor.Win32.InfeCleaner.a
    > HitmanPro  . . . . : Troj/Mogoa-A
      Fuzzy  . . . . . . : 87.0
      Startup
         C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
The 3 engines of HitmanPro have detected the threat but before this analyse I run a deep scan with Bitdefender and it found nothing !
You have to update to the latest version of CCleaner v5.35.6210 (20 Sep 2017).
 

JB007

Level 19
Verified
You have to update to the latest version of CCleaner v5.35.6210 (20 Sep 2017).
You still have to update CCleaner to the latest version or uninstall...
Thanks @Gandalf_The_Grey
I scan with HitmanPro before uninstalling but now CC is uninstalled and I think I will never reinstall it:mad:

You still didn't uninstall Ccleaner?
Why?
Thanks @Av Gurus
I scan with HitmanPro before uninstalling but now CC is uninstalled and I think I will never reinstall it:mad:

CCleaner v5
That is not certain, I found nothing either.

But it is unlikely that you as a consumer are a target, these guys were more targetting the big guys: tech companies, banks, even .gov.

CCleaner v5
Thanks @paulderdash
I hope you are right.
My problem is that I do not have a copy of my PC before 15/08/2017:(
 

JB007

Level 19
Verified
Hi
I uninstall CC with Revo Pro but after restarting my PC I found remaining registry enters.
Can you help me ?
CCRevo1.PNG CCRevo2.PNG CCRevo3.PNG CCRevo4.PNG
The uninstall seems complete but after restart:
CCRevo5afterrestart.PNG CCRevo6afterrestart.PNG
And after a second restart the sames enters are found:
CCRevo7after2ndrestart.PNG CCRevo8after2ndrestart.PNG
 

JB007

Level 19
Verified
Guys, just reinstall Windows, problem solved. There's no point of trying to clean malware because it can be anywhere. As far as I know, we only know about that one registry key and that's it.
Thanks @Marko :)
I'm not a geek, so can you explain me an easy way to reinstall Windows alone ?
 

IceLion36

Level 1
Kaspersky internet Security marked Ccleaner 5.33 32-bit safe when the sha256 matches with the compromised version.
Is there any way to prevent from a similar infection ?
For example with Malwarebytez anti-exploit or Hitman Pro.Alert ?
 

Marko :)

Level 14
Verified
Thanks @Marko :)
I'm not a geek, so can you explain me an easy way to reinstall Windows alone ?
If you don't know how to reinstall Windows, don't mess with that. You can mess up whole Windows installation so your PC won't boot. It might be the best to ask someone who knows to install it for you. :)
 

JB007

Level 19
Verified
If you don't know how to reinstall Windows, don't mess with that. You can mess up whole Windows installation so your PC won't boot. It might be the best to ask someone who knows to install it for you. :)
OK I'm waiting a friend can do this Windows' reinstall;)