- Jun 21, 2017
definitely no snake oil here : control panel > system & security > security & maintenance
How do I remove it?
The malware was embedded in the CCleaner executable itself. Updating CCleaner to v5.34 removes the old executable and the malware. CCleaner does not have an auto-update system, so users must download and install CCleaner 5.34 manually.
Avast said it already pushed an update to CCleaner Cloud users, and they should be fine. The clean version is CCleaner Cloud 1.07.3214.
The malware executed only if the user was using an admin account. If you use a low-privileged account and installed CCleaner 5.33, you more not affected. Nonetheless, it is recommended that you update to version 5.34.
Why didn't antivirus software catch the infection?
The CCleaner binary that included the malware was signed using a valid digital certificate.
What does the malware do?
The malware — named Floxif — collects data from infected computers, such as computer name, a list of installed software, a list of running processes, MAC addresses for the first three network interfaces, and unique IDs to identify each computer in part.
If a company that you know and trust pushes a malicious update, and it is zero-day, there is not very much you can do to protect against it, other than to keep alert for strange activity, like c-m-d.exe and things like that. But there is no guarantee you will see a sign of malware activity.Whats the solution for dig signed malware? We all see even Kasper sky failed! I think that cisco detected it first?
Cisco's Talos Intelligence Group Blog: CCleanup: A Vast Number of Machines at Risk
If a company that you know and trust pushes a malicious update, and it is zero-day, there is not very much you can do to protect against it, other than to keep alert for strange activity, like c-m-d.exe and things like that. But there is no guarantee you will see a sign of malware activity.
I guess Eset hips in paranoid mode can block this.