- Apr 1, 2017
- 1,782
I have no idea and without more infos anyone would just be guessing. There are numerous reasons why 32-bit was targeted.
- May 9, 2015
- 630
I download this version and Kaspersky mark it as malware:
Last day I installed Kaspersky Free for a try. After updating it I did run a full system and the AV didn't flagged any files as malware. Since I uninstalled Kaspersky and switched back to BD Free I cannot do a scan again.
Since I have the problematic Ccleaner533.exe I now analysed it through VirusTotal and the result is shocking indeed:
VirusTotal
This kind of problem is something to be aware of - and not freak-out about. It is nothing new. Neither is it unique nor even extraordinary.
The best thing to do is to be level-headed and learn as opposed to immediately revising your security config or protection model without thought.
The best thing to do is to be level-headed and learn as opposed to immediately revising your security config or protection model without thought.
Last edited by a moderator:
- Dec 30, 2012
- 4,809
64 bit would be harder to attack given patchguard and WOW64.Maybe this is why only 32 was targeted!!?
- Sep 5, 2017
- 149
Most likely because of the backward comparability of x64 (you can run x86 on x64 but not the opposite)
- Dec 30, 2012
- 4,809
My instinct told me not to update to 5.33 and updated to 5.34 because I thought there would be some pesky code from Avast or something like that.
This is sort of like the thing discussed in Hacker Deterrant thread where I was finding Trend Micro itself hijacked through the update process and sending out remote telemetry.
I've been super busy today but I haven't looking into this yet, but it seems like this would bypass security measures people put in place unless by some remote chance they have outbound connectivity for CCleaner blocked, automated updates turned off OR the server IP blacklisted. All of that seems unlikely so this potentially turned much of peoples security into security theater.
I wouldn't be surprised if it was more than simple hackers behind this, and since the server is in the USA, I would be wondering if the Layer 1 security of that server was compromised. It would be quite an intelligence boon to get access to that many systems.
Ironically, I subscribed to CCleaner cloud up until 3 months ago as part of my effort to reduce the telemetry leaving my network and to close off as much of my threat surface as possible.
I've been super busy today but I haven't looking into this yet, but it seems like this would bypass security measures people put in place unless by some remote chance they have outbound connectivity for CCleaner blocked, automated updates turned off OR the server IP blacklisted. All of that seems unlikely so this potentially turned much of peoples security into security theater.
I wouldn't be surprised if it was more than simple hackers behind this, and since the server is in the USA, I would be wondering if the Layer 1 security of that server was compromised. It would be quite an intelligence boon to get access to that many systems.
Ironically, I subscribed to CCleaner cloud up until 3 months ago as part of my effort to reduce the telemetry leaving my network and to close off as much of my threat surface as possible.
- Jun 10, 2017
- 248
Before I shut my computer down at the end of the day I like it to clean all the temporary internet files, cache and leftover files from uninstalled programs. I also occasionlly use it to manage startup programs and scheduled tasks. So no, I don't expect any magic at all, only to do what it's supposed to do.
Yes, exactly!!!
- Aug 7, 2017
- 270
Read this story a short while back. I had version 5.34 x64 (a perpetual license copy). The executable was undoubtedly updated automatically from 5.32 the last time I ran the program. Have uninstalled CCleaner for now.
Strangely I got a secure boot error yesterday (the very first time) during a cold boot that warned me of changes to some Windows files or the BIOS. The SSD was secure erased and the BIOS reflashed. And then I restored my boot/system drive from a Macrium Reflect image. This backup program has never failed me.
Strangely I got a secure boot error yesterday (the very first time) during a cold boot that warned me of changes to some Windows files or the BIOS. The SSD was secure erased and the BIOS reflashed. And then I restored my boot/system drive from a Macrium Reflect image. This backup program has never failed me.
- Jun 10, 2017
- 248
As I have done with CCleaner since day one. I only give outbound permission to programs that will not work without it, which seems like a good practice in case something like this ever comes up with a trusted, signed executable.
- Sep 5, 2017
- 149
You can easily do these tasks manually -- even better any browser allows you to do that - even better gives you multiple choices like deleting just cache from last x day etc.Before I shut my computer down at the end of the day I like it to clean all the temporary internet files, cache and leftover files from uninstalled programs. I also occasionlly use it to manage startup programs and scheduled tasks. So no, I don't expect any magic at all, only to do what it's supposed to do.
Removing leftovers can also be done manually, in some cases you may use a specialized tool that just has that one job to do and will usually do it better.
You can manage start-up from a utility in Windows: msconfig.
You can manage scheduled tasks also in Windows: taskschd.
- Jul 6, 2017
- 271
I know all of that, but still this was a convenient multipurpose piece of software that covers all of those things.
- Jan 8, 2017
- 1,320
- Jun 10, 2017
- 248
I mostly agree, and prefer to edit my registry by hand. So I have only used the registry cleaner in CCleaner sparingly, and usually take a system image first to be safe, even though the cleaner offers to back up you reg files before changing anything, which you should take advantage of anyway.
One thing I like about the registry cleaner is that it lists all the things that it thinks are wrong, prior to making any changes, which can save you some manual searching for entries. No need to have it actually remove anything, unless you want to, and you can choose to select only specific entries for removal, if desired.
But under normal operation, it is mostly unnecessary to clean the Windows registry of obsolete entries, as they are not likely to affect performance. If you are experiencing some conflicts due to a previous software install, that is another issue that you probably need to deal with the registry directly for.
- Jun 21, 2017
- 616
wow
we need to use your instinct in the malware hub for testing your instinct works better than virus total :devil:this was a convenient malicious piece of software
- Jul 6, 2017
- 271
this was a convenient malicious piece of software
Touché.
But to be fair, we can't be sure that any software is completely safe and tomorrow the same thing might happen with any other widely used program.
- Aug 12, 2015
- 1,263
I'm not sure if I should use CCleaner now or look for alternative.
- Jan 16, 2017
- 1,469
Indeed. This was a very convinient tool. Windows built in tools are too slow and inconvinient. Other third party tools I've tried either don't work well or manages to screw up something.I know all of that, but still this was a convenient multipurpose piece of software that covers all of those things.
