Malware found in official Ccleaner installers


Level 4
Feb 12, 2017
Go into "application control" and Deny network access for CCleaner!


Thank you very much mate! Really nice with the screenshot too =)


Level 11
Jan 28, 2016
Like others here thankfully my laziness looks like it's saved me. Still on version 5.21. Checked the registry just in case and there was no Agomo key so hopefully I'm OK.That's me finished with CCleaner. I don't see how it's possible to trust a product after something like this.
Last edited:


Level 2
Aug 6, 2017
I cannot comment on the transition of Piriform over to avast! and their acquisitions over the software such as CCleaner, but I'm not entirely sure if it may have had an impact. I stopped using CCleaner about a month ago as a result of the transition.

If you haven't already and would like to try an alternative I strongly endorse the use of BleachBit or Wise Care 365.
Last edited:


Level 44
Jan 27, 2017
This article indicates Avast has been compromised and that this breach was a direct result of Avast acquiring CCleaner.. Somehow, I knew this product was ruined when Avast acquired them. This product is now tainted goods and not worth a 10th of whatever Avast paid for it. Note: Immunet now uses Morphisec and Talos... IMO it is very possible Avast could face litigation from this.

Software Has a Serious Supply-Chain Security Problem
CCleaner app had been installed 2.27 million times from when the software was first sabotaged in August until last week. (not including the Agomo/CCleaner Cloud Subscribers and businesses subscribers who were also hit)

Avast cryptographically signs installations and updates for CCleaner. The hackers had apparently infiltrated Avast's software development or distribution process before that signature occurred, so that the antivirus firm was essentially putting its stamp of approval on malware, and pushing it out to consumers.
Last edited:


Staff member
Malware Hunter
Jul 22, 2014
Last day I installed Kaspersky Free for a try. After updating it I did run a full system and the AV didn't flagged any files as malware. Since I uninstalled Kaspersky and switched back to BD Free I cannot do a scan again.

Since I have the problematic Ccleaner533.exe I now analysed it through VirusTotal and the result is shocking indeed:


I just checked my PC, I have it but luckily the 64 bit one... I'm scanning now :mad:...
Incredible that Avast still doesn't detect it on VT!...on 19 September!(n)


Level 24
Dec 17, 2014
I hope I am ok and didn't get infected. I can't remember which version I downloaded. I remember it asked me in the program one time to download an update which actually downloaded through the program without having to go to file hippo etc. I hope it wasn't the infected version. I am running Sophos Home Beta and Zemana Anti Malware Premium and I ran a scan and all is fine. I also have a 64x system so I hope it installed the 64bit version of Ccleaner Free which I heard is safe.
Last edited:
  • Like
Reactions: venustus


Staff member
Malware Hunter
Jul 22, 2014
Last edited:


Level 40
Sep 26, 2014
Well when this poll reflects the general opinion, this blooper flushed half of the sum of money Avast paid for Piriform down the drain.

CFO of Avast can write off half of the Piriform Investment.
I totally agrre on that.
As for CCleaner and other 3rd party cleaner i have stop using them for some time now.
I use windows biult in Disk cleaner which does a good job even not as fast as the others but at least i am on the safe side of not doing any harm to my system.

As for the poll i would say that i still trust them but i would stay away a while from them just to be safe.
I don't see why i shouldn't trust them.
Many security products have been hacked before but people still trust them and of course they are using them.
So why not the same with CCleaner?


Level 31
Content Creator
May 13, 2017
I recall CCleaner trying to connect out about a week ago, I have checking for updates disabled, so it seems that blocking outbound connections for trusted software is not such a bad idea after all, especially since even trusted apps, with a valid digital signature, can not be trusted anymore. :(