Malware found in official Ccleaner installers

[Windows Defender Shill]

Avast owns this malware and they still don't detect it?

 

[Transhumana]

why? what kind of magic do you think it does to your computer? ccleaner is the epitome of snake oil happily & willingly lapped up by users.

Before I shut my computer down at the end of the day I like it to clean all the temporary internet files, cache and leftover files from uninstalled programs. I also occasionlly use it to manage startup programs and scheduled tasks. So no, I don't expect any magic at all, only to do what it's supposed to do.

 

[plat1098]

Yeah, and Avast was bundled like a toolbar with CCleaner full installer until just recently.

I don't know what to vote. Still loyal to it but.......

 

[Azure]

For those that were affected, what will you do? Will you clean install your PC?

 

[shmu26]

The other puzzling thing is that no one's computer actually got hurt by this malware. The backdoor was never used to download and run malicious code, or so they say in the article.
Makes me think that it was a spy job, not a malware job.

 

[Evjl's Rain]

it's not easy to find a better alternative than CCleaner+CCEnhancer
other alternatives usually clean different things and they complement each others

the solution now is to keep CCleaner and block all the out/inbound connections of ccleaner and its related processes

 

[Windows Defender Shill]

Epic fail from CCleaner and Avast, they published digitally signed malware along with the most popular computer cookies and temp file remover on the planet.

 

[shmu26]

For those that were affected, what will you do? Will you clean install your PC?

They claim that the threat is now neutralized, and that actual damage was never done.

 

[L S]

AVAST is very calm, nowhere shows a malware nor on VirusTotal .........

 

[Windows Defender Shill]

I haven't updated in awhile but isn't Chrome or something else bundled along with CCleaner? That would mean they have an agreement with a month long malware distributor.

 

[ispx]

the last adware free ccleaner version, without the google bundling was version 4.17 back in 2014.

 

[frogboy]

So correct me if I am wrong but the X64bit version was not infected. I am hoping so as I only ever use X64 when I can of any software.

 

[L S]

So correct me if I am wrong but the X64bit version was not infected. I am hoping so as I only ever use X64 when I can of any software.

Yes x64 is Clean !

 

[frogboy]

Yes x64 is Clean !

Phew. Thanks.

 

[RoboMan]

Regarding the VT results, ESET has been flagging CCleaner installers as malware for ages now, always as adware-related.

 

[Kuttz]

Holly f*** i was using exactly the 5.33 version till now and neither Bitdefender or Kaspersky AV flagged the Ccleaner as malware ?! Anyway uninstalled the software and needs to look for an alternative. I actually had a silent dislike towards Ccleaner for the past few months for no specific reasons despite I continued using it and my intuition and dislike towards the software was genuine!

 

[paulderdash]

5.33 Slim installer ...

 

[Venustus]

You can add Auslogics,Wise care and money others to this list !!They install adware.Unless you go portable.

 

[SHvFl]

The other puzzling thing is that no one's computer actually got hurt by this malware. The backdoor was never used to download and run malicious code, or so they say in the article.
Makes me think that it was a spy job, not a malware job.

What i can guess happened is that the file was unsigned left on a server to get signed, someone had access to the server and added a malware downloader to the real release. The person signing the software just grabbed the version from the server and signed it(must only had access to 32 bit or the 64 version was again updated after he accessed it. The malware author had to wait for a fair amount of time for all people to get it and then push the malware download to all computers with the affected version. Ccleaner team identified the breach before that and took down the server and issued an update to the program.
This is me guessing.

 

[JHomes]

This is why I do not use CCleaner, if you want to 'clean up' your system you're better off restoring to a snapshot (i.e. Rollback Rx or Comodo Time Machine)