Malware found in official Ccleaner installers

spaceoctopus

Level 16
Verified
Top Poster
Content Creator
Well-known
Jul 13, 2014
766
This incident underlines many things.
What were all those advanced next gen tecnologies, super effective behavioral blocking, big datas and advanced heuristics tech doing??:unsure:

Ok,you don't expect your antivirus,antimalware or security suite to detect and know exactly if a server is compromised.But locally, no suspicious behaviors have been detected for almost 4 weeks by any major security company??No connections to some suspicious IPs have been detected?:rolleyes:
 

uninfected1

Level 11
Verified
Top Poster
Well-known
Jan 28, 2016
525
Not a very satisfactory response in my view. For starters a simple apology would have been nice. Instead we just get "We regret the inconvenience experienced by Piriform’s customers".

And I like the way Avast says the incident was the result of an illegal act, as if that is going to deter those involved in such activties, and somehow absolves Avast of blame.
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
BTW: Win 10 OS have some nice feature to clean temp files and recycle bin...

Clipboard01.jpg Clipboard02.jpg
 

Behold Eck

Level 15
Verified
Top Poster
Well-known
Jun 22, 2014
717
Hat`s off to the Cisco Talos team for being first off the mark with this debacle.(y)

Thankfully I take time before updating any progam that`s working as it should so I`ll probably still continue usng ccleaner occasionally.But therein is the problem if you don`t update you`re vunerable to recently discovered exploits and if you do you`re vunerable to a compromised update.:eek:

I suppose this could happen to any piece of software on your system including AV`s so I`ll give Avast a chance to clear up this mess and hopefully they`ve learn`t something from it

No damage done...hopefully.

Regards Eck:).
 

Orion

Level 2
Verified
Apr 8, 2016
83
Not a very satisfactory response in my view. For starters a simple apology would have been nice. Instead we just get "We regret the inconvenience experienced by Piriform’s customers".

And I like the way Avast says the incident was the result of an illegal act, as if that is going to deter those involved in such activties, and somehow absolves Avast of blame.

we released a fixed version 5.33.6163, identical to 5.33.6162 but with the backdoor removed, and pushed this version as a lightweight automatic update to CCleaner userswe released a fixed version 5.33.6163, identical to 5.33.6162 but with the backdoor removed, and pushed this version as a lightweight automatic update to CCleaner users
 
  • Like
Reactions: Venustus

zzz00m

Level 6
Verified
Well-known
Jun 10, 2017
248
The "funny" thing is Thalos recommends restoring your system to a state before August 15, 2017 from a backup if you were affected or to reinstall Windows completely....

..

That was the standard procedure at the last company I worked for. If a corporate PC got malware, it was wiped and a fresh new image installed. No chances taken on a compromised machine, or spending the time to clean it up.

What you do with your own PC is your own business, but it is always recommended to wipe it. If your PC is low priority and you can tolerate some risk of not being 100% sure it is clean, then that is up to you.

But if you get in the habit of taking regular image backups, it only takes a few minutes to do a complete restore.
 

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
That was the standard procedure at the last company I worked for. If a corporate PC got malware, it was wiped and a fresh new image installed. No chances taken on a compromised machine, or spending the time to clean it up.

What you do with your own PC is your own business, but it is always recommended to wipe it. If your PC is low priority and you can tolerate some risk of not being 100% sure it is clean, then that is up to you.

But if you get in the habit of taking regular image backups, it only takes a few minutes to do a complete restore.
I understand why they said it but still think it's "funny"...
If they really know what the MW did and could do Avast is right (user still need to scan their PC to make sure nothing else was downloaded and to change their passwords, best from another PC).
If not, Avast is giving "risky" advices.
Restoring an older image or a fresh Windows install is safer, restoring a backup (with MBR) is safer...
 

Entreri

Level 7
Verified
May 25, 2015
342
Well I lost all faith in CCleaner. I will do my own cleaning using various Windows tools, not going to try another "free" software.

Even though I have a 64bit Win10 system, I nuked the system from orbit. Clean install.
 
  • Like
Reactions: Venustus

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top