Video The Horror of CCleaner

Telos

Level 11
Verified
Joined
Jan 29, 2017
Messages
548
#2
Wondering now if I ever used this version... and I get my CCleaner updates through Kaspersky too. o_O

So blocking CCleaner 'net access would have rendered this moot? Apart from update checks, there's no reason this program requires outside access AFAIK.
 
Last edited:

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
3,524
#3
Wondering now if I ever used this version... and I get my CCleaner updates through Kaspersky too. o_O

So blocking CCleaner 'net access would have rendered this moot? Apart from update checks, there's no reason this program requires outside access AFAIK.
The fundamental issue is not specific to CCleaner.

It doesn't much matter what security software you have installed if it employs the concept of trusting files and processes based upon widely accepted criteria.
 

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
3,524
#7
This happened to me, I manually deleted ''Agomo'' from the Registry Editor and updated CCleaner to the latest version.
Avast stated that the Agomo key was not relevant, but at the same time they have revised their statements regarding compromised CCleaner a few times already. Revisions of initial analyses and reports are generally common. Just look at Eternal Blue\Double Pulsar\SMB as a prime example.
 

L S

Level 5
Verified
Joined
Jul 16, 2014
Messages
209
OS
Windows 10
Antivirus
Avast
#8
Avast stated that the Agomo key was not relevant, but at the same time they have revised their statements regarding compromised CCleaner a few times already. Revisions of initial analyses and reports are generally common. Just look at Eternal Blue\Double Pulsar\SMB as a prime example.
Yeah ....... But, I was supposed to do something, I can not just ignore it .
 
Likes: seanss

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
3,524
#10
LS- deleting the agomo key is pointless as it will be repopulated when the malware next starts. Deletion will not prevent subsequent connections.
I know. I already played with it. However, I just don't want to be involved in the "you said, but Avast said, Piriform is now saying, and Cisco Talos says everybody else is wrong, etc." As you already know these topics are generally an endeavor against misinformation or incorrect information right from the very initial report - and I'd rather just stay out of it. Just look at what was done with EB\DB\SMB - where some (actually more than just some people) insulted themselves professionally.
 

L S

Level 5
Verified
Joined
Jul 16, 2014
Messages
209
OS
Windows 10
Antivirus
Avast
#11
LS- deleting the agomo key is pointless as it will be repopulated when the malware next starts. Deletion will not prevent subsequent connections.
Okay, ....... but whay do I left the 'agamo' key there (when I know is there), now at least I know that it is gone and if it accidentally appears again, then I will know that the malware reacted again.
P.S. - Will you leave the 'agamo' key there ?
 
Last edited:

L S

Level 5
Verified
Joined
Jul 16, 2014
Messages
209
OS
Windows 10
Antivirus
Avast
#15
So we should not be using ccleaner? How about the portable version?

If we don't use ccleaner, what should we use in it's place?
CCleaner was infected but only version 5.33.6162 & (also) the CCleaner Cloud version 1.07.3191 .
....... BUT NOW It's Okay to use it - Updated Version 5.35 and UP , the same is for CCleaner Cloud .......
....... - I Use It and there is no more infections in CCleaner - It's Clean ! ! ! (Portable Version Too) = Also the Millions of Users still Use CCleaner !!! Yes !!! (y)
Here Some Alternatives for CCleaner :
- Wise Care 365
- AVG PC TuneUP
- Glary Utilities
- Win Optimizer
- BleachBit
- Private Eraser
- KCleaner
- PrivaZer
- Wise Disk Cleaner
& Here You Have This:
- The best free alternatives to CCleaner 2017 | TechRadar
& Plus You Have (to look for info) :
- www.google.com/
& Some Extra Courtesy :
- Piriform - Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users
 
Joined
Aug 16, 2013
Messages
61
OS
Windows 10
#16
I had the infected installer on my laptop. Fortunatley the infected one was 32 bit. 64bit was clear. Microsoft Security has detected and deleted it in the same moment i was reading news about server violation of Ccleaner Software house. I was surprised because i don't trust at all that program. After that i installed Emsisoft anti-malware just in case :p
 
Likes: frogboy

cruelsister

Level 36
Content Creator
Verified
Joined
Apr 13, 2013
Messages
2,509
#17
Hi Fede! The issue with the 2nd opinion scanners was that they only detected this thing after the MD5 was released by Cisco/Talos.

I did a video (unpublished because I didn't think anyone would care) testing the big three (MB, HMP, Zemana) against the most common CCleaner malware and was surprised that even after 30 days only 1 of the 3 detected the malware, and none detected the reg entry.

Also, I keep reading that some folk think they would never have an issue with stuff like this as they would deny Network access to it. Although quite true in this case, understand that other software may require Internet access to work. Consider that the Group (this was no script Kiddie malware!) needed to acquire BOTH the Private Signing key to legitimize the false CCleaner as well as getting the FTP credentials to upload the malware to the Server. Getting either of these things is not easy or inexpensive.

Fortunately Peasants like us would never be bothered by such high quality stuff- as soon as those responsible detected that we were just plain folk the secondary malware would never have been uploaded to our systems. This malware was created for Corporate Espionage, but could also be used for Military Cyber Attacks. But still we should not feel good that we as individuals would have been unaffected. Personally I would rather have my personal info stolen then living in a Country where the Defense C&C Severs were taken down as the missiles fly in, or having the Electrical Grid crash as the Tanks barrel across the border (btw, this was the rationale of why the US questions the use of K in critical infrastructure. Thank God there are FINALLY Ears that Hear and Minds that actually Think).
 

shmu26

Level 64
Verified
Joined
Jul 3, 2015
Messages
5,394
OS
Windows 10
#18
Indeed, we should not waste our time and energy trying to protect ourselves from super-advanced attacks that are not targeting us anyway. Our time would be better spent brushing our teeth or doing other similar things that have known benefits.
 

TairikuOkami

Level 16
Content Creator
Verified
Joined
May 13, 2017
Messages
798
OS
Windows 10
Antivirus
Default-Deny
#20
The horror is when your AV/AM software in your system cannot automatically detect and clean it
That is a good point, I am sure that many AVs exclude it even from a behavioural scanning because it is a trusted software. How many others are also neglected?! :unsure:
 

Similar Threads

Similar Threads