App Review The Horror of CCleaner

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
Wondering now if I ever used this version... and I get my CCleaner updates through Kaspersky too. o_O

So blocking CCleaner 'net access would have rendered this moot? Apart from update checks, there's no reason this program requires outside access AFAIK.
 
Last edited:
5

509322

Wondering now if I ever used this version... and I get my CCleaner updates through Kaspersky too. o_O

So blocking CCleaner 'net access would have rendered this moot? Apart from update checks, there's no reason this program requires outside access AFAIK.

The fundamental issue is not specific to CCleaner.

It doesn't much matter what security software you have installed if it employs the concept of trusting files and processes based upon widely accepted criteria.
 
5

509322

This happened to me, I manually deleted ''Agomo'' from the Registry Editor and updated CCleaner to the latest version.

Avast stated that the Agomo key was not relevant, but at the same time they have revised their statements regarding compromised CCleaner a few times already. Revisions of initial analyses and reports are generally common. Just look at Eternal Blue\Double Pulsar\SMB as a prime example.
 

L S

Level 5
Verified
Well-known
Jul 16, 2014
215
Avast stated that the Agomo key was not relevant, but at the same time they have revised their statements regarding compromised CCleaner a few times already. Revisions of initial analyses and reports are generally common. Just look at Eternal Blue\Double Pulsar\SMB as a prime example.
Yeah ....... But, I was supposed to do something, I can not just ignore it .
 
  • Like
Reactions: seanss
5

509322

LS- deleting the agomo key is pointless as it will be repopulated when the malware next starts. Deletion will not prevent subsequent connections.

I know. I already played with it. However, I just don't want to be involved in the "you said, but Avast said, Piriform is now saying, and Cisco Talos says everybody else is wrong, etc." As you already know these topics are generally an endeavor against misinformation or incorrect information right from the very initial report - and I'd rather just stay out of it. Just look at what was done with EB\DB\SMB - where some (actually more than just some people) insulted themselves professionally.
 

L S

Level 5
Verified
Well-known
Jul 16, 2014
215
LS- deleting the agomo key is pointless as it will be repopulated when the malware next starts. Deletion will not prevent subsequent connections.
Okay, ....... but whay do I left the 'agamo' key there (when I know is there), now at least I know that it is gone and if it accidentally appears again, then I will know that the malware reacted again.
P.S. - Will you leave the 'agamo' key there ?
 
Last edited:

sunrise

Level 2
Verified
Aug 2, 2014
61
So we should not be using ccleaner? How about the portable version?

If we don't use ccleaner, what should we use in it's place?
 
  • Like
Reactions: seanss

L S

Level 5
Verified
Well-known
Jul 16, 2014
215
So we should not be using ccleaner? How about the portable version?

If we don't use ccleaner, what should we use in it's place?

CCleaner was infected but only version 5.33.6162 & (also) the CCleaner Cloud version 1.07.3191 .
....... BUT NOW It's Okay to use it - Updated Version 5.35 and UP , the same is for CCleaner Cloud .......
....... - I Use It and there is no more infections in CCleaner - It's Clean ! ! ! (Portable Version Too) = Also the Millions of Users still Use CCleaner !!! Yes !!! (y)
Here Some Alternatives for CCleaner :
- Wise Care 365
- AVG PC TuneUP
- Glary Utilities
- Win Optimizer
- BleachBit
- Private Eraser
- KCleaner
- PrivaZer
- Wise Disk Cleaner
& Here You Have This:
- The best free alternatives to CCleaner 2017 | TechRadar
& Plus You Have (to look for info) :
- www.google.com/
& Some Extra Courtesy :
- Piriform - Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users
 

Fede90

Level 2
Verified
Aug 16, 2013
67
I had the infected installer on my laptop. Fortunatley the infected one was 32 bit. 64bit was clear. Microsoft Security has detected and deleted it in the same moment i was reading news about server violation of Ccleaner Software house. I was surprised because i don't trust at all that program. After that i installed Emsisoft anti-malware just in case :p
 
  • Like
Reactions: frogboy

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Hi Fede! The issue with the 2nd opinion scanners was that they only detected this thing after the MD5 was released by Cisco/Talos.

I did a video (unpublished because I didn't think anyone would care) testing the big three (MB, HMP, Zemana) against the most common CCleaner malware and was surprised that even after 30 days only 1 of the 3 detected the malware, and none detected the reg entry.

Also, I keep reading that some folk think they would never have an issue with stuff like this as they would deny Network access to it. Although quite true in this case, understand that other software may require Internet access to work. Consider that the Group (this was no script Kiddie malware!) needed to acquire BOTH the Private Signing key to legitimize the false CCleaner as well as getting the FTP credentials to upload the malware to the Server. Getting either of these things is not easy or inexpensive.

Fortunately Peasants like us would never be bothered by such high quality stuff- as soon as those responsible detected that we were just plain folk the secondary malware would never have been uploaded to our systems. This malware was created for Corporate Espionage, but could also be used for Military Cyber Attacks. But still we should not feel good that we as individuals would have been unaffected. Personally I would rather have my personal info stolen then living in a Country where the Defense C&C Severs were taken down as the missiles fly in, or having the Electrical Grid crash as the Tanks barrel across the border (btw, this was the rationale of why the US questions the use of K in critical infrastructure. Thank God there are FINALLY Ears that Hear and Minds that actually Think).
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Indeed, we should not waste our time and energy trying to protect ourselves from super-advanced attacks that are not targeting us anyway. Our time would be better spent brushing our teeth or doing other similar things that have known benefits.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top