What should Avast do to satisfy people affected by the CCleaner Trojan infection.

  • Nothing. Avast is just the owner.

    Votes: 22 25.6%
  • Provide a specific removal tool, because Talos (security experts) advise image recovery

    Votes: 48 55.8%
  • Provide a give away or discount for the Avast paid version

    Votes: 12 14.0%
  • Provide a give away or discount for the CCleaner paid version

    Votes: 22 25.6%
  • Other please specify

    Votes: 14 16.3%
  • Total voters
    86
  • Poll closed .
5

509322

Blah. I bet no one posting in this thread has ever owned a business, or had a clue.
It's just a bit more than frustrating when learning resources are consolidated here at Malwaretips for user convenience and education - right at the fingertips - and very few bother to avail themselves of any of the resources.
 

Weebarra

Level 15
Verified
I voted for provide a removal tool, i didn't use CC cleaner myself anymore( after it removed something from my registry twice but that was probably something i checked or unchecked after or during the installation) my reason for voting that option is that for just the average joe bloggs home user (me, with next to no knowledge) i wouldn't feel comfortable deleting things from the registry and i don't think i should be expected to. I believe that if they provide this, there is no need to offer discounts etc as no real damage was done to anyones pc from what i gather.

NO.It is not avast's fault.They just acquired a company (Piriform).It is Piriform's fault.
Surely when Avast acquired CCcleaner/Piriform they also inherit the responsibility of the software, you don't get to pick and choose which bits you want to keep, it's a package.
 

hamo

Level 10
Verified
Intersting ..!
Cisco's Talos Intelligence Group Blog: CCleanup: A Vast Number of Machines at Risk

CONCLUSION
This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world. By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates. In many organizations data received from commonly software vendors rarely receives the same level of scrutiny as that which is applied to what is perceived as untrusted sources. Attackers have shown that they are willing to leverage this trust to distribute malware while remaining undetected. Cisco Talos continues to monitor all aspects of the threat landscape to quickly identify new and innovative techniques used by attackers to target organizations and individuals around the world.
 

spaceoctopus

Level 15
Verified
Content Creator
Intersting ..!
Cisco's Talos Intelligence Group Blog: CCleanup: A Vast Number of Machines at Risk

CONCLUSION
This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world. By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates. In many organizations data received from commonly software vendors rarely receives the same level of scrutiny as that which is applied to what is perceived as untrusted sources. Attackers have shown that they are willing to leverage this trust to distribute malware while remaining undetected. Cisco Talos continues to monitor all aspects of the threat landscape to quickly identify new and innovative techniques used by attackers to target organizations and individuals around the world.
Well, Cisco Talos is using this ''event'' for some marketing and manipulations to make some cash ;)
 

R2D2

Level 4
Analysed a late August and an early Sept Macrium image of my C drive (over 60 full/incremental images are saved based on retention rules) to check if my PC was infected. My Start Menu shortcuts always ran the x64 version which did not have the malware payload. Phew! Dodged a bullet there.

What should Avast do? Well, it IS Avast's baby now and they ought to clean up the mess. Firstly, tighten development/build server security to ensure this never happens again. Publish removal instructions and better still offer a free removal tool that makes it easy for users to get rid of the malware. Not every Windows user is comfortable editing the Windows registry.
 
Last edited:

shadek

Level 1
I was shocked when I heard of this. Luckily, I (for some reason I don't remember) had disabled the update check setting so I never updated from .32 to .33. Updated to .35 now since we can't know for sure if .32 was infected.

I think they should provide a cleanup tool for the mess they infected the users with. I can't see why they should give away their or Avast products for free though.
 

roger_m

Level 24
Verified
Content Creator
Hi
I choose "Provide a specific removal tool, because Talos (security experts) advise image recovery"
Avast say there's no need to restore your system:
we don't consider the advice to reformat and/or restore the affected machines to the pre-August 15 state to be based on facts (by similar logic, security companies are not usually advising customers to reformat their machines after a remote code execution vulnerability is identified on their computer, just because there was a hypothetical possibility that something might have gotten in).