1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

CCleaner Malware

Discussion in 'Security and Privacy' started by TonyT, 2017/09/18.

  1. 2017/09/18
    TonyT

    TonyT SuperGeek Staff Thread Starter

    Joined:
    2002/01/18
    Messages:
    8,713
    Likes Received:
    365
    Trophy Points:
    1,093
    Location:
    Fairfax, VA
    Computer Experience:
    echo $experienced;
  2. 2017/09/18
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    2,579
    Likes Received:
    246
    Trophy Points:
    843
    Location:
    Nebraska, USA
    Computer Experience:
    Built. Broke. Fixed.
    I found this very suspicious. A mere month after Piriform was acquired by Avast (and new people gained access to the code), this compromise occurred? Makes me wonder.

    I note there is a new, clean version available for download from here.
     
    Bill,
    #2

  3. to hide this advert.

  4. 2017/09/19
    Arie

    Arie Administrator Administrator Staff

    Joined:
    2001/12/27
    Messages:
    14,912
    Likes Received:
    379
    Trophy Points:
    1,093
    Indeed! Makes me happy that I dumped Avast long ago!

    Cisco's Talos Intelligence Group Blog: CCleanup: A Vast Number of Machines at Risk
     
    Last edited: 2017/09/19
    Arie,
    #3
  5. 2017/09/19
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    2,579
    Likes Received:
    246
    Trophy Points:
    843
    Location:
    Nebraska, USA
    Computer Experience:
    Built. Broke. Fixed.
    Well, Avast put out a very timely and informative report here in stark contrast to the way Equifax has been handling their fiasco. But I note Avast seems to be pointing the finger clearly at Piriform. I don't know if I am buying that.

    In any event, when you become the parent, you assume the responsibility for your kids.

    I do believe them, however, when they say the damage was not near as bad as rumors and viral reports put it.
     
    Bill,
    #4
  6. 2017/10/12
    James Martin

    James Martin Geek Member

    Joined:
    2003/05/15
    Messages:
    2,572
    Likes Received:
    74
    Trophy Points:
    743
    Location:
    North Carolina
    Computer Experience:
    e-Machine mechanic
    Ugh.

    I had no idea Avast bought the popular junk file cleaner.

    For what it's worth, it appears that only 32-bit versions of CCleaner were affected according to comments from the link above.

    I tried ditching Avast, but I couldn't find a decent free alternative with the same light footprint as Avast.

    EDIT: I just recently noticed that Avast is now offering tuneup utilities as part of their anti-virus program. I have no doubt these tools came from CCleaner. Makes one wonder if the CCleaner .exe will be done away with.
     
    Last edited: 2017/10/12
  7. 2017/10/12
    James Martin

    James Martin Geek Member

    Joined:
    2003/05/15
    Messages:
    2,572
    Likes Received:
    74
    Trophy Points:
    743
    Location:
    North Carolina
    Computer Experience:
    e-Machine mechanic
    Does anyone remember the last CCleaner version *before* Avast took over?

    I'm already having issues with the newer CCleaner versions that never existed before.
     
  8. 2017/10/13
    Christer

    Christer Geek Member Staff

    Joined:
    2002/12/17
    Messages:
    5,902
    Likes Received:
    32
    Trophy Points:
    743
    Location:
    Sweden
    Computer Experience:
    I'm trying!
    I checked my recent download and it is version 5.33. which was downloaded from Piriform on 2017-08-31 (folder creation date). I never opened the folder until now and Microsoft Security Essentials promptly removed the 32-bit version since it found "Backdoor:Win32/Floxif.gen!A" in the files "CCleaner.exe" and "ccsetup533_slim.exe".

    I have never used CCleaner and the download was prompted by a discussion on this forum but I never tested it and never will ... :eek: ... I guess.
     
  9. 2017/10/13
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    2,579
    Likes Received:
    246
    Trophy Points:
    843
    Location:
    Nebraska, USA
    Computer Experience:
    Built. Broke. Fixed.
    Tune up utilities are different than clutter cleaners. That said, I sure hope CCleaner does not go away and that Avast does not try to morph it into some program marketed to "make your computer run better than new". That will surely cause even staunch CCleaner supporters like me to lump CCleaner with the other gimmicky programs out there, instead of the fine cleanup utility it has always been and [still] is today.

    As for having issues with the newer versions, it is not likely it has anything to do with Avast. The old Piriform developers are still doing the developing.

    FTR, while I use Windows Defender and not Microsoft Security Essentials, their main components are still very similar and I have never had WD alert me to anything malicious or even suspicious with CCleaner. Same with Malwarebytes.

    I would say it is ill-advised to try and go back to older, outdated versions of any software program and instead, download and install the latest, V5.35.6210 from here (I suggest the "slim" version).
     
    Bill,
    #8
  10. 2017/10/13
    James Martin

    James Martin Geek Member

    Joined:
    2003/05/15
    Messages:
    2,572
    Likes Received:
    74
    Trophy Points:
    743
    Location:
    North Carolina
    Computer Experience:
    e-Machine mechanic
    As part of Avast anti-virus, they are now offering something similar to what you are referring to. I can't remember all of the specifics, but if I remember correctly, the anti-virus program offers a one-button solution to supposedly fix things that slow your computer down (broken registry entries, junk files, identifying resource-hogging apps, etc.). I had the option to remove the new feature, which I did.

    Agreed about the slim version.

    For some reason, the latest CCleaner versions cause Firefox to reload the last web page as if Firefox is trying to recover from a crash. I'm using Windows 7, so I don't know if later Windows versions are affected.
     
  11. 2017/10/14
    Christer

    Christer Geek Member Staff

    Joined:
    2002/12/17
    Messages:
    5,902
    Likes Received:
    32
    Trophy Points:
    743
    Location:
    Sweden
    Computer Experience:
    I'm trying!
    Well, that was not true. I have never used it on my own system but on my friends system while trying to get Adobe Acrobat 9 activated.

    I used the portable version (no installation) from a USB-stick. I extracted the zip-archive to a folder on the HDD and copied that folder to a USB-stick. It puzzles me that Microsoft Security Essentials didn't object at that time ... :confused: ... but since no harm was done (?) maybe yesterdays find was a false positive?

    Today, I downloaded version 535 and let MSE scan the downloaded files and zip-archive, nothing detected. I also extracted the zip-archive and scanning found nothing bad.
     
  12. 2017/10/14
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    2,579
    Likes Received:
    246
    Trophy Points:
    843
    Location:
    Nebraska, USA
    Computer Experience:
    Built. Broke. Fixed.
    CCleaner cleans cookies. If your FF session was open and CC cleared out the cookie, FF may have seen that as a crash. I suspect if you ensured all FF (all open apps) sessions were terminated before running CC, you would not have this problem and you would get a cleaner clean.
     
  13. 2017/10/14
    retiredlearner

    retiredlearner SuperGeek WindowsBBS Team Member

    Joined:
    2004/06/25
    Messages:
    5,457
    Likes Received:
    295
    Trophy Points:
    1,093
    Location:
    New Zealand
    Computer Experience:
    intermediate
    My CCleaner version 5.35.6210 (64bit) works 100% OK in W10.
     
    Bill likes this.
  14. 2017/10/18
    James Martin

    James Martin Geek Member

    Joined:
    2003/05/15
    Messages:
    2,572
    Likes Received:
    74
    Trophy Points:
    743
    Location:
    North Carolina
    Computer Experience:
    e-Machine mechanic
    Not sure of the fault yet. Both of my 7 machines act this way, and my brother called complaining about the issue too. A google search turned up a few more hits as well.
     
  15. 2017/10/18
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    2,579
    Likes Received:
    246
    Trophy Points:
    843
    Location:
    Nebraska, USA
    Computer Experience:
    Built. Broke. Fixed.
    A few hits does not suggest the problem is on CCleaner's side when millions and millions are using it with no problems. I am using CC Ver 5.35.6210 and called up FF and it opened to my home page as expected.
     
  16. 2017/10/28
    James Martin

    James Martin Geek Member

    Joined:
    2003/05/15
    Messages:
    2,572
    Likes Received:
    74
    Trophy Points:
    743
    Location:
    North Carolina
    Computer Experience:
    e-Machine mechanic
    Yes, but many users fail to report such incidents.

    I'll be contacting CCleaner and see what they say about it.
     
  17. 2017/10/28
    retiredlearner

    retiredlearner SuperGeek WindowsBBS Team Member

    Joined:
    2004/06/25
    Messages:
    5,457
    Likes Received:
    295
    Trophy Points:
    1,093
    Location:
    New Zealand
    Computer Experience:
    intermediate
    Maybe you should try W10 James o_O I'm not using W7 at all and can only say there is no problem with W10.
     
  18. 2017/10/29
    James Martin

    James Martin Geek Member

    Joined:
    2003/05/15
    Messages:
    2,572
    Likes Received:
    74
    Trophy Points:
    743
    Location:
    North Carolina
    Computer Experience:
    e-Machine mechanic
    I will in time, Neil.

    For what it's worth, I think I found the problem with Firefox reloading the last viewed page. Evidently, a CCleaner update inserted a session box under its Firefox listings, and after checking said box, Firefox no longer reloads the last viewed page. So far, checking that box has brought things back to normal.
     
  19. 2017/10/30
    Christer

    Christer Geek Member Staff

    Joined:
    2002/12/17
    Messages:
    5,902
    Likes Received:
    32
    Trophy Points:
    743
    Location:
    Sweden
    Computer Experience:
    I'm trying!
    Well, in my opinion that's a problem. CCleaner should make no changes to a system and its settings without notifying the user, giving him/her the option to decline. What other changes does it make, unknown to the user? It should be cleaning, nothing else ... :confused: ... right?
     
  20. 2017/10/30
    Bill

    Bill SuperGeek WindowsBBS Team Member

    Joined:
    2002/01/11
    Messages:
    2,579
    Likes Received:
    246
    Trophy Points:
    843
    Location:
    Nebraska, USA
    Computer Experience:
    Built. Broke. Fixed.
    Yeah, its a problem, but whose problem? I have FF on my systems (and its Pale Moon sibling) and CCleaner made no such changes (without me knowing). When you run CCleaner, it does prompt to close FF so it can do a more thorough cleaning, but you can easily opt out of that too.

    As for the Last Download Location "user option" under FF in CCleaner, that has been there for as long as I can remember. The same option is listed under Chrome, Internet Explorer and Edge.

    Sorry James, but IMHO, this was a user error, not CCleaner's or FF. My "guess" is, at some point in time, you unchecked the user install option for "Enable intelligent cookie scan". By unchecking this option, you told CCleaner to clean (delete) legitimate persistent cookies commonly used by many users. Or perhaps you ran Windows' own Disk Cleanup or another cleaner that did not save those credentials.

    Or James, see below.

    This is true. But as with ANY program, not just CCleaner, the user must always chose the "custom" install option when installing any program or program update. If the user does not select the custom install, the user has chosen to accept the default options. CCleaner, unlike many programs, makes it very easy for users to choose the custom install option allowing the user to select or deselect options, features, install location, or add-ons.
     
    virginia likes this.
  21. 2017/10/30
    James Martin

    James Martin Geek Member

    Joined:
    2003/05/15
    Messages:
    2,572
    Likes Received:
    74
    Trophy Points:
    743
    Location:
    North Carolina
    Computer Experience:
    e-Machine mechanic
    Right, I opted out of intelligent cookie scanning because I remove *all* cookies (and associated web files, history, etc.) at the end of each browsing session, but this has been a common practice of mine for several years now.

    If it was just one computer we're talking about here, one would think that I could've went into CCleaner and accidentally unchecked that box myself, but not on two machines. And then there's my brother complaining about the same issue, so I can only guess this (session box) feature was added during an update, but I have no proof of that yet. And then again, it's possible some other cleaner (TFC, Junkware Removal Tool, AWDCleaner, or Malware Bytes) could have affected some CCleaner settings, but who knows?

    At least the problem is corrected for now.
     

Share This Page