I didn’t know where else I could “publish” this alert, I hope this is the appropriate forum.
Malware producers surely like popular software to spread virus and all kind of nasty stuff, and CCleaner might be one of their favorites. I caught trojan.malpak by downloading CCleaner from downloadinfo.co by mistake, and this might happen to anyone the least expected day. This is the way I made the said mistake:
If you—like almost everybody—use CCleaner free version, you have to update it somewhat often; normally, you click on CCleaner’s “There is a new version” pop-up dialogue box or “Check for Updates”, and it will send you to piriform.com [CCleaner official website]; but if you’re doing it by googling “CCleaner”, you probably (not always) will be redirected to downloadinfo.co (.co; not .com) instead of piriform.com You don't notice the difference because that website looks a lot like piriform.com, so you will download CCleaner’s new version from there …with unwanted programs and trojan.malpak (also called Trojan Downloader or Sality Virus) which is not-curable, so you got to re-install Windows.
Right when I opened the ccsetup502.exe file, a Malwarebytes pop-up alerted me and I chose “quarantine”, but it couldn’t quarantine it (it said “quarantine failed”).
And if after being infected, you want to return to downloadinfo.co to report it to Google, you can’t get in again.
Edited by Touchito, 05 March 2015 - 10:43 AM.