Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Floxif detected by Malwarebytes.


  • Please log in to reply
7 replies to this topic

#1 zor_tan

zor_tan

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 19 September 2017 - 12:32 AM

Hello,


I ran a scan with mbam today that detected Trojan.Floxif in CCleaner.exe, I've been doing some lookups and this has been widespread with version 5.33 which I downloaded back in August. I have since quarantined the file and ran additional scans that've came up empty, I'm currently on a 64-bit machine without the Agomo registry key which is apparently associated with additional infections but I'm still quite concerned due the fact that this was essentially on my computer for almost a month without my knowledge. With maybe some strange activity too.


Should I update to 5.34 or just completely uninstall the program? Any help with how to proceed would be appreciated.


Thanks


Edited by zor_tan, 19 September 2017 - 12:35 AM.


BC AdBot (Login to Remove)

 


#2 Uncle bob

Uncle bob

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 19 September 2017 - 02:49 AM

According to this post and this post, you need only update to ver 5.34. They don't specifically address whether or not to modify of delete the Agamo registry key. I suspect it becomes a harmless orphan. Perhaps someone with more knowledge will weigh in. 



#3 Jester_XJ12

Jester_XJ12

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Overland Park, KS
  • Local time:10:23 PM

Posted 19 September 2017 - 05:41 AM

Hello,


I ran a scan with mbam today that detected Trojan.Floxif in CCleaner.exe, I've been doing some lookups and this has been widespread with version 5.33 which I downloaded back in August. I have since quarantined the file and ran additional scans that've came up empty, I'm currently on a 64-bit machine without the Agomo registry key which is apparently associated with additional infections but I'm still quite concerned due the fact that this was essentially on my computer for almost a month without my knowledge. With maybe some strange activity too.


Should I update to 5.34 or just completely uninstall the program? Any help with how to proceed would be appreciated.


Thanks

Same here.  64-bit CCleaner without Agomo reg key flagged as Floxif by mbam. Personally, I will uninstall via Revo and reinstall 5.34, but I guess it depends on whether you trust Avast/Piriform. 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:23 PM

Posted 19 September 2017 - 01:35 PM

Please uninstall the version you have and download and install the latest version of CCleaner if you haven't done so already. This will over-write the bad file
 
You can download it here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 zor_tan

zor_tan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 20 September 2017 - 12:10 PM

According to this post and this post, you need only update to ver 5.34. They don't specifically address whether or not to modify of delete the Agamo registry key. I suspect it becomes a harmless orphan. Perhaps someone with more knowledge will weigh in. 

 

 

 

Hello,


I ran a scan with mbam today that detected Trojan.Floxif in CCleaner.exe, I've been doing some lookups and this has been widespread with version 5.33 which I downloaded back in August. I have since quarantined the file and ran additional scans that've came up empty, I'm currently on a 64-bit machine without the Agomo registry key which is apparently associated with additional infections but I'm still quite concerned due the fact that this was essentially on my computer for almost a month without my knowledge. With maybe some strange activity too.


Should I update to 5.34 or just completely uninstall the program? Any help with how to proceed would be appreciated.


Thanks

Same here.  64-bit CCleaner without Agomo reg key flagged as Floxif by mbam. Personally, I will uninstall via Revo and reinstall 5.34, but I guess it depends on whether you trust Avast/Piriform. 

 

 

Thank you for the replies! So it seems like the installer was present on both the 32-bit and the 64-bit versions but the payload was only utilized on the 32-bit one? Seems strange they would've bothered with the 64-bit unless another method was intended for it that we aren't aware of.

 

 

 

 

Please uninstall the version you have and download and install the latest version of CCleaner if you haven't done so already. This will over-write the bad file
 
You can download it here.

 

Thanks. Would uninstalling normally via Windows Uninstall be adequate or would something like Revo be preferred? Just want to make sure I do this right.



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:23 PM

Posted 20 September 2017 - 12:56 PM

It should uninstall fine thru Windows..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 letmebreakit

letmebreakit

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 23 October 2017 - 11:40 AM

I'm doing some maintenance on my wife's laptop and MBAM found the Trojan. This machine has CCleaner v5.35.6210 currently. I will quarantine with MBAM just to be safe. 

 

The problem has been that MBAM wouldn't update due to some sort of glitch and I had to uninstall it with REVO and hunt for a file that still didn't uninstall. For some reason this happened on two of my machines. The new MBAM v3.2.2 finally installed properly and found the Trojan. 

 

To simplify, MBAM wasn't finding the Trojan and the Trojan stayed in the machines even with CCleaner updates. Problem solved now.



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:23 PM

Posted 23 October 2017 - 02:14 PM

There is also a guide here...

https://www.bleepingcomputer.com/virus-removal/remove-floxif-ccleaner-trojan
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users