Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

May Have Installed CCleaner v5.3 back around 9/5


  • Please log in to reply
10 replies to this topic

#1 HighTide1

HighTide1

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 22 September 2017 - 05:28 AM

Hey everyone. Was just checking through my computer's history, and it looks like around 9/5, I had downloaded and ran ccleaner from the website in my laptop. Now since then I haven't encountered any issues, but with the widespread hack and spread of Floxif malware, I figured I should ask. Is there any way I can just check my computer out? With CCleaner itself, it was only on my computer for a couple of hours before I uninstakled it, and afterwords it left no trace on my system. Should I still be worried though? I have a full-image backup from 9/5 as well, so I may just end going back to that for peace-of-mind, but that would be an ideal last-case scenario. With regards to the malware, does a one know whether it persists on the machine, or is tied complete to the program? Sorry for my rambling, but thanks!



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:48 PM

Posted 22 September 2017 - 05:36 AM

The malware would only execute on 32 bit operating systems. If your's is 64 bit and you have uninstalled CCleaner then you are not affected.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 22 September 2017 - 05:40 AM

Wasn't it shown that the secondary payload ran on 64-bit though? With regards to the first payload, did it determine 32-bit or 64-bit from the installer or at runtime, as I could never actually find a 32-bit copy, only the same setup files. Aside from all that, is there anything I should check? I've verified in the registry and in the files that no trace of CCleaner exists, but I'm hating that I installed it right now, even for only a little bit.

#4 buddy215

buddy215

  • Moderator
  • 13,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:48 PM

Posted 22 September 2017 - 05:52 AM

Windows 32-bit version of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 were affected by the malware, and affected users should update the software to version 5.34 or higher.

 

http://thehackernews.com/2017/09/ccleaner-malware-hacking.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29&_m=3n.009a.1584.os0aof7fkj.yb1


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 22 September 2017 - 05:55 AM

Sorry, my question was how we're we to determine if we had the 32-bit or 64-bit variant of CCleaner. As I installed it through their website, I never saw any separate versions, but rather just the single ccsetup533.exe . Did this program determine the proper variant to install? Or was that the 64-bit version?

#6 what the hell!

what the hell!

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:west coast of Ireland
  • Local time:11:48 PM

Posted 22 September 2017 - 07:33 AM

High Tide....I yesterday turned on my PC and Zone Alarm antivirus detected malware on my PC and pointed to CCleaner as a back door trojan. Before I could take any action my computer froze and I had to power it off. When I turned it back on I checked the internet and firstly found a lot of stuff relating to Zone Alarm reporting a false positive on ccleaner about a year ago. I thought that was it at first . Eventually I found the latest info. on the hack of ccleaner. Before I could check my version my PC started freezing again. I was unable to check the ccleaner version but managed to uninstall it before my pc crashed again. I finally got it back by restoring to an image prior to 15 Sep which was the internet advise given. Malware checks using Zone Alarm free which I had to reinstall failed to show a problem. Unfortunately my log events files didn't help in determining the version of ccleaner I had. I suspect it was 5.33 as I updated it during the critical period. I notice the advice given by the tech firm Cisco Talos which had been targetted is now to format your hard drive as a secondary hidden  payload has been revealed.( https://arstechnica.com/information-technology/2017/09/ccleaner-malware-outbreak-is-much-worse-than-it-first-appeared/ )I find it all it bit worrying and am continuing to use other virus scans and back up my files in case. I would advise the same. Good luck



#7 buddy215

buddy215

  • Moderator
  • 13,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:48 PM

Posted 22 September 2017 - 08:00 AM

Per available info.....If your Windows OS is a 64 bit then the malware did not activate. CCleaner downloads do not specify 32 bit and 64 bit.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 what the hell!

what the hell!

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:west coast of Ireland
  • Local time:11:48 PM

Posted 22 September 2017 - 09:04 AM

My computer is 64 bit but my installed antivirus software detected a virus in ccleaner and I immediately experienced problems



#9 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 22 September 2017 - 10:58 AM

Hey what the hell!. Personally, I would advise you to create your own topic for help, as it sounds like you're experiencing a good couple of issues. I haven't seen anything on the types of problems you've reported, so it might be some conflict with your antivirus and the malicious files, or possibly some other issues. With regards to the antivirus reporting, that seems to have happened on all variants, but it just didn't run on 32-bit.

To buddy215, it sounds like a majority of problems was from people who had long-lasting installations of CCleaner, while for someone like me, who removed the application once done, there aren't as many. Since it seems the uninstaller wasn't affected, that should mean that when I uninstalled it, and later installed 3.29, which I also uninstalled, it overwrote anything that might have been leftover. Given that I haven't found a trace on my machine though, I think the uninstaller did it's job. Has the malware itself been to leave any leftovers on the system? Are there any registry indicators I could look for in case of the second stage? For the most part, I'm just leaving the laptop turned off and using my desktop instead, which has never had CCleaner.

#10 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 7,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:06:48 PM

Posted 22 September 2017 - 12:07 PM

I think, by dumb luck, that I never actually installed version 5.33 of CCleaner but I did download the installer.  I'm already at 5.34, but I'll often skip versions unless I have a need to run a scan after having downloaded it.  If not, I just let the currently installed version do its thing and then see what version shows up the next time (as they change quite often and the basic cleaning functions don't seem to change much).

 

Windows Defender is picking up the installer itself (and removed it) and I'd have to presume that virtually any antivirus/antimalware suite would do so by now.  Even booting into safe mode and running a scan would be a good idea or removing the infected drive and connecting it to another computer as an external drive and running a scan that way.  You have to run the installer for CCleaner 5.33 (and from what I've read so far, on a 32-bit system) for the actual infection of the system to take place.


Brian AKA Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

 

     In a modern society where everyone thinks their opinion deserves to be heard nothing annoys me more than individuals who mistake their personal preferences for fact.

         ~ Commenter TheCruyffGurn on the The Guardian website, 8/13/2014

 

              

 


#11 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 22 September 2017 - 12:19 PM

So ultimately, sounds like I was safe by having a 64-bit system and uninstalled get as soon as I was done, since it didn't leave any leftovers in my system. I've run full system scans, and already had other BleepingComputer people help look at my computer for an unrelated issue, and they didn't see anything wrong. Hopefully, nothing worse comes up in the future, and any way, I already changed all my used passwords.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users