I installed CCleaner probably in early August, so my machine has been infected with the floxif virus for around two months without my knowledge. It's a 64-bit Toshiba Satellite laptop, but I cannot remember if I downloaded a 32- or 64-bit version of CCleaner.
I have experienced some strange activity like unusually high disk consumption even during Idle, and my latest attempt at installing windows updates stalled for two days and would not complete. I have no idea if either of these is related to the virus or other performance issues.
I normally run my computer in non-administrator status; however I do occasionally switch to administrator status when required to complete a task. I do not need to input a password to swap accounts, so I have to admit that I do not know if that makes my non-administrator account ineffective or not.
Since my windows updates froze and would not complete, I had to swap to administrator status to terminate the process and start over. After terminating the update process, I restarted my laptop and re-initialized the windows updates. After the security updates completed yesterday, Sept. 25, I received a notification and quarantine of the floxif virus by Windows Defender (my only AV software currently running in real time). I then deleted the threat, and plan to uninstall my current copy of CCleaner and download a new one.
After the supposed automatic "removal" of Floxif by WD, I ran a Windows Defender quick scan, and was concerned that it "completed" after only two minutes rather than the usual 1.5 hours it has always taken. (Although I did have my 600+ browser tabs closed at the time, but I don't think that's ever made a difference before). I wondered whether remnants of the virus could be terminating the scan and spoofing its completion. I then ran a WD full scan (in custom mode) which took the usual time of over five hours, with nothing else open. Nothing more was detected.
Now I have three basic questions:
1.) I've read that the virus only affects 32-bit machines running from an administrator account. However, there's still some confusion online whether downloading the 32-bit version of CCleaner onto a 64-bit machine still posed a problem for those machines. And since I have swapped to administrator status probably more than once in the last two months, do those two factors mean that the virus could have executed on my machine, and that my files and sensitive information could have been compromised?
2.) Is it possible that my keystrokes could have been recorded for entered passwords, and that I now have to change passwords for every account I may have accessed in the last two months (many)?
3.) I plan to execute the manual removal steps published here on BC, but other manual removal processes published online are even more laborious, involving searching for and removing specific files, registry keys, and any associated unwanted programs, and even resetting all of my web browser's which would delete all of my history, extensions, saved sessions, etc. (losing a lot of data). Is this all necessary even after WD supposedly removed the threat? (I.e. are there still remnants that need to be removed, fixed, and safeguarded and will ADWcleaner detect the associated unwanted programs or is there a known list of them?)
Steps 2 and 3 will require days of work and loss of information. I realize these hackers were targeting large tech companies and care little about my stuff; however I want to be sure my info, computer, and passwords are safe without going through days of possibly unnecessary eradication processes and concern. I have read that leaving any remnants on the machine can cause the virus to resurrect itself or continue to execute in part, and that the browsers have to be cleaned separately, as well as associated unwanted programs removed.
64-bit Toshiba Satellite laptop.
Running Windows 8.1 that was upgraded poorly from windows 8 at the store before my purchase. (There are still some remnants that in some cases make my machine think it is still Windows 8 in identifiers, but Windows 8.1 in others.)
AV software: Windows Defender
Sorry for the long post but I thought I should give as much detail as possible. Thanks very much for your advice!
Edited by Modem_operandi, 26 September 2017 - 07:18 PM.