HazySaiyan
Banned
Have to check at home but my work PC is still on 5.30 thankfully. Never updating pays off
Security researchers are now investigating other malware campaigns that appear to have been carried out from Avast's infrastructre, including a Locky ransomware distribution campaign.
CCleaner is useless on modern computers anyway.
Read the blog post to look for artifacts of the malware interacting on your system. aside form that, I'm not sure yet. this seems to still be breaking. Some antivirus software may already be updated to scan for anything it leaves on your system, or shortly will be.
You probably wanna reinstall. It's the only real safe option.
I have a 64bit system but I'm not 100% sure I had the 64bit version installed, I uninstalled the program hastly without checking.Put an up to date antivirus on a flash drive through another PC. Boot infected PC into safemode with networking off. Run scan with flash drive. This usually catches most things. Worse case scenario you'll need to wipe.
No. Google is trying to stop people from downloading "virus scanners" for Android.I've never downloaded a virus scanner on android. It's too hard to weed out the scam scanners, and android has been relatively safe so far in terms of malware, as long as you don't go to weird sites (oddly enough, NeoGAF mobile is the scariest site I go to, with its weird redirecting ads that vibrate your phone, and whatnot).
Should I download a virus scanner, though? And if so, does anyone have a recommendation for a legitimate virus scanner?
People still use CC Cleaner in the age of the SSD?
CCleaner is useless on modern computers anyway.
For a malicious app to enter your phone either something wrong has to happen with the play store verification (in which case they will remove it once detected)
No. Google is trying to stop people from downloading "virus scanners" for Android.
All apps in the play store have to be approved. For a malicious app to enter your phone either something wrong has to happen with the play store verification (in which case they will remove it once detected) or you've enabled the setting to allow installing apps from unknown sources. Just make sure that last one is turned off and keep your phone updated and you should be safe.
Registry cleaning is (and arguably has always been) useless and the storage recovery just empties temp/cache directories and the recycle bin, but CCleaner's uninstall list and startup manager are far better than the built-in Windows features.
???😂People still use CC Cleaner in the age of the SSD?
I haven't updated it in months
Registry cleaning is (and arguably has always been) useless and the storage recovery just empties temp/cache directories and the recycle bin, but CCleaner's uninstall list and startup manager are far better than the built-in Windows features.
This happens routinely and often isn't caught for millions of downloads over several months. Google really needs to step up its game with the Play Store approval process. (But I wouldn't recommend running antivirus software on Android, either.)
Have I been infected?
By default (as always), and at the risk of sounding pessimistic: yes, but the malware doesn't seem to do anything bad (TALOS sinkholed the bad domain names and the malware should be neutralized as a consequence).
Long answer: you'll have to do some checks.
hashes
Check the hash of the files if you still have them. If you have 7zip installed, it can calculate a SHA256 from the contextual menu (right click) (thx u/kftX__).
Else, using Powershell (thx u/ArchiMarK):
C:\> Get-Filehash "C:\Program Files\CCleaner\CCleaner.exe"
This calculates a (unique) signature from the file between quotes. Replace this path with any CCleaner binary you find on your system; also check the installer in your Downloads' folder. If the command above returns one of the following strings, you're infected:
6f7840c77f99049d788155c1351e1560b62b8ad18ad0e9adda8218b9f432f0a9
1a4a5123d7b2c534cb3e3168f7032cf9ebf38b9a2a97226d0fdb7933cf6030ff
36b36ee9515e0a60629d2c722b006b33e543dce1c8c2611053e0651a0bfdb2e9
Registry
You might also check your registry for indicators of compromise (type regedit.exe in the start menu, and try to navigate to):
HKLM\SOFTWARE\Piriform\Agomo:TCID
HKLM\SOFTWARE\Piriform\Agomo:MUID
HKLM\SOFTWARE\Piriform\Agomo:NID
if you find one of them, you have been infected.
Networking traces
If you have the chance of having log traces on your firewall or router, check for the domains and IPs listed in this list.
Okay, I'm infected: so what's the big deal?
My understanding is that ATM the malware does nothing. It's just there, waiting for instructions that will should never come (because TALOS sinkholed the bad domains). Possible solutions include:
Restore from backup if dated before August 15th
Wait for your antivirus to receive an update so that it can identify and deal with this threat
Nuking from orbit Reinstalling sounds also like a sane solution.
Note that uninstalling CCleaner after you've been infected will not fix the issue. The malware was bundled in the installer, so when you ran the installation, it installed both the legit CCleaner + the malware.
Should I stop updating?
Haha, nope. Really, updating software is part of its life on your system and it (usually) solves more issues than it creates. Even if updating software on Windows is cumbersome and associated with downtime (Please don't turn off your machine...), don't lag behind: it's an accident waiting to happen.
Other resources
Original article (search on reddit.com for this link, see r/netsec as well)
Piriform statement -> Only CCleaner cloud v1.07.3191 and CCleaner v5.33.6162 32bit are affected
Virus Bulletin
Millions of people still use XP and Vista around the world.
And it sounds like the 32-bit versions of Win 7+ are vulnerable too.
I'm wondering this too. I have no idea which version I have and I don't want to open to check.Does anyone know if it chooses to install 32 or 64 bit versions?
From a reddit post. I had the 64 bit version installed.
We heard you don't like malware, so we put malware into your anti-malware software, so you can get malware, while trying to remove malvare
why does everyone want my computer dead
This is why I don't have automatic updates on progrems. Tell me there's a new version, fine - but I'll decide if I want it or not.
Quality product for years, bought out by a larger company, immediately starts having major issues its never had in 15 years. The cycle of buyouts wrecking everything continues. This sounds like an inside job.