Ccleaner 5.33 infected with Backdoor! - EVGA Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

Welcome, ! User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes

Mark Thread UnreadFlat Reading Mode ❐

Ccleaner 5.33 infected with Backdoor!

Author Post Essentials Only Full Version
Bobmitch Omnipotent Enthusiast Total Posts : 8328 Reward points : 0 Joined: 2007/05/07 09:36:29 Status: offline Ribbons : 47 2017/09/18 04:31:24 (permalink) Press release from Piniform here: http://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users MSI MAG X670-E Tomahawk; Ryzen 7 7800X3D; Asus TUF RTX 4070 TI OC; Seasonic Vertex GX-1000 PSU; 32 GB Corsair Vengeance DDR5-6000 RGB; Corsair iCue Link H150i RGB 360MM AIO; 2-Western Digital Black 4 TB SN850X NVMe; Creative SoundBlaster Z; Lian Li Lancool III; EVGA Z15 Keyboard; Razer Viper 8K Mouse Heatware: http://www.heatware.com/eval.php?id=72402 Affiliate code: 1L2RV0BNQ6 Associate Code: UD82LJP3Y1FIQPR #1 14 Replies Related Threads
rjohnson11 EVGA Forum Moderator Total Posts : 102263 Reward points : 0 Joined: 2004/10/05 12:44:35 Location: Netherlands Status: online Ribbons : 84 Re: Ccleaner 5.33 infected with Backdoor! 2017/09/18 04:37:45 (permalink) That's why I download software from reputable sources and scan it before installing it. AMD Ryzen 9 7950X, Corsair Mp700 Pro M.2, 64GB Corsair Dominator Titanium DDR5 X670E Steel Legend, MSI RTX 4090 Associate Code: H5U80QBH6BH0AXF. I am NOT an employee of EVGA #2
EyeDeeNo SSC Member Total Posts : 670 Reward points : 0 Joined: 2017/01/12 09:15:18 Location: 97km north of New York City Status: offline Ribbons : 12 Re: Ccleaner 5.33 infected with Backdoor! 2017/09/18 09:10:57 (permalink) This compromise only affected customers with the 32-bit version of the v5.33.6162 of CCleaner and the v1.07.3191 of CCleaner Cloud. No other Piriform or CCleaner products were affected. Who uses 32-bit (x86) anyway? Edit: Even if I was using the 32-bit (x86) of CCleaner version 5.33.6162 I have already updated and moved to 5.34.6207 a week ago. post edited by EyeDeeNo - 2017/09/18 09:16:29 Lenovo 710-25ISH IdeaCentre with an Intel Core i5-6400 ~ Win10 Home 64-Bit 21H2 Lenovo 3642 Motherboard Intel H170 Chipset ~ BIOS FWKTA7A 11/7/2019 FSP Group FSP250-30AGBAA 250w 80 Plus Bronze EVGA 04G-P4-6251-KR GeForce GTX 1050 Ti Gaming VBIOS 86.07.22.00.50 ~ Precision XOC 6.0.9 ~ Game Ready 516.59 G.SKILL F4-2400C15Q-4GNT Value DDR4 4x4GB Kit Crucial CT1000MX500SSD1 MX500 SSD 1TB Firmware M3CR043 (Sabrent BK-PCBS) + Seagate ST2000DM008-2FR102 Barracuda HDD 2TB Pioneer BDR-209UBK Blu-ray Burner ~ Firmware 1.54 10/7/2020 AOC E2475SWQE 23.6'' 1ms TN 1080p 60Hz Monitor via Athena CLH-DP0612MM28 DP + Samsung UN32J5500AF 31.5'' TV via Belkin F8V3311B15 HDMI Creative GigaWorks #3
aka_STEVE_b EGC Admin Total Posts : 17692 Reward points : 0 Joined: 2006/02/26 06:45:46 Location: OH Status: offline Ribbons : 69 Re: Ccleaner 5.33 infected with Backdoor! 2017/09/18 11:35:56 (permalink) I read this but never noticed the part about it being only the 32-bit exe ......Was worried because I have CCleaner on at least 4-5 systems AMD RYZEN 9 5900X 12-core cpu~ ASUS ROG Crosshair VIII Dark Hero ~ EVGA RTX 3080 Ti FTW3~ G.SKILL Trident Z NEO 32GB DDR4-3600 ~ Phanteks Eclipse P400s red case ~ EVGA SuperNOVA 1000 G+ PSU ~ Intel 660p M.2 drive~ Crucial MX300 275 GB SSD ~WD 2TB SSD ~CORSAIR H115i RGB Pro XT 280mm cooler ~ CORSAIR Dark Core RGB Pro mouse ~ CORSAIR K68 Mech keyboard ~ HGST 4TB Hd.~ AOC AGON 32" monitor 1440p @ 144Hz ~ Win 10 x64 #4
CriticalHit_NL iCX Member Total Posts : 404 Reward points : 0 Joined: 2009/09/08 10:23:06 Status: offline Ribbons : 17 Re: Ccleaner 5.33 infected with Backdoor! 2017/09/18 12:31:08 (permalink) rjohnson11 That's why I download software from reputable sources and scan it before installing it. It came from a legitimate source, piriform themselves. I still have the setup backupped, it just sitting there doesn't do any harm, going to check it out later in a virtual machine. Here is a quote: Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process. Source: https://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users EyeDeeNo Who uses 32-bit (x86) anyway? Edit: Even if I was using the 32-bit (x86) of CCleaner version 5.33.6162 I have already updated and moved to 5.34.6207 a week ago. aka_STEVE_b I read this but never noticed the part about it being only the 32-bit exe ......Was worried because I have CCleaner on at least 4-5 systems The installer ccsetup533.exe is an universal installer that installs 32-bit on a x86 system, but both 32-bit and 64-bit on a x64 system. So when you install ccsetup533.exe on a x64 windows you also get the 32-bit CCleaner.exe, while normally CCleaner64.exe is used on x64 systems and used by the created shortcut. I'm currently unsure though if running CCleaner.exe on a x64 system does anything, but both the setup and CCleaner.exe will (soon) be detected by AV/Anti malware vendors. Also see: http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html https://www.virustotal.com/#/file/1a4a5123d7b2c534cb3e3168f7032cf9ebf38b9a2a97226d0fdb7933cf6030ff/detection (setup) https://www.virustotal.com/#/file/6f7840c77f99049d788155c1351e1560b62b8ad18ad0e9adda8218b9f432f0a9/detection (CCleaner.exe - 32bit) How to know if you've been affected by the malware: Start up regedit.exe Click on 'Edit' at the top. Click on 'Search' Search for the following text: Agomo If nothing is found you're not affected by the malware. If it is found, it should be located here and you're affected: HKEY_LOCAL_MACHINE\SOFTWARE\Piriform Things like these exactly show why we shouldn't blindly trust trusted well-known vendors for always delivering clean files, and that Anti-virus/Anti-malware is still relevant to use, even if they don't catch everything, but like airbags and seatbelts. post edited by CriticalHit_NL - 2017/09/18 13:37:20 i7 3930K 4.4Ghz - EVGA 1080Ti FTW3 - 32GB Corsair Dominator DDR3-1866 - Asus Sabertooth X79 - Samsung 840 Pro 256GB - Samsung 860 Pro 2TB - 3x HGST 7K4000 Deskstar 4TB - 3x HGST Ultrastar He10 8TB - Corsair AX1200i - Asus PG279Q + BenQ BL2411 - Razer Viper Mini/SBF98 - Logitech Z906 & G35 - Windows 10 Professional #5
fearpoint CLASSIFIED Member Total Posts : 3184 Reward points : 0 Joined: 2006/12/16 21:53:57 Status: offline Ribbons : 3 Re: Ccleaner 5.33 infected with Backdoor! 2017/09/18 12:55:56 (permalink) Wow. From the software developers! Good thing I kept ignoring their updates and still using 5.32 This is pretty serious because either their network is compromised and/or somebody working for them is doing it. #6
Sajin EVGA Forum Moderator Total Posts : 49167 Reward points : 0 Joined: 2010/06/07 21:11:51 Location: Texas, USA. Status: offline Ribbons : 199 Re: Ccleaner 5.33 infected with Backdoor! 2017/09/18 14:00:24 (permalink) See my current build here: https://forums.evga.com/My-bench-rig-unlimited-power-m3596024.aspx RTX 2080 Ti 4-way SLI?!?!: https://forums.evga.com/RTX-2080-Ti-4way-SLi-set-by-yours-truly-m2954756.aspx #7
XrayMan Insert Custom Title Here Total Posts : 73000 Reward points : 0 Joined: 2006/12/14 22:10:06 Location: Santa Clarita, Ca. Status: offline Ribbons : 115 Re: Ccleaner 5.33 infected with Backdoor! 2017/09/18 19:14:13 (permalink) Thanks for the heads up. Just updated to 5.34 from 5.33 My Affiliate Code: 8WEQVXMCJL Associate Code: VHKH33QN4W77V6A &nbsp #8
yodap CLASSIFIED Member Total Posts : 4642 Reward points : 0 Joined: 2011/05/15 06:13:40 Location: NY, Upstate Status: offline Ribbons : 8 Re: Ccleaner 5.33 infected with Backdoor! 2017/09/19 12:34:37 (permalink) Piriform isn't Piriform as we knew it. They sold out to the horrible Avast company. #9
CriticalHit_NL iCX Member Total Posts : 404 Reward points : 0 Joined: 2009/09/08 10:23:06 Status: offline Ribbons : 17 Re: Ccleaner 5.33 infected with Backdoor! 2017/09/19 13:13:05 (permalink) yodap Piriform isn't Piriform as we knew it. They sold out to the horrible Avast company. It has nothing to do with Avast! in this case, in fact, it appears they might have been compromised already on July 3rd 2017, before the acquisition, which happened on 18th of July. i7 3930K 4.4Ghz - EVGA 1080Ti FTW3 - 32GB Corsair Dominator DDR3-1866 - Asus Sabertooth X79 - Samsung 840 Pro 256GB - Samsung 860 Pro 2TB - 3x HGST 7K4000 Deskstar 4TB - 3x HGST Ultrastar He10 8TB - Corsair AX1200i - Asus PG279Q + BenQ BL2411 - Razer Viper Mini/SBF98 - Logitech Z906 & G35 - Windows 10 Professional #10
Cool GTX EVGA Forum Moderator Total Posts : 30983 Reward points : 0 Joined: 2010/12/12 14:22:25 Location: Folding for the Greater Good Status: offline Ribbons : 122 Re: Ccleaner 5.33 infected with Backdoor! 2017/09/20 19:30:44 (permalink) 5.35 update http://www.piriform.com/news/release-announcements Wednesday, September 20, 2017 The Piriform team would like to announce the latest release of CCleaner for Windows. CCleaner version 5.35 has been released with a new digital signature to update our systems after the September 18th security notification. We encourage all users to update to this new version. Learn your way around the EVGA Forums, Rules & limits on new accounts Ultimate Self-Starter Thread For New Members I am a Volunteer Moderator - not an EVGA employee https://foldingathome.org -->become a citizen scientist and contribute your compute power to help fight global health threats *RTX Project* EVGA X99 FTWK *Nibbler* EVGA X99 Classified EVGA 3080Ti FTW3 Ultra #11
XrayMan Insert Custom Title Here Total Posts : 73000 Reward points : 0 Joined: 2006/12/14 22:10:06 Location: Santa Clarita, Ca. Status: offline Ribbons : 115 Re: Ccleaner 5.33 infected with Backdoor! 2017/09/20 19:45:00 (permalink) Cool GTX 5.35 update http://www.piriform.com/news/release-announcements Wednesday, September 20, 2017 The Piriform team would like to announce the latest release of CCleaner for Windows. CCleaner version 5.35 has been released with a new digital signature to update our systems after the September 18th security notification. We encourage all users to update to this new version. Thanks, I'll upgrade again. My Affiliate Code: 8WEQVXMCJL Associate Code: VHKH33QN4W77V6A &nbsp #12
benwoody New Member Total Posts : 6 Reward points : 0 Joined: 2017/09/19 23:50:24 Status: offline Ribbons : 0 Re: Ccleaner 5.33 infected with Backdoor! 2017/09/21 00:03:00 (permalink) Nice thread. #13
bdary Omnipotent Enthusiast Total Posts : 10330 Reward points : 0 Joined: 2008/04/25 14:08:16 Location: Florida Status: offline Ribbons : 116 Re: Ccleaner 5.33 infected with Backdoor! 2017/09/21 06:22:30 (permalink) Cool GTX 5.35 update http://www.piriform.com/news/release-announcements Wednesday, September 20, 2017 The Piriform team would like to announce the latest release of CCleaner for Windows. CCleaner version 5.35 has been released with a new digital signature to update our systems after the September 18th security notification. We encourage all users to update to this new version. Thanks for the update... #14
notfordman Omnipotent Enthusiast Total Posts : 10345 Reward points : 0 Joined: 2007/08/09 23:52:23 Location: In a van, down by the Status: offline Ribbons : 28 Re: Ccleaner 5.33 infected with Backdoor! 2017/09/21 19:40:23 (permalink) Thanks for posting about this Bobmitch! Heatware : http://www.heatware.com/eval.php?id=68330 #15

Jump to:

Back to Mobile