Bobmitch
Omnipotent Enthusiast
- Total Posts : 8328
- Reward points : 0
- Joined: 2007/05/07 09:36:29
- Status: offline
- Ribbons : 47
MSI MAG X670-E Tomahawk; Ryzen 7 7800X3D; Asus TUF RTX 4070 TI OC; Seasonic Vertex GX-1000 PSU; 32 GB Corsair Vengeance DDR5-6000 RGB; Corsair iCue Link H150i RGB 360MM AIO; 2-Western Digital Black 4 TB SN850X NVMe; Creative SoundBlaster Z; Lian Li Lancool III; EVGA Z15 Keyboard; Razer Viper 8K Mouse Heatware: http://www.heatware.com/eval.php?id=72402 Affiliate code: 1L2RV0BNQ6 Associate Code: UD82LJP3Y1FIQPR
|
rjohnson11
EVGA Forum Moderator
- Total Posts : 102263
- Reward points : 0
- Joined: 2004/10/05 12:44:35
- Location: Netherlands
- Status: online
- Ribbons : 84
Re: Ccleaner 5.33 infected with Backdoor!
2017/09/18 04:37:45
(permalink)
That's why I download software from reputable sources and scan it before installing it.
|
EyeDeeNo
SSC Member
- Total Posts : 670
- Reward points : 0
- Joined: 2017/01/12 09:15:18
- Location: 97km north of New York City
- Status: offline
- Ribbons : 12
Re: Ccleaner 5.33 infected with Backdoor!
2017/09/18 09:10:57
(permalink)
This compromise only affected customers with the 32-bit version of the v5.33.6162 of CCleaner and the v1.07.3191 of CCleaner Cloud. No other Piriform or CCleaner products were affected. Who uses 32-bit (x86) anyway? Edit: Even if I was using the 32-bit (x86) of CCleaner version 5.33.6162 I have already updated and moved to 5.34.6207 a week ago.
post edited by EyeDeeNo - 2017/09/18 09:16:29
Lenovo 710-25ISH IdeaCentre with an Intel Core i5-6400 ~ Win10 Home 64-Bit 21H2Lenovo 3642 Motherboard Intel H170 Chipset ~ BIOS FWKTA7A 11/7/2019FSP Group FSP250-30AGBAA 250w 80 Plus BronzeEVGA 04G-P4-6251-KR GeForce GTX 1050 Ti Gaming VBIOS 86.07.22.00.50 ~ Precision XOC 6.0.9 ~ Game Ready 516.59G.SKILL F4-2400C15Q-4GNT Value DDR4 4x4GB KitCrucial CT1000MX500SSD1 MX500 SSD 1TB Firmware M3CR043 (Sabrent BK-PCBS) + Seagate ST2000DM008-2FR102 Barracuda HDD 2TB Pioneer BDR-209UBK Blu-ray Burner ~ Firmware 1.54 10/7/2020AOC E2475SWQE 23.6'' 1ms TN 1080p 60Hz Monitor via Athena CLH-DP0612MM28 DP + Samsung UN32J5500AF 31.5'' TV via Belkin F8V3311B15 HDMICreative GigaWorks
|
aka_STEVE_b
EGC Admin
- Total Posts : 17692
- Reward points : 0
- Joined: 2006/02/26 06:45:46
- Location: OH
- Status: offline
- Ribbons : 69
Re: Ccleaner 5.33 infected with Backdoor!
2017/09/18 11:35:56
(permalink)
I read this but never noticed the part about it being only the 32-bit exe ......Was worried because I have CCleaner on at least 4-5 systems
AMD RYZEN 9 5900X 12-core cpu~ ASUS ROG Crosshair VIII Dark Hero ~ EVGA RTX 3080 Ti FTW3~ G.SKILL Trident Z NEO 32GB DDR4-3600 ~ Phanteks Eclipse P400s red case ~ EVGA SuperNOVA 1000 G+ PSU ~ Intel 660p M.2 drive~ Crucial MX300 275 GB SSD ~WD 2TB SSD ~CORSAIR H115i RGB Pro XT 280mm cooler ~ CORSAIR Dark Core RGB Pro mouse ~ CORSAIR K68 Mech keyboard ~ HGST 4TB Hd.~ AOC AGON 32" monitor 1440p @ 144Hz ~ Win 10 x64
|
CriticalHit_NL
iCX Member
- Total Posts : 404
- Reward points : 0
- Joined: 2009/09/08 10:23:06
- Status: offline
- Ribbons : 17
Re: Ccleaner 5.33 infected with Backdoor!
2017/09/18 12:31:08
(permalink)
rjohnson11 That's why I download software from reputable sources and scan it before installing it.
It came from a legitimate source, piriform themselves. I still have the setup backupped, it just sitting there doesn't do any harm, going to check it out later in a virtual machine. Here is a quote: Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process. Source: https://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users EyeDeeNo Who uses 32-bit (x86) anyway? Edit: Even if I was using the 32-bit (x86) of CCleaner version 5.33.6162 I have already updated and moved to 5.34.6207 a week ago.
aka_STEVE_b I read this but never noticed the part about it being only the 32-bit exe ......Was worried because I have CCleaner on at least 4-5 systems
The installer ccsetup533.exe is an universal installer that installs 32-bit on a x86 system, but both 32-bit and 64-bit on a x64 system. So when you install ccsetup533.exe on a x64 windows you also get the 32-bit CCleaner.exe, while normally CCleaner64.exe is used on x64 systems and used by the created shortcut. I'm currently unsure though if running CCleaner.exe on a x64 system does anything, but both the setup and CCleaner.exe will (soon) be detected by AV/Anti malware vendors. Also see: http://blog.talosintelligence.com/2017/09/avast-distributes-malware.htmlhttps://www.virustotal.com/#/file/1a4a5123d7b2c534cb3e3168f7032cf9ebf38b9a2a97226d0fdb7933cf6030ff/detection (setup) https://www.virustotal.com/#/file/6f7840c77f99049d788155c1351e1560b62b8ad18ad0e9adda8218b9f432f0a9/detection (CCleaner.exe - 32bit) How to know if you've been affected by the malware:- Start up regedit.exe
- Click on 'Edit' at the top.
- Click on 'Search'
- Search for the following text: Agomo
If nothing is found you're not affected by the malware. If it is found, it should be located here and you're affected: HKEY_LOCAL_MACHINE\SOFTWARE\Piriform Things like these exactly show why we shouldn't blindly trust trusted well-known vendors for always delivering clean files, and that Anti-virus/Anti-malware is still relevant to use, even if they don't catch everything, but like airbags and seatbelts.
post edited by CriticalHit_NL - 2017/09/18 13:37:20
i7 3930K 4.4Ghz - EVGA 1080Ti FTW3 - 32GB Corsair Dominator DDR3-1866 - Asus Sabertooth X79 - Samsung 840 Pro 256GB - Samsung 860 Pro 2TB - 3x HGST 7K4000 Deskstar 4TB - 3x HGST Ultrastar He10 8TB - Corsair AX1200i - Asus PG279Q + BenQ BL2411 - Razer Viper Mini/SBF98 - Logitech Z906 & G35 - Windows 10 Professional
|
fearpoint
CLASSIFIED Member
- Total Posts : 3184
- Reward points : 0
- Joined: 2006/12/16 21:53:57
- Status: offline
- Ribbons : 3
Re: Ccleaner 5.33 infected with Backdoor!
2017/09/18 12:55:56
(permalink)
Wow. From the software developers! Good thing I kept ignoring their updates and still using 5.32 This is pretty serious because either their network is compromised and/or somebody working for them is doing it.
|
Sajin
EVGA Forum Moderator
- Total Posts : 49167
- Reward points : 0
- Joined: 2010/06/07 21:11:51
- Location: Texas, USA.
- Status: offline
- Ribbons : 199
Re: Ccleaner 5.33 infected with Backdoor!
2017/09/18 14:00:24
(permalink)
|
XrayMan
Insert Custom Title Here
- Total Posts : 73000
- Reward points : 0
- Joined: 2006/12/14 22:10:06
- Location: Santa Clarita, Ca.
- Status: offline
- Ribbons : 115
Re: Ccleaner 5.33 infected with Backdoor!
2017/09/18 19:14:13
(permalink)
Thanks for the heads up. Just updated to 5.34 from 5.33
My Affiliate Code: 8WEQVXMCJL Associate Code: VHKH33QN4W77V6A  
|
yodap
CLASSIFIED Member
- Total Posts : 4642
- Reward points : 0
- Joined: 2011/05/15 06:13:40
- Location: NY, Upstate
- Status: offline
- Ribbons : 8
Re: Ccleaner 5.33 infected with Backdoor!
2017/09/19 12:34:37
(permalink)
Piriform isn't Piriform as we knew it. They sold out to the horrible Avast company.
|
CriticalHit_NL
iCX Member
- Total Posts : 404
- Reward points : 0
- Joined: 2009/09/08 10:23:06
- Status: offline
- Ribbons : 17
Re: Ccleaner 5.33 infected with Backdoor!
2017/09/19 13:13:05
(permalink)
yodap Piriform isn't Piriform as we knew it. They sold out to the horrible Avast company.
It has nothing to do with Avast! in this case, in fact, it appears they might have been compromised already on July 3rd 2017, before the acquisition, which happened on 18th of July.
i7 3930K 4.4Ghz - EVGA 1080Ti FTW3 - 32GB Corsair Dominator DDR3-1866 - Asus Sabertooth X79 - Samsung 840 Pro 256GB - Samsung 860 Pro 2TB - 3x HGST 7K4000 Deskstar 4TB - 3x HGST Ultrastar He10 8TB - Corsair AX1200i - Asus PG279Q + BenQ BL2411 - Razer Viper Mini/SBF98 - Logitech Z906 & G35 - Windows 10 Professional
|
Cool GTX
EVGA Forum Moderator
- Total Posts : 30983
- Reward points : 0
- Joined: 2010/12/12 14:22:25
- Location: Folding for the Greater Good
- Status: offline
- Ribbons : 122
Re: Ccleaner 5.33 infected with Backdoor!
2017/09/20 19:30:44
(permalink)
5.35 update http://www.piriform.com/news/release-announcements Wednesday, September 20, 2017 The Piriform team would like to announce the latest release of CCleaner for Windows. CCleaner version 5.35 has been released with a new digital signature to update our systems after the September 18th security notification. We encourage all users to update to this new version.
|
XrayMan
Insert Custom Title Here
- Total Posts : 73000
- Reward points : 0
- Joined: 2006/12/14 22:10:06
- Location: Santa Clarita, Ca.
- Status: offline
- Ribbons : 115
Re: Ccleaner 5.33 infected with Backdoor!
2017/09/20 19:45:00
(permalink)
Cool GTX 5.35 update http://www.piriform.com/news/release-announcements Wednesday, September 20, 2017 The Piriform team would like to announce the latest release of CCleaner for Windows. CCleaner version 5.35 has been released with a new digital signature to update our systems after the September 18th security notification. We encourage all users to update to this new version.
Thanks, I'll upgrade again.
My Affiliate Code: 8WEQVXMCJL Associate Code: VHKH33QN4W77V6A  
|
benwoody
New Member
- Total Posts : 6
- Reward points : 0
- Joined: 2017/09/19 23:50:24
- Status: offline
- Ribbons : 0
Re: Ccleaner 5.33 infected with Backdoor!
2017/09/21 00:03:00
(permalink)
|
bdary
Omnipotent Enthusiast
- Total Posts : 10330
- Reward points : 0
- Joined: 2008/04/25 14:08:16
- Location: Florida
- Status: offline
- Ribbons : 116
Re: Ccleaner 5.33 infected with Backdoor!
2017/09/21 06:22:30
(permalink)
Cool GTX 5.35 update http://www.piriform.com/news/release-announcements Wednesday, September 20, 2017 The Piriform team would like to announce the latest release of CCleaner for Windows. CCleaner version 5.35 has been released with a new digital signature to update our systems after the September 18th security notification. We encourage all users to update to this new version.
Thanks for the update...
|
notfordman
Omnipotent Enthusiast
- Total Posts : 10345
- Reward points : 0
- Joined: 2007/08/09 23:52:23
- Location: In a van, down by the
- Status: offline
- Ribbons : 28
Re: Ccleaner 5.33 infected with Backdoor!
2017/09/21 19:40:23
(permalink)
Thanks for posting about this Bobmitch!
|