CCleaner security notification virus embedded in download
Results 1 to 7 of 7
Like Tree7Likes
  • 2 Post By rclint
  • 3 Post By Scorpiusb
  • 1 Post By rclint
  • 1 Post By sgt_zim

Thread: CCleaner security notification virus embedded in download



  1. #1
    Certified Gunnut
    Join Date
    Apr 2016
    Location
    North East Georgia
    Posts
    4,468
    Member #
    66979
    Thanked
    12452 times

    CCleaner security notification virus embedded in download

    If you use CCleaner as I do, and keep it updated please check to see if you have a virus. On the previous update some how a virus was in the C Cleaner update from the piriform site (spl??) I had to double, and triple check to make sure my microsoft antivirus was not picking up some junk that was flagged as a virus...

    I have also noticed that the C Cleaner has added programs ( I reckon they are called apps now) to the download/update so they add on more junk unless you actually read the accept all the mess before you download.... just scan thru it looking for the added on bloatware. I hope this helps... I was not sure where to post

    Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users


    https://www.piriform.com/news/blog/2...-windows-users

    We would like to apologize for a security incident that we have recently found in CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191. A suspicious activity was identified on September 12th, 2017, where we saw an unknown IP address receiving data from software found in version 5.33.6162 of CCleaner, and CCleaner Cloud version 1.07.3191, on 32-bit Windows systems. Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process. We also immediately contacted law enforcement units and worked with them on resolving the issue. Before delving into the technical details, let me say that the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version. Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm.

    Technical description
    An unauthorized modification of the CCleaner.exe binary resulted in an insertion of a two-stage backdoor capable of running code received from a remote IP address on affected systems.

    The suspicious code was hidden in the application’s initialization code called CRT (Common Runtime) that is normally inserted during compilation by the compiler. This code modification was executed by the following function calls (functions marked by red represent the CRT modifications):
    fossil and Blaine like this.

  2. #2
    Super Moderator
    Join Date
    Dec 2012
    Location
    Opelika, Alabama
    Posts
    13,797
    Member #
    37870
    Thanked
    20530 times
    Moving to Computer Help and Freeware...

    Thanks for the info!
    cajun56, rclint and Blaine like this.
    Bart

    Team Old Pharts, Team Marlin Express, Team 30-30, Team 45-70, Team 60, Team Henry, Team Semi-Auto, Marlin League, Team Glenfield, Team 1894

    Symptoms of Marlinitis

  3. #3
    Certified Gunnut
    Join Date
    Apr 2016
    Location
    North East Georgia
    Posts
    4,468
    Member #
    66979
    Thanked
    12452 times
    Quote Originally Posted by Scorpiusb View Post
    Moving to Computer Help and Freeware...

    Thanks for the info!
    Thanks... hope everyone who uses CCleaner checks this.
    Blaine likes this.

  4. Remove Advertisements
    MarlinOwners.com
    Advertisements
     

  5. #4
    Marlin Marksman
    Join Date
    Aug 2016
    Location
    Sugar Land, Texas
    Posts
    1,287
    Member #
    73033
    Thanked
    3750 times
    CCleaner is malware itself, and it does absolutely nothing for your computer's performance. Orphaned registry entries and temp files do not slow down your computer - they're never loaded into RAM, and the amount of disk space they take up is so trivial that even a 5400 RPM HDD blows right by them when reading from or writing to another section of the HDD. Whether your PC has a Solid State Drive (SSD) or HDD, the only thing CCleaner does is spy on you and take up disk space. This White Hat hacker recommends that you uninstall it.
    rclint likes this.
    "If you can remember all of the guns you own, you don't have enough." -- Me

    "Only accurate rifles are interesting." -- Col. Townsend Whelen

  6. #5
    Certified Gunnut
    Join Date
    Apr 2016
    Location
    North East Georgia
    Posts
    4,468
    Member #
    66979
    Thanked
    12452 times
    This long ago not a hacker has used ccleaner for years, and I have never seen the program using any once seen the program using any communication node unless you set to auto update. Ccleaner is a useful tool for removing browsing history, and megabytes of cookies stored on your computer. It's also a great tool for removing unneeded programs, as well as control what starts on startup... for non computer savvy people it gives easy access to these things.

    Could you give me the info on ccleaner that ccleaner is embedded with a trojon, work, or malware that spies on your computer ? Not saying it's not so... just would like to know what is going on. As for the post above someone that worked for ccleaner or hacked into the site caused the problem.

    edit to add.. I never ever download the free trials that comes with programs or the updates like trend AV, or any of that junk... as a matter of fact I'm not sure all the updates are even needed for these programs

  7. #6
    Marlin Marksman
    Join Date
    Aug 2016
    Location
    Sugar Land, Texas
    Posts
    1,287
    Member #
    73033
    Thanked
    3750 times
    All of the features for which you use CCleaner exist natively in all current supported Windows operating systems (Vista, 7, 8, 8.1, and 10).

    what exists in ccleaner varies from version to version. I'd need the file hash of the executable to tell you what a specific problem is. What I can tell you is that it is not allowed to exist anywhere in the corporate environment that I have to protect (about 5000 servers and about 3500 PCs/laptops). Advanced AV tools like Cylance, SentinelOne, and Crowdstrike Falcon will auto-quarantine every version of ccleaner as soon as it is discovered.

    this issue with ccleaner is not new - it has been known malware/spyware for years.

    as far as not seeing odd things happen...Black Hats have taken heed of the fact that they can't just generate random connections to the internet anymore. what they've been doing for the last few years is making their outbound packets (outbound from your computer to the internet) appear to be, or bundled in with, legitimate DNS, http, https, smtp, imap, or ntp traffic (and a number of other, less well-known communication protocols). If you don't have a packet inspector (you probably don't, most people don't) built into your firewall, there's no way to know. It gets even better - a lot of the traffic is encrypted, so the packets would have to be decrypted and inspected by your firewall for you to know that anything (like ccleaner) was generating traffic you wouldn't want generated.
    "If you can remember all of the guns you own, you don't have enough." -- Me

    "Only accurate rifles are interesting." -- Col. Townsend Whelen

  8. #7
    Marlin Marksman
    Join Date
    Aug 2016
    Location
    Sugar Land, Texas
    Posts
    1,287
    Member #
    73033
    Thanked
    3750 times
    It isn't necessarily a beneficial thing to delete your cookies or history. If your cookies are secure/encrypted (this is controlled by the web site that wrote the cookies in the first place, you can't control this), there's actually very little benefit in getting rid of them, and their absence will make web pages load slower. Same thing for your internet history. You can set your browser(s) to retain history for any length of time you like - 7 days is probably about as long as most people need to keep history anyway.
    "If you can remember all of the guns you own, you don't have enough." -- Me

    "Only accurate rifles are interesting." -- Col. Townsend Whelen


Home | Forum | Active Topics | What's New | Subscribed Threads

Sponsored Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. WASRNING DO NOT OPEN POST [POLL] Real or Not Virus
    By groat in forum General Gun Related Off Topic Stuff
    Replies: 0
    Last Post: 07-25-2006, 09:55 AM
  2. HUMOR: Virus Alert
    By Gun Runner in forum The Campfire Tales
    Replies: 0
    Last Post: 05-03-2006, 10:37 PM
  3. Free Target download reduced range target
    By Humpy in forum General Gun Related Off Topic Stuff
    Replies: 9
    Last Post: 04-11-2006, 09:56 AM
  4. computer virus
    By powder in forum General Gun Related Off Topic Stuff
    Replies: 20
    Last Post: 03-09-2006, 09:33 AM
  5. LEO's And Security Folks....can you pick your own ammo?
    By papajohn in forum Law Enforcement
    Replies: 15
    Last Post: 02-27-2006, 11:53 PM