CCleaner 5.33 Is Infected w/Multi-Stage Malware Payload

[djMot]

FYI.  If you have CCleaner 5.33 installed (or ever had that version installed), you have been infected with a multi-stage malware payload capable of command and control remote code execution - a botnet..  Restore from a backup prior to August 15, 2017.  Or maybe a restore point if you have one prior to that date, but I've never put much stock in restore points.

Source:  http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html?m=1

 

[Merlin007]

I use it. Will check which version. Thanks for the heads up.

If it is, will probably be last time I use it.

[Sammy]

Havent used that one in years. But a pretty scary trend really when you cant trust distributors anymore. Gotta watch out where their servers are since some locations are more easily susceptible to this than others.

[JohnnyNashville]

I use it, my version is v5.34.6207(64 bit)...I have the paid version. Thanks for the notification.

 

Johnny

[7Toes]

lol of course it is. everything has malware in it even brand new computers,the way to stop this is to catch several of these asshats and have the disemboweled in a public execution.to show the rest what is instore for them when they get caught... 

[Icequeen]

@jumper you use this?

[Angelz]

I use ccleaner but did not update to that version. Good thing 5.34 came out and the cleaner is now clean lol

[Merlin007]

Had the version they were talking about but was the 64bit so all ok.  Checked registry and no weird entries.  Updated. Ran malwarebytes and all ok.

Thanks again there @djMot

[djMot]

It does appear that it's only the 32bit version installer that contains the malware payload.  A lot of other sources are now reporting on this now, too, and saying that it's the 32bit version that has taken the hit.  But remember, the downloader comes with both 32 and 64 bit versions.  Apparently the one that runs is determined by your OS bit size.  As it seems absurd to run a 32bit version of Windows on ANY current hardware, that might end up being the saving-grace here.  But if you have the 5.33 installer on your system, the payload is there whether installed or not.  I would still recommend anyone with this version run a full scan of their system to be on the safe side, and regardless of your bit size.  If by chance any of you do have 32bit Windows installed, it's time to backup your data, wipe, and reinstall.  Scan your data before moving back onto your fresh, clean copy of Windows.  The good news is that this appears to be more of a botnet than something really malicious like ransomware.  Could still possibly be used to install something more serious.  Be safe everyone!

 

 

[tacobill]

Ya.  Is normally a good program, but the first thing i always did was turn off auto update and monitoring.  Filehippo has other versions if u want an older one.   LOL it goes from 5.32 to 5.34 skipping 5.33.  Thanks for the info.

[Damage_inc-]

i got 5.28 64bit.,no sense in upgrading it all the time.man go to the souce.filhippo has given me viruses in the past it attaches  malware

for real-time protection I use malware-bytes.best ive had

[PainKiller]

I have 5.30.6065, I should be okay, right?

[Angelz]

Since day 1 I will only trust/download ccleaner from http://www.piriform.com

[Tw33tle_Dee]

All 64 bit machines were clean, had one 32 bit laptop that had the CCleaner malware. Malwarebytes removed threat easily.