djMot Posted September 18, 2017 Member ID: 3189 Group: *** Clan Members Followers: 93 Topic Count: 355 Topics Per Day: 0.08 Content Count: 5232 Content Per Day: 1.17 Reputation: 11105 Achievement Points: 48740 Solved Content: 0 Days Won: 112 Joined: 02/11/12 Status: Offline Last Seen: Tuesday at 11:48 AM Birthday: 12/24/1957 Device: Windows Share Posted September 18, 2017 FYI. If you have CCleaner 5.33 installed (or ever had that version installed), you have been infected with a multi-stage malware payload capable of command and control remote code execution - a botnet.. Restore from a backup prior to August 15, 2017. Or maybe a restore point if you have one prior to that date, but I've never put much stock in restore points. Source: http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html?m=1 Mr_Wick 1 Link to comment Share on other sites More sharing options... Awards
Merlin007 Posted September 18, 2017 Member ID: 2068 Group: +++ COD5 Head Admin Followers: 69 Topic Count: 1072 Topics Per Day: 0.22 Content Count: 8429 Content Per Day: 1.73 Reputation: 7289 Achievement Points: 74878 Solved Content: 0 Days Won: 64 Joined: 12/25/10 Status: Offline Last Seen: 1 hour ago Birthday: 05/23/1973 Device: Windows Share Posted September 18, 2017 I use it. Will check which version. Thanks for the heads up. If it is, will probably be last time I use it. djMot 1 Link to comment Share on other sites More sharing options... Awards
Sammy Posted September 18, 2017 Member ID: 3036 Group: ***- Inactive Clan Members Followers: 31 Topic Count: 219 Topics Per Day: 0.05 Content Count: 9419 Content Per Day: 2.08 Reputation: 7515 Achievement Points: 62539 Solved Content: 0 Days Won: 21 Joined: 11/29/11 Status: Offline Last Seen: December 30, 2023 Birthday: 04/26/2008 Device: Windows Share Posted September 18, 2017 Havent used that one in years. But a pretty scary trend really when you cant trust distributors anymore. Gotta watch out where their servers are since some locations are more easily susceptible to this than others. djMot 1 Link to comment Share on other sites More sharing options... Awards
JohnnyNashville Posted September 18, 2017 Member ID: 25938 Group: ***- Inactive Clan Members Followers: 21 Topic Count: 343 Topics Per Day: 0.14 Content Count: 1493 Content Per Day: 0.59 Reputation: 284 Achievement Points: 13299 Solved Content: 0 Days Won: 0 Joined: 05/17/17 Status: Offline Last Seen: December 25, 2022 Birthday: 08/08/1961 Share Posted September 18, 2017 I use it, my version is v5.34.6207(64 bit)...I have the paid version. Thanks for the notification. Johnny djMot 1 Link to comment Share on other sites More sharing options...
7Toes Posted September 18, 2017 Member ID: 87 Group: ***- Inactive Clan Members Followers: 57 Topic Count: 98 Topics Per Day: 0.02 Content Count: 3789 Content Per Day: 0.71 Reputation: 3589 Achievement Points: 27249 Solved Content: 0 Days Won: 7 Joined: 09/02/09 Status: Offline Last Seen: March 18, 2022 Birthday: 04/02/1871 Share Posted September 18, 2017 lol of course it is. everything has malware in it even brand new computers,the way to stop this is to catch several of these asshats and have the disemboweled in a public execution.to show the rest what is instore for them when they get caught... djMot 1 Link to comment Share on other sites More sharing options... Awards
Icequeen Posted September 18, 2017 Member ID: 9264 Group: *** Clan Members Followers: 89 Topic Count: 91 Topics Per Day: 0.02 Content Count: 6094 Content Per Day: 1.52 Reputation: 7989 Achievement Points: 51439 Solved Content: 0 Days Won: 54 Joined: 05/13/13 Status: Offline Last Seen: 4 hours ago Birthday: 07/13/1981 Device: Android Share Posted September 18, 2017 @jumper you use this? Link to comment Share on other sites More sharing options... Awards
Angelz Posted September 18, 2017 Member ID: 24295 Group: **- Inactive Registered Users Followers: 11 Topic Count: 272 Topics Per Day: 0.09 Content Count: 2311 Content Per Day: 0.78 Reputation: 2829 Achievement Points: 20239 Solved Content: 0 Days Won: 17 Joined: 03/27/16 Status: Offline Last Seen: January 2, 2021 Share Posted September 18, 2017 I use ccleaner but did not update to that version. Good thing 5.34 came out and the cleaner is now clean lol djMot 1 Link to comment Share on other sites More sharing options...
Merlin007 Posted September 18, 2017 Member ID: 2068 Group: +++ COD5 Head Admin Followers: 69 Topic Count: 1072 Topics Per Day: 0.22 Content Count: 8429 Content Per Day: 1.73 Reputation: 7289 Achievement Points: 74878 Solved Content: 0 Days Won: 64 Joined: 12/25/10 Status: Offline Last Seen: 1 hour ago Birthday: 05/23/1973 Device: Windows Share Posted September 18, 2017 Had the version they were talking about but was the 64bit so all ok. Checked registry and no weird entries. Updated. Ran malwarebytes and all ok. Thanks again there @djMot Hoth, djMot and Damage_inc- 2 1 Link to comment Share on other sites More sharing options... Awards
djMot Posted September 19, 2017 Member ID: 3189 Group: *** Clan Members Followers: 93 Topic Count: 355 Topics Per Day: 0.08 Content Count: 5232 Content Per Day: 1.17 Reputation: 11105 Achievement Points: 48740 Solved Content: 0 Days Won: 112 Joined: 02/11/12 Status: Offline Last Seen: Tuesday at 11:48 AM Birthday: 12/24/1957 Device: Windows Author Share Posted September 19, 2017 It does appear that it's only the 32bit version installer that contains the malware payload. A lot of other sources are now reporting on this now, too, and saying that it's the 32bit version that has taken the hit. But remember, the downloader comes with both 32 and 64 bit versions. Apparently the one that runs is determined by your OS bit size. As it seems absurd to run a 32bit version of Windows on ANY current hardware, that might end up being the saving-grace here. But if you have the 5.33 installer on your system, the payload is there whether installed or not. I would still recommend anyone with this version run a full scan of their system to be on the safe side, and regardless of your bit size. If by chance any of you do have 32bit Windows installed, it's time to backup your data, wipe, and reinstall. Scan your data before moving back onto your fresh, clean copy of Windows. The good news is that this appears to be more of a botnet than something really malicious like ransomware. Could still possibly be used to install something more serious. Be safe everyone! JohnnyNashville 1 Link to comment Share on other sites More sharing options... Awards
tacobill Posted September 19, 2017 Member ID: 2366 Group: ***- Inactive Clan Members Followers: 14 Topic Count: 4 Topics Per Day: 0.00 Content Count: 76 Content Per Day: 0.02 Reputation: 41 Achievement Points: 665 Solved Content: 0 Days Won: 0 Joined: 04/03/11 Status: Offline Last Seen: February 7 Birthday: 08/27/1976 Device: Windows Share Posted September 19, 2017 Ya. Is normally a good program, but the first thing i always did was turn off auto update and monitoring. Filehippo has other versions if u want an older one. LOL it goes from 5.32 to 5.34 skipping 5.33. Thanks for the info. Link to comment Share on other sites More sharing options... Awards
Damage_inc- Posted September 19, 2017 Member ID: 2048 Group: ***- Inactive Clan Members Followers: 0 Topic Count: 294 Topics Per Day: 0.06 Content Count: 6689 Content Per Day: 1.37 Reputation: 4709 Achievement Points: 48999 Solved Content: 0 Days Won: 5 Joined: 12/15/10 Status: Offline Last Seen: November 29, 2023 Birthday: 05/30/1967 Device: Windows Share Posted September 19, 2017 i got 5.28 64bit.,no sense in upgrading it all the time.man go to the souce.filhippo has given me viruses in the past it attaches malware for real-time protection I use malware-bytes.best ive had Merlin007 1 Link to comment Share on other sites More sharing options... Awards
PainKiller Posted September 19, 2017 Member ID: 20107 Group: ++ COD2 Admin Followers: 19 Topic Count: 120 Topics Per Day: 0.03 Content Count: 2016 Content Per Day: 0.52 Reputation: 2486 Achievement Points: 16701 Solved Content: 0 Days Won: 14 Joined: 09/21/13 Status: Offline Last Seen: Monday at 08:00 PM Birthday: 08/01/1994 Device: Windows Share Posted September 19, 2017 I have 5.30.6065, I should be okay, right? Link to comment Share on other sites More sharing options... Awards
Angelz Posted September 19, 2017 Member ID: 24295 Group: **- Inactive Registered Users Followers: 11 Topic Count: 272 Topics Per Day: 0.09 Content Count: 2311 Content Per Day: 0.78 Reputation: 2829 Achievement Points: 20239 Solved Content: 0 Days Won: 17 Joined: 03/27/16 Status: Offline Last Seen: January 2, 2021 Share Posted September 19, 2017 Since day 1 I will only trust/download ccleaner from http://www.piriform.com Damage_inc- 1 Link to comment Share on other sites More sharing options...
Tw33tle_Dee Posted September 20, 2017 Member ID: 23628 Group: ** Registered Users Followers: 1 Topic Count: 33 Topics Per Day: 0.01 Content Count: 337 Content Per Day: 0.11 Reputation: 218 Achievement Points: 2278 Solved Content: 0 Days Won: 0 Joined: 11/26/15 Status: Offline Last Seen: Monday at 03:04 PM Device: Windows Share Posted September 20, 2017 All 64 bit machines were clean, had one 32 bit laptop that had the CCleaner malware. Malwarebytes removed threat easily. Link to comment Share on other sites More sharing options...
Recommended Posts