Jump to content
Come try out our new Arcade we just put up, new games added weekly. Link at the top of the website ×

CCleaner 5.33 Is Infected w/Multi-Stage Malware Payload


djMot

Recommended Posts


  • Member ID:  3189
  • Group:  *** Clan Members
  • Followers:  93
  • Topic Count:  355
  • Topics Per Day:  0.08
  • Content Count:  5230
  • Content Per Day:  1.18
  • Reputation:   11104
  • Achievement Points:  48729
  • Solved Content:  0
  • Days Won:  112
  • Joined:  02/11/12
  • Status:  Offline
  • Last Seen:  
  • Birthday:  12/24/1957
  • Device:  Windows

FYI.  If you have CCleaner 5.33 installed (or ever had that version installed), you have been infected with a multi-stage malware payload capable of command and control remote code execution - a botnet..  Restore from a backup prior to August 15, 2017.  Or maybe a restore point if you have one prior to that date, but I've never put much stock in restore points.

Source:  http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html?m=1

 

Link to comment
Share on other sites



  • Member ID:  2068
  • Group:  +++ COD5 Head Admin
  • Followers:  69
  • Topic Count:  1065
  • Topics Per Day:  0.22
  • Content Count:  8394
  • Content Per Day:  1.73
  • Reputation:   7237
  • Achievement Points:  74551
  • Solved Content:  0
  • Days Won:  64
  • Joined:  12/25/10
  • Status:  Offline
  • Last Seen:  
  • Birthday:  05/23/1973
  • Device:  Windows

I use it. Will check which version. Thanks for the heads up.

If it is, will probably be last time I use it.

Link to comment
Share on other sites



  • Member ID:  3036
  • Group:  ***- Inactive Clan Members
  • Followers:  31
  • Topic Count:  219
  • Topics Per Day:  0.05
  • Content Count:  9419
  • Content Per Day:  2.09
  • Reputation:   7515
  • Achievement Points:  62539
  • Solved Content:  0
  • Days Won:  21
  • Joined:  11/29/11
  • Status:  Offline
  • Last Seen:  
  • Birthday:  04/26/2008
  • Device:  Windows

Havent used that one in years. But a pretty scary trend really when you cant trust distributors anymore. Gotta watch out where their servers are since some locations are more easily susceptible to this than others.

Link to comment
Share on other sites



  • Member ID:  25938
  • Group:  ***- Inactive Clan Members
  • Followers:  21
  • Topic Count:  343
  • Topics Per Day:  0.14
  • Content Count:  1493
  • Content Per Day:  0.60
  • Reputation:   284
  • Achievement Points:  13299
  • Solved Content:  0
  • Days Won:  0
  • Joined:  05/17/17
  • Status:  Offline
  • Last Seen:  
  • Birthday:  08/08/1961

I use it, my version is v5.34.6207(64 bit)...I have the paid version. Thanks for the notification.

 

Johnny

Link to comment
Share on other sites



  • Member ID:  87
  • Group:  ***- Inactive Clan Members
  • Followers:  57
  • Topic Count:  98
  • Topics Per Day:  0.02
  • Content Count:  3789
  • Content Per Day:  0.71
  • Reputation:   3589
  • Achievement Points:  27249
  • Solved Content:  0
  • Days Won:  7
  • Joined:  09/02/09
  • Status:  Offline
  • Last Seen:  
  • Birthday:  04/02/1871

lol of course it is. everything has malware in it even brand new computers,the way to stop this is to catch several of these asshats and have the disemboweled in a public execution.to show the rest what is instore for them when they get caught... 

Link to comment
Share on other sites



  • Member ID:  9264
  • Group:  *** Clan Members
  • Followers:  87
  • Topic Count:  90
  • Topics Per Day:  0.02
  • Content Count:  6058
  • Content Per Day:  1.53
  • Reputation:   7906
  • Achievement Points:  50962
  • Solved Content:  0
  • Days Won:  53
  • Joined:  05/13/13
  • Status:  Offline
  • Last Seen:  
  • Birthday:  07/13/1981
  • Device:  Android


  • Member ID:  24295
  • Group:  **- Inactive Registered Users
  • Followers:  11
  • Topic Count:  272
  • Topics Per Day:  0.09
  • Content Count:  2311
  • Content Per Day:  0.79
  • Reputation:   2829
  • Achievement Points:  20239
  • Solved Content:  0
  • Days Won:  17
  • Joined:  03/27/16
  • Status:  Offline
  • Last Seen:  

I use ccleaner but did not update to that version. Good thing 5.34 came out and the cleaner is now clean lol

Link to comment
Share on other sites



  • Member ID:  2068
  • Group:  +++ COD5 Head Admin
  • Followers:  69
  • Topic Count:  1065
  • Topics Per Day:  0.22
  • Content Count:  8394
  • Content Per Day:  1.73
  • Reputation:   7237
  • Achievement Points:  74551
  • Solved Content:  0
  • Days Won:  64
  • Joined:  12/25/10
  • Status:  Offline
  • Last Seen:  
  • Birthday:  05/23/1973
  • Device:  Windows

Had the version they were talking about but was the 64bit so all ok.  Checked registry and no weird entries.  Updated. Ran malwarebytes and all ok.

Thanks again there @djMot

Link to comment
Share on other sites



  • Member ID:  3189
  • Group:  *** Clan Members
  • Followers:  93
  • Topic Count:  355
  • Topics Per Day:  0.08
  • Content Count:  5230
  • Content Per Day:  1.18
  • Reputation:   11104
  • Achievement Points:  48729
  • Solved Content:  0
  • Days Won:  112
  • Joined:  02/11/12
  • Status:  Offline
  • Last Seen:  
  • Birthday:  12/24/1957
  • Device:  Windows

It does appear that it's only the 32bit version installer that contains the malware payload.  A lot of other sources are now reporting on this now, too, and saying that it's the 32bit version that has taken the hit.  But remember, the downloader comes with both 32 and 64 bit versions.  Apparently the one that runs is determined by your OS bit size.  As it seems absurd to run a 32bit version of Windows on ANY current hardware, that might end up being the saving-grace here.  But if you have the 5.33 installer on your system, the payload is there whether installed or not.  I would still recommend anyone with this version run a full scan of their system to be on the safe side, and regardless of your bit size.  If by chance any of you do have 32bit Windows installed, it's time to backup your data, wipe, and reinstall.  Scan your data before moving back onto your fresh, clean copy of Windows.  The good news is that this appears to be more of a botnet than something really malicious like ransomware.  Could still possibly be used to install something more serious.  Be safe everyone!

 

 

Link to comment
Share on other sites



  • Member ID:  2366
  • Group:  ***- Inactive Clan Members
  • Followers:  14
  • Topic Count:  4
  • Topics Per Day:  0.00
  • Content Count:  76
  • Content Per Day:  0.02
  • Reputation:   41
  • Achievement Points:  665
  • Solved Content:  0
  • Days Won:  0
  • Joined:  04/03/11
  • Status:  Offline
  • Last Seen:  
  • Birthday:  08/27/1976
  • Device:  Windows

Ya.  Is normally a good program, but the first thing i always did was turn off auto update and monitoring.  Filehippo has other versions if u want an older one.   LOL it goes from 5.32 to 5.34 skipping 5.33.  Thanks for the info.

Link to comment
Share on other sites



  • Member ID:  2048
  • Group:  ***- Inactive Clan Members
  • Followers:  0
  • Topic Count:  294
  • Topics Per Day:  0.06
  • Content Count:  6689
  • Content Per Day:  1.38
  • Reputation:   4709
  • Achievement Points:  48999
  • Solved Content:  0
  • Days Won:  5
  • Joined:  12/15/10
  • Status:  Offline
  • Last Seen:  
  • Birthday:  05/30/1967
  • Device:  Windows

i got 5.28 64bit.,no sense in upgrading it all the time.man go to the souce.filhippo has given me viruses in the past it attaches  malware

for real-time protection I use malware-bytes.best ive had

Link to comment
Share on other sites



  • Member ID:  20107
  • Group:  ++ COD2 Admin
  • Followers:  19
  • Topic Count:  119
  • Topics Per Day:  0.03
  • Content Count:  2015
  • Content Per Day:  0.52
  • Reputation:   2480
  • Achievement Points:  16685
  • Solved Content:  0
  • Days Won:  14
  • Joined:  09/21/13
  • Status:  Offline
  • Last Seen:  
  • Birthday:  08/01/1994
  • Device:  Windows

I have 5.30.6065, I should be okay, right?

Link to comment
Share on other sites



  • Member ID:  24295
  • Group:  **- Inactive Registered Users
  • Followers:  11
  • Topic Count:  272
  • Topics Per Day:  0.09
  • Content Count:  2311
  • Content Per Day:  0.79
  • Reputation:   2829
  • Achievement Points:  20239
  • Solved Content:  0
  • Days Won:  17
  • Joined:  03/27/16
  • Status:  Offline
  • Last Seen:  

Since day 1 I will only trust/download ccleaner from http://www.piriform.com

Link to comment
Share on other sites



  • Member ID:  23628
  • Group:  ** Registered Users
  • Followers:  1
  • Topic Count:  33
  • Topics Per Day:  0.01
  • Content Count:  335
  • Content Per Day:  0.11
  • Reputation:   215
  • Achievement Points:  2265
  • Solved Content:  0
  • Days Won:  0
  • Joined:  11/26/15
  • Status:  Offline
  • Last Seen:  
  • Device:  Windows

All 64 bit machines were clean, had one 32 bit laptop that had the CCleaner malware. Malwarebytes removed threat easily.

Link to comment
Share on other sites


Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.