• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

TweakHound

Computer stuff...

  • Home
  • Windows XP
  • Windows Vista
  • Windows 7
  • Windows 8
  • Windows 10
  • Linux
  • Tweak Guides
  • Site Info
    • About
    • About Me
    • TweakHound’s World
    • Contact
    • My Computers
    • Old Articles
    • Privacy Policy
    • Old Index
    • Advanced Search

CCleaner Compromised, part 2

CCleaner

September 18, 2017, 14:26(EDT) By Eric (a.k.a. TweakHound)

Warning, Opinions ahead.

Claims and Questions
Infected file: 32-bit CCleaner.exe (version 5.33.6162)
AFAIK the 32-bit exe is present in the following versions: Standard, Portable, Pro, and Slim.
I have the slim and portable versions here. The 32-bit exe is identical in both.
AFAIK the portable version doesn’t make registry entries.
Are all versions effected?

Information out there does not add up.
Piriform/Avast says uninstalling is enough.
According to the guys that discovered the malware, “Uninstalling the tool will not remove the malware“.
This is why I haven’t offered any definitive advice on ridding yourself of the problem. Anybody who says that anything other than restoring from an image will fix this is jumping the gun. We do not have all the info.

What? Why? Who?
They said the malware didn’t seek any sensitive info.
The malware put a random unique number to identify the system and then uploaded the following info:
– Name of the computer
– List of installed software, including Windows updates
– List of running processes
– MAC addresses of first three network adapters
– Additional information whether the process is running with administrator privileges, whether it is a 64-bit system, etc.

That is really bizarre. Why go through all that trouble for that little bit of info? Possibilities:
– They did it for the lulz.
– They did it to hurt the reputation of the software/vendor.
– Info we have been given is wrong and the hack is worse.

Then Who?
– They did it for the lulz.
OK, nice hack. No harm on the users end.
– They did it to hurt the reputation of the software/vendor.
Mission accomplished. Now, pissed off employee, ex-employee, or competitor?
– Info we have been given is wrong and the hack is worse.
Whole can of worms here. Leet hackers, state sponsored, organized crime???

Put your tinfoil hat on and chime in!

Tagged With: Freeware, Security

Reader Interactions

Comments

  1. vlad says

    September 18, 2017, 14:48(EDT) at 14:48

    http://www.techrepublic.com/article/if-you-used-ccleaner-software-to-clean-up-your-device-you-may-have-infected-yourself-instead/

    • Eric (a.k.a. TweakHound) says

      September 18, 2017, 15:04(EDT) at 15:04

      Replaced text with link.

  2. Stop the press says

    September 19, 2017, 12:23(EDT) at 12:23

    “About 30% of CCleaner users also run Avast security software, which enables us to analyze behavioral, traffic and file/registry data from those machines. Based on the analysis of this data, we believe that the second stage payload never activated, i.e. the only malicious code present on customer machines was the one embedded in the ccleaner.exe binary,” they explained.

    “Therefore, we consider restoring the affected machines to the pre-August 15 state unnecessary. Customers are advised to update to the latest version of CCleaner, which will remove the backdoor code from their systems. As of now, CCleaner 5.33 users are receiving a notification advising them to perform the update.”

    https://www.helpnetsecurity.com/2017/09/19/ccleaner-backdoor-incident/

    • Eric (a.k.a. TweakHound) says

      September 19, 2017, 13:32(EDT) at 13:32

      “About 30% of CCleaner users also run Avast security software” The company that allowed CCleaner to be compromised.

Primary Sidebar

Popular Posts

Tweaking Windows 10

Software I Use – 2021 Edition

Timer Tweaks Benchmarked

Win10 – Get Auto-Login Back

Recent Posts

  • Wise Disk Cleaner 11.2.4
  • Patch Tuesday
  • Patch Tuesday
  • Monday News
  • BleachBit 5.0.0
  • Saturday News
  • Patch Tuesday
  • Weekend News
  • New Graphics Drivers
  • RIP Woody Leonhard
buywin10th2

Tags

  • Android
  • Backup
  • Beer
  • Computer Hardware
  • Computer News
  • Cool Tools
  • Freeware
  • How-To's
  • Linux
  • Off Topic
  • openSUSE
  • Playlists
  • Privacy
  • Security
  • Software
  • This Site
  • vacation
  • Veterans
  • Windows 10
  • Windows 11
  • Windows 7
  • Windows 8
  • Windows Vista
  • Windows XP

Catagories

  • Android
  • Backup
  • Beer
  • Computer Hardware
  • Computer News
  • Cool Tools
  • Freeware
  • Freeware Machines
  • How-To's
  • Linux
  • News From The Web
  • Off Topic
  • openSUSE
  • Privacy
  • Security
  • Software
  • Tweak Guides
  • Veterans
  • Windows
  • Windows 10
  • Windows 11
  • Windows 7
  • Windows 8
  • Windows Vista
  • Windows XP

TweakHound - Optimize Your Computing Experience! TweakHound - Optimize Your Computing Experience!

Copyright 2002-2025 by Eric Vaughan All material contain here is the property of the materials owner. Windows, Windows XP, Windows Vista, Windows Seven, Windows 8, Windows 10, Windows 11, Microsoft, and all associated logos are trademarks/property of Microsoft. You may not use or copy any material from tweakhound.com without expressed written permission. Hotlinking to any material within this site is forbidden. Privacy Policy