• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

CCleaner

Hi,

Sitting here reading a BBC news story that CCleaner 5.33 contained malware for around a month (mid August to mid Sept) until it was recently replaced with 5.34. According to the story this affected 2.27 million users.

So if that's true how come my Norton Security (I do full weekly scans) never noticed this malware... and how do I know I'm "safe" again now if Norton never noticed it in the first place?

Thanks,

David

Replies

Kudos1 Stats

Re: CCleaner

Kudos1 Stats

Re: CCleaner

According to Talos, the Virus Total regimen for checking antivirus products against a submitted sample turned up only one AV package that correctly identifies this infection, "Win.Trojan.Floxif-6336251-0."

Antivirus packages will likely increase their detections in the next few hours, but it’s still concerning.

 https://www.computerworld.com/article/3226046/microsoft-windows/heads-up...

It got by all of the AV products and is only now being added to definitions.  Had any AV detected this earlier, that sort of information would have been shared and the malware would have come to light much sooner.

Kudos0

Re: CCleaner

Kudos0

Re: CCleaner

ClamAV is seldom known for doing anything useful. Odd that they are even came up.

Kudos0

Re: CCleaner

But when will Norton detect and remove this? Why should I have to use other AVs to do so? Isn't that what I'm paying Norton for? With this and all the recent muffed up releases and Coming Soons, is Norton in a "bad way"?

Thanks.

Kudos0

Re: CCleaner

Users running the 64 bit version are unaffected. This from a bleepingcomputer link posted by Krusty13

https://www.bleepingcomputer.com/how-to/security/ccleaner-malware-incide...

Quote ---------An unknown threat group compromised the CCleaner infrastructure.

The attacker added malware to the 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191.

The files were available for download between August 15 and September 12.

Windows 10 Home X 64
Kudos1 Stats

Re: CCleaner

F 4 E:

Users running the 64 bit version are unaffected. This from a bleepingcomputer link posted by Krusty13

https://www.bleepingcomputer.com/how-to/security/ccleaner-malware-incide...

Quote ---------An unknown threat group compromised the CCleaner infrastructure.

The attacker added malware to the 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191.

The files were available for download between August 15 and September 12.

Hi @F 4 E,

That link was posted here first by @bjm_  -  https://community.norton.com/en/comment/7632211#comment-7632211, but I seen it first in this thread at Wilders Security Forums.

https://www.wilderssecurity.com/threads/security-notification-for-ccleaner-v5-33-6162-and-ccleaner-cloud-v1-07-3191-for-32-bit-windows-users.396778/

Cheers!

A little bit of knowledge is... well a little bit of knowledge.
Kudos1 Stats

Re: CCleaner

DavidCoffield:

But when will Norton detect and remove this? Why should I have to use other AVs to do so? Isn't that what I'm paying Norton for? With this and all the recent muffed up releases and Coming Soons, is Norton in a "bad way"? 
Thanks.

for example
File name: ccleaner-5-33-6162.exe
Detection ratio: 35 / 63
Analysis date: 2017-09-19

Kudos0

Re: CCleaner

bjm_:
DavidCoffield:

But when will Norton detect and remove this? Why should I have to use other AVs to do so? Isn't that what I'm paying Norton for? With this and all the recent muffed up releases and Coming Soons, is Norton in a "bad way"? 
Thanks.

for example
File name: ccleaner-5-33-6162.exe
Detection ratio: 35 / 63
Analysis date: 2017-09-19

 How odd that Avast still misses that detection!  

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: CCleaner

....odd....Avast engine tuned to ignore Piriform ?


“We have no indications that any other data has been sent to the server. Working with US law enforcement, we caused this server to be shut down on the 15th of September before any known harm was done.”

http://www.independent.co.uk/life-style/gadgets-and-tech/news/ccleaner-latest-updates-antivirus-app-malware-not-know-customers-use-piriform-avast-a7954896.html 

Kudos0

Re: CCleaner

bjm_:
DavidCoffield:

But when will Norton detect and remove this? Why should I have to use other AVs to do so? Isn't that what I'm paying Norton for? With this and all the recent muffed up releases and Coming Soons, is Norton in a "bad way"? 
Thanks.

for example
File name: ccleaner-5-33-6162.exe
Detection ratio: 35 / 63
Analysis date: 2017-09-19

Now 41 / 64 and Avast is now detecting this.  I see Cylance and SAS among others are still missing it though.

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: CCleaner

FWIW, now using Wise Disk Cleaner as recommended by a Whirlpool forum user jmatt.

Been using these for a long, long time, about 10 years on every comp I fix/work on.

Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System/Hard-Disk-Utils/Wise-Disk-Cleaner.shtml
http://www.freewarefiles.com/Wise-Disk-Cleaner_program_93075.html
http://www.freewarefiles.com/screenshot.php?programid=93075
http://www.wisecleaner.com/download.html
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://fs5.directupload.net/images/170116/4dxbbi8v.gif
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif

Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/Registry-Tweak/Wise-Registry-Cleaner.shtml
http://www.freewarefiles.com/Wise-Registry-Cleaner_program_89666.html
http://www.freewarefiles.com/screenshot.php?programid=89666
http://www.wisecleaner.com/wiseregistrycleanerfree.html
http://i.imgur.com/Qy7HWcA.gif
http://fs1.directupload.net/images/160910/vg3f4cq4.gif
http://fs1.directupload.net/images/160910/ye7lgtf2.gif
http://fs1.directupload.net/images/160910/sfbkb7se.gif
Solution for Wise Registry Cleaner being reported as a PUP and blocked by Antivirus
http://forum.wisecleaner.com/index.php?/topic/12384-solution-for-pupoptionalwiserc/?p=27062

Windows 10 Home X 64
Kudos0

Re: CCleaner

As a loyal Norton Security user, it is very upsetting that my Norton product did not detect and quarantine the recent infections that came along with Ccleaner V.533.

Two Windows 10 machines supposedly protected by Norton Security were infected by Trojans Floxi and Nyetnya.

A different anti-malware program detected and quarantined both infected files.

RobertF37

Kudos0

Re: CCleaner

I agree. I see there are multiple threads on this on here now but no-one's yet (as far as I can see) answered the basic question of how come Norton didn't spot something that according to the news stories affected up to 2.7 million people over an entire month. Lot of people, long time. I'm no longer sure I trust CCleaner and I'm toiling a bit with Norton now too after this and their recent muff ups with Coming Soon releases etc.

Kudos1 Stats

Re: CCleaner

Again, this malware escaped detection by virtually all antivirus products until the recent announcement of its discovery.  It is always worthwhile to remember that there are threats in the wild at all times that are, at least, temporarily, undetectable.  All types of defense have limitations, including antivirus programs.  Antivirus will protect you against 90-95% of known malware, but it does not make you bulletproof anymore than a flu shot will protect you against every strain of the flu.

Kudos0

Re: CCleaner

RobertF37:

As a loyal Norton Security user, it is very upsetting that my Norton product did not detect and quarantine the recent infections that came along with Ccleaner V.533.

Two Windows 10 machines supposedly protected by Norton Security were infected by Trojans Floxi and Nyetnya.

A different anti-malware program detected and quarantined both infected files.

RobertF37

...and different anti-malware program was resident on two Windows 10 machines supposedly protected by Norton Security ?  source ?

Kudos0

Re: CCleaner

Malwarebytes was installed on both machines. A full system, manual scan detected and quarantined the infections. Real time protection did not. In all honesty I doubt if anything would have detected the infections prior to September 18th.

Kudos0

Re: CCleaner

RobertF37:

Malwarebytes was installed on both machines. A full system, manual scan detected and quarantined the infections. Real time protection did not. In all honesty I doubt if anything would have detected the infections prior to September 18th.

Maybe, MBAM on-demand scan found CCleaner 32bit installer on your 64bit machine. 
To reduce attack surface. I'll delete CCleaner languages & 32bit installer on my 64bit machines.
YMMV

Kudos1 Stats

Re: CCleaner

@RobertF37,

Did you update CCleaner to the new unaffected version?  If so, did you do this before or after running the MBAM scan?  I ask because MBAM is famous for finding harmless remnants of things that have already been removed, which may be the case if you had updated CCleaner prior to running the scan.

Kudos2 Stats

Re: CCleaner

No, I did not update CCleaner to the new unaffected version either before or after the MBAM scan. MBAM detected and quarantined the V.533 infections on two machines. Afterwards I deleted the quarantined files, uninstalled CCleaner V.533 on both machines and repeated the scans. No infections were detected. I was aware of a problem with both machines for some time but virus scans kept coming up clean until on or about September 18th. I always update virus definitions before running a scan. I then repeated this process on a 3rd machine belonging to a friend with the same results. I have since learned that installing CCLeaner V.534 will overwrite the infected files and eliminate the problem.

Kudos0

Re: CCleaner

Windows 10 Home X 64
Kudos0

Re: CCleaner

I've been reading all these forums posts on this as I just today found 3 of my machines infected with this that are running Norton. As of today, Norton scans still detect nothing and MBAM has found and removed infected .exe files and registry keys from the machines. Finding it very hard justifying paying for a premium product that's ignoring an obvious infection several days after it's discovery.

Kudos0

Re: CCleaner

I am running 64 bit Win10 and have been running CCleaner for years. I've been on 64 bit ccleaner since I upgraded to 64 bit win 7. I always take the latest ccleaner update as soon as it comes out.

According to this, there's a 2nd payload and it might be on 64bit too.

http://www.ghacks.net/2017/09/21/ccleaner-malware-second-payload-discove...

I've checked my machines for the registry settings and searched for the dll's, but the only one that has a matching dll is in my Norton directory., but one of the hashes I get using powershell get-filehash matches the one provided, so I assume its safe?

Regardless, I hope Norton can verify this all and provide a fuller check than me doing this by hand..

Kudos0

Re: CCleaner

Hello

Norton has been protecting your computers since Sept.19 against the first CCL Trojan . If you have run Live Update, it should have included that protection. I don't know about the 2nd one yet.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: CCleaner

Piriform has added Digital Signatures from Symantec to it's product now. It wouldn't be the first time hackers used a popular software to distribute a virus/malware. Right click the installer (exe) file and click Properties and click on the Digital Signatures to check.

Windows 10 Pro 64-bit / Norton Security v.22.17.x

This thread is closed from further comment. Please visit the forum to start a new thread.