jaymann2

Thanks NonConvergentWaveform. That was really the essence of my question. I'm not as worried about the past intrusion because there was nothing on there, but am worried about whether there might be any potential ongoing issues once private data starts being added to a computer. Bascially, having used the portable version, is there any residual, ongoing threat still on the computers?

Thanks for your repsonse Nergal, and the video. So just to confirm your conclusion, it is the running of CCleaner.exe process that places the registry markers, not the installation process? So just running the portable version would have left behind some entries in the registry, that would still be there (albeit now pinging a server that is no longer active)?

I'm not a frequent user of CCleaner, but recently (I think) used an infected portable version from a USB stick when setting up some laptops for an overseas school. They are now in a remote location so it's not super simple to check the impact, but just wanted to ask an initial question here. I understand that the portable version was affected, but does that mean it installed anything locally, or would it just have gathered information while running and then stopped? i.e. did it subversively change any registry values while running, or is the malware effectively 'portable' like the version of CCleaner, so that once it's closed, nothing more happens? Hope that makes sense. Because they were basically new when cleaned and still generic, I'm not really that concerned about any personal data being gathered, because there really wasn't any, but need to find out if I should proceed with further cleaning to prevent future issues, or whether instead there is nothing residual on there because I used the portable version? 'Cleaning' now is complicated by location and language. If has to be done, so be it, but maybe isn't necessary because I used the portable version?