Nergal

There aren't many but here's the list http://www.piriform.com/docs/ccleaner/advanced-usage/command-line-parameters

@mrdimly most competent Av will flag any build of ccleaner 5.33 (normal, pro, ccleaner could, slim and portable) the virus/backdoor is in the executable file ccleaner.exe What your talking about on non-5.33 installer builds flagging is Pup (google bar or chrome) that doesn't exist in slim (it's the ONLY difference between regular installer and slim installer)

Read here https://forum.piriform.com/index.php?showtopic=42539 Ip belongs to fastly according to https://www.findip-address.com/

one pc

I don't quite understand what your ultimate question is, can you boil it down to a question?

Latest ccleaner is 5.35

Download the free version from https://piriform.com/speccy/builds and plug your registration into it (don't know the exact menu, sorry)

Are you certain they belong to Avast? If yes, then in ccleaner you should exclude the keys in question from within ccleaner. They aren't seen as connected to something because you antivirus is doing its job. If it announced to the world that they're connected it would be easier for viruses to break Avast. If not certain, what makes you think they might be part of avast? Do you use virtualbox software?

Uncheck session under chrome, on ccleaner's applications tab

Correct

@jaymann2 the portable exe was also violated so it too would spawn the second process and attempt to call home ("home" has been pwned so there's nothing left to call to) you can see the action of the backdoor in this vid But no the infection would not ask portable, it would place the registry markers

It is the case though. Where do you see ccleanercloudhealthcheck.exe is flagged as virus. Where did you even get that file if you aren't using ccleaner cloud. It was announced that the cloud version of the time was infected, idk if the file ccleaner.exe is the same or different for cloud but both of those were infected, as we've constantly stated

Are you on sp3 for your xp

@Crp yes it is safe to delete them from quarantine most security software will do that within the software in a secure manner.

@Crp comodo flags that a pup (potentially unwanted program) because the google offer in the installer. You can download a version without the google offer if you're worried it's the slim build of http://piriform.com/ccleaner/builds but remember that the slim comes out weeks later than normal installer. But you can just use the normal installer and tell comodo to let it through The one from September that you show for installer 5.33 that says backdoor, that was the actually infected one.

Please follow suite and write the url with hxxp, thanks.

Nope it's hosted on Invision the owner of the php that builds the forum. I guess beetle probably was on the ip address before piriform.

Are your avast definitions up-to-date? Where did you download it from? Please try again and take a screenshot of the message.

Very different issue but it sounds like you have a firewall blocking ccleanerDownload and try slim installer http://piriform.com/ccleaner/buildsOr copy ccleaner.exe and ccleaner64.exe out of the portable build (same page) and paste them on top of your ccleaner install (default c:\program files\ccleaner )

@CC_SR that is correct only 5.33.6162 was affected. No other version, past or present, have the backdoor (malware)

Ok, back on the Android part of this thread Does ccleaner have root access on your device? Is it, per chance, the thumbnail cache which maybe recreated immediately after clean.

You can download the free versions of each and put your registration into them

@Mart1n please start your own thread as this is an android thread

Edited

Sorry I should have been more clear. The info is for the two uploads (the two installers posted within minutes of each other) in his other thread. This Is why one thread is better than three.