Nergal

It's clear, from the second link you gave, that the 2nd stage was on a few computers, and targeted. As far as the variants, who knows that's why you got no answer, what're your sources on this or did you just happen to download and hash the file twice. I've forwarded to the admin because maybe they know but I'd rather see where your info comes from first, honestly.

You don't need to figure it out. The ccleaner.exe file, from only the 5.33.6162 build, had a backdoor installed. The developers released a .6163 version with the backdoor removed. They then released 5.34 and 5.35 as more secure versions (see their relevant change logs). As you well know, since your involved in it, there's a active thread on this that explains all of this https://forum.piriform.com/index.php?showtopic=48869 It would be better to continue that thread than to open multiple new threads. That said, the forensics on this are pretty done. There's not been any action beyond what the main thread has in it.

What version ccleaner? Are you on Microsoft's inside track or any other windows beta testing?

What in blazes are you talking about. What does tampered mean here? What is the (I assume is) hashcode a hash of. What does this have to do with ccleaner?

Defraggler sees locked microsoft files which windows ignores their effect on the fragmentation. At least that's how I understand it

Yes the 5.35 (and 5.34) version of ccleaner is without trojan. More information at this thread https://forum.piriform.com/index.php?showtopic=48869

Not something that's to be fixed. Something (one file for instance) is locked in use. Did you do what was asked in the second post

Never mind you're the same poster from another thread that lists those. Let me know if the sessions fixes this as well

Can you post an screenshot of your ccleaner firefox section (on the applications tab)

Uncheck session in ccleaner's chrome section, this should keep the wanted tabs. Please come back if this doesn't solve the issue

Try turning off session in ccleaner's firefox section

Is firefox running when you start ccleaner?

Why are you confused by the simple fact that both ccleaner 5.33 and cloud 1.07.3191 both were infected. Yes agomo is ccleaner cloud, which, I assume, made that all the harder for cloud users to know the infection happened.

Never say never, but yeah never

Do you have any firefox on there other than waterfox? If not then it's already detecting it; browsers are cleaned by their parent browser's heading. You also may need to set customlocation See http://www.piriform.com/docs/ccleaner/advanced-usage/ccleaner-ini-files/how-to-clean-user-data-from-non-standard-mozilla-browsers

Then, because windows 7, you'll need to be admin and will get a UAC warning when trying to delete the file

Didn't high sierra just come out this week? I'll try to get an estimate of time for the next ccleaner macos. Edit: also if you have pro and it's still in the first year you can ask the developers directly through priority support

That's because you reinstalled it, your settings were still in registry/ccleaner.ini

Make sure all instances of ccleaner are exited, including monitoring, are ended (check task manager) If none running, or it still doesn't work, go to c:\program files\ccleaner and manually delete ccleaner 64.exe. Then click retry - or if, exited installer, rerun installer. Edit: what windows version are you using, you gave a bunch of unneeded info of your pc but left that detail out.

@patrykr you got it mostly correct except for skip uac being default it isn't. I also think the shortcuts on recycle bin also first call ccleaner.exe

Not sure what this has to do with the topic, but CustomLocation is only for chrome, firefox, opera. If you have further questions, please start a new thread instead of posting in someone else's

What you have there is the installer for ccleaner 5.33. There is indeed a virus in it. The latest version 5.35 is not infected.

No, you cant. There is no ccleaner for iPad or iPhone. There's one for windows, one for mac and one for Android, but iPads run iOS.

Change your resolution back to normal, there's a checkbox for never show this again that's being hidden

Wait you're not finished here,lol. We need a screenshot of the error you get. If your user a administrator on the machine? Edit:ninja'd by member