Andavari

That and the malware was sitting behind a legit digital signature from a trusted vendor.

Just did. Based upon that information, and all the full system scanning I've done my system is clean.

I would assume it's because of "New digital signature." So in other words: More secure to avoid another security breach.

I've ran full scans with everything I can think to scan with on my system (ClamWin, Panda, Malwarebytes, Zemana AntiMalware, anti-rootkit, etc.,) and nothing was found -- even though I had previously used that infected 5.33 version up until 5.34 was released which I started using on the same day it was released 12 September 2017. So the burning question I have is if that registry key HKLM\SOFTWARE\Piriform\Agomo doesn't exist on my system and no infections were found (since some malware likes to download and install other malware) should my system be deemed clean?

Different anti-virus/anti-malware vendors will give the same infection a different name for the detection, so it's not universally named between different vendors.

I also nuke the non-English lang files. As for a Detect I use only this (on old XP 32-bit): Detect=HKCU\Software\Malwarebytes

RAM isn't going to help you, it depends upon the hard disk RPM speed and also how much has to be moved around. You can defrag the fragmented files only from the File list if you don't wish to also optimize the disk -- since optimizing ("filling gaps") on a 7TB disk with 7GB free space could take a very long time.

In the meantime you can upload the setup file you downloaded to VirusTotal to scan it with dozens of antiviruses: https://www.virustotal.com/en/

Yes Portable is also infected. To find out I extracted it from my backup image and these are the ClamWin results: Scan Started Tue Sep 19 05:11:25 2017 ------------------------------------------------------------------------------- C:\Temp\CCleaner.exe: Win.Trojan.Floxif-6336251-0 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 6303670 Engine version: 0.99.1 Scanned directories: 1 Scanned files: 2 Infected files: 1 Data scanned: 0.13 MB Data read: 7.32 MB (ratio 0.02:1) Time: 36.281 sec (0 m 36 s) -------------------------------------- Completed --------------------------------------

Just searched for the hash and it comes up in searches, in particular: * https://www.virustotal.com/en/file/36b36ee9515e0a60629d2c722b006b33e543dce1c8c2611053e0651a0bfdb2e9/analysis/

Read this post then scroll all the way to the top of the page/topic if you wish to read the notification.

Read this official notification: https://forum.piriform.com/index.php?showtopic=48869 Supposedly it doesn't affect MAC according to this post, but your antivirus is telling you something else so I'll notify the Admin about your findings.

We have a separate staff only discussion about it, and I gave a link very early this morning to your topic -- which instantly came to mind. If they obtain any information about that strange version you had that isn't in any change logs hopefully they'll post about it in here.

Closed because all discussion about it should go in the official topic.

Gonna close this. They eluded to all the discussion should be in the official post made earlier.

Cause problems if someone uses WMP, if not which is my case since I prefer different media players so I delete them.

On XP I have a batch file delete these, it's the paths for the Library ("Database as mentioned on here"), and Transcoded Files Cache. Database (on XP): "%userprofile%\Local Settings\Application Data\Microsoft\Media Player\*.wmdb" Transcoded Files Cache (on XP): "%userprofile%\Local Settings\Application Data\Microsoft\Media Player\Transcoded Files Cache\*.*"

That will be this: CustomLocation1=CHROME|C:\Users\Ruben\AppData\Local\Google\Chrome Dev\User Data\Default

Thank you Hazelnut, got it!

See if any of these instructions help: https://forum.piriform.com/index.php?showtopic=40285

I had to download the portable ZIP version using the download manager I have installed since it was impossible to accomplish within the web browsers I have installed. Copied the download link, pasted it into the download manager, and about 2-3 seconds later it was fully downloaded.

One out of many virus scanners in Metadefender giving an FP isn't out of the ordinary.

Then continue on there, and good luck getting your game saves back.

Don't need to be smart about it, I think you fully understand what I meant - unplug it from power, and then plug it back in. And that advice works on the PS4 too when a game crashes it so bad it won't even start.

It's based upon Firefox so when you clean Firefox it should also clean Waterfox. You can right-click the Firefox heading and choose Analyze or Clean to see if it is picking anything up. Edit: If it isn't finding anything look into the community winapp2.ini file here: https://forum.piriform.com/index.php?showtopic=32310