Pamperlang
-
Posts
21 -
Joined
-
Last visited
Posts posted by Pamperlang
-
-
I wonder if users will be silently auto-updated to 5.47 now too (even if they have updates disabled)?
The forced update to 5.46 quietly re-enabled the sending of usage data (even if it was disabled before) so not being able to disable it in 5.47 is a real slap in the face. I'm inclined to think it's a glitch too (otherwise why even provide these options in the GUI) but boy, these mistakes are pretty embarrassing to say the least.
-
There is a news article about this issue up at BleepingComputer now ...
It includes a YouTube video showing how to reproduce the problem.
-
46 minutes ago, nukecad said:
For "some users" read everyone who has an older version, and who hasn't already blocked/deleted their 'emergency' updater.
Yeah it's definitely not just "some users", at the very least it's "most users" but I'm pretty sure it's basically everyone not on the latest version (as you stated).
-
5 hours ago, mta said:
and that forced update, back-door process is wrong on so many levels.
Agreed. The whole thing feels "back-door"-ish ... there is literally zero notification that it got updated so initially thought it was malicious. Ugh!
When I did my test yesterday, after installing the free version of 5.43 and opening it up for the first time I was greeted with the usual "there's a newer version, do you want to download it" dialogue which I declined. I then disabled checking for updates and closed it. Two minutes later I had 5.46 anyway. Let's pause here for a second and think about this. Most people who aren't aware of this forum and this thread would, at that point, probably think they downloaded a bad/malicious installer because it silently and automatically did something (i.e. updated to 5.46) that you specifically told it not to do just 2 minutes ago when you installed it.
-
Since I'm extremely security conscious I decided to do an experiment to establish with absolute certainty that my 5.43 (free) CCleaner install was updated by CCUpdate.exe to 5.46 (and not by something malicious) even though I was already 99.999% sure it was (thanks to this thread). But my OCD was eating at me so ...
I have an older machine with Win 7 Pro on it that I use as an HTPC. It only has Windows 7 Pro and Malwarebytes on it. Nothing else. No Avast software has ever been installed on it. I copied over the exact same 5.43 (free version) installer I used 3-4 months ago (I save the installers for everything I install to a USB drive) and ran the installer. After running the installer I checked the Control Panel and verified that it said 5.43. I opened CCleaner and verified it said 5.43. I unchecked monitoring and "check for updates" and closed CCleaner. Literally 1-2 minutes later I refreshed the Control Panel and lo and behold it now said 5.46 ! I opened CCleaner and yeap, I now had 5.46. So it literally updated itself from 5.43 to 5.46 mere minutes after I installed it.
FWIW I checked the SHA256 fingerprint of the ccsetup543.exe file I used against the SHA256 posted in the Announcements forum and they're exactly the same. So basically, installing any version older than 5.46 is probably pointless at this time since it will likely get auto-updated almost immediately to 5.46 (silently, without notification or warning) unless you disable your internet connection or something.
-
8 minutes ago, abc10 said:
I am really confused now. I got my Windows 7 laptop out this afternoon (normally use Windows 10 desktop). I hardly ever use the laptop except for with my scanner but it has wi-fi so it connects to the internet and updates Windows and Windows Defender as soon as it's switched on. It hasn't been online or switched on for months.
You were probably auto-updated via the update task in Task Scheduler (CCupdate.exe) soon after you switched the laptop on. It appears that most people who is not on the latest version (5.46) is silently getting updated to 5.46 through CCupdate.exe.
-
19 minutes ago, Nergal said:
Yes the devs sent out a version through the "emergency" updater.
Thanks for confirming Nergal!
I was pretty sure I was updated via "CCUpdate.exe" (emergency updater) but since I had the free version of CCleaner installed (I always thought only the paid versions get silent auto-updates) and did NOT have Avast installed (I use MBAM) I couldn't help but be a little worried about malware and such
Thanks again!
-
Can anyone please confirm that they're free version of CCleaner was auto-updated without having Avast installed? It sounds like there were a few but confirmation would be appreciated.
(I did not have Avast installed but was auto-updated from 5.43 (the free/standard version) to 5.46 on September 10)
Thanks!
-
On 9/14/2018 at 09:38, Andavari said:
How difficult is it to just have a dialog box pop-up via CCleaner asking the user Yes or No to download the newest version?
Some sort of notification is essential, especially when the user specifically configured CCleaner not to update.
I had the free/standard version (5.43) installed and had update checking disabled so naturally when I noticed that it updated my initial concern was that it was something malicious.
-
13 minutes ago, Ben Piriform said:
All versions of CCleaner have been GDPR-compliant since 5.43.6522 (released 25 May 2018). While we weren’t legally required to update all our users to GDPR-compliant versions, we have the means to do this and we felt it was right that all our users have access to the same set of privacy controls.
Version 5.46 gives all users the best possible control over their data settings and brings everyone up to date with important stability fixes that prevent the loss of personal settings in Chrome and the potential for broken graphics drivers after a Windows update.
Thanks for the additional info Ben.
One more quick question ... I was on 5.43 and was auto updated to 5.46. You mentioned that 5.43 was already GDPR compliant so I'm just wondering why the 5.43 clients are also being auto-updated? Is it to make sure we have the new privacy controls, etc? Basically I just want to know for sure that 5.43 was also included in the auto-update.
Thanks!
-
3 hours ago, mrdimly said:
Such a task seems to be more regular update performing than a so called emergency one I never found anywhere. Could that sheduled "call back home" task be the previous mentioned "heartbeat" ?
That "CCUpdate.exe" task is the emergency updater and was added in 5.36. It is used to update CCleaner regardless of your auto update settings.
From the v 5.36 release notes ...
QuoteEmergency Updater
Following the security incident in September we have taken steps to improve our security across the board. Within CCleaner, this means the addition of an 'Emergency Updater' security feature that allows us to force a software update in a worse-case scenario.
We don't know yet what criteria is used to determine who receives the forced update to 5.46 (hopefully someone from PiriForm will be able to tell us although we do know that it's no longer used just for "worst-case scenarios") but as long as you keep that "CCleaner Update" task disabled you probably won't be updated.
-
22 hours ago, nikki605 said:
I found 2 more instances of the ccupdate.exe file by looking in my firewall settings:
C:\Users\[username]\AppData\Local\Temp
C:\Windows\Temp
I deleted both files and removed the entries from the firewall list.
FWIW after CCleaner updated to 5.46 I also had these two files in "C:\Windows\Temp":
ccCB5A.tmp (file name is probably random) = SHA-256: 789ff77fdc292246a1956d314e277f497391162f3be4b1be3913bc20c6e7ddb7
ccupdate.exe = SHA-256: 8202b4a2e3a34e799324e97ed13610be07f2b01ae9bd11898fe1d748ea9d04c8 -
Deleted (forgot to quite reply)
-
8 hours ago, Ben Piriform said:
Since the release of v5.46 we have updated some users to this version
Ben, thanks for the confirmation.
Can you please provide a bit more detail with regards to what you mean by "some users"? Is it basically "everyone who is not on 5.46" or is there more to it?
Can you also please confirm that these updates were triggered by CCUpdate.exe as we all suspect? I don't have Avast installed so it couldn't have happened by Avast's software updater. Just want to make sure.
The additional information will go a long way to giving me some peace of mind. I was on the standard (free) 5.43 version (with update checking and monitoring disabled) so I obviously wasn't expecting my installation to silently update itself. As you can imagine, for those of us that run a tight ship and are very security conscious, seeing a product silently update itself causes a lot of stress and anxiety about malware if you weren't expecting it (or don't know the technical details about the update process).
-
15 minutes ago, nikki605 said:
Nope. Later this afternoon, CCleaner updated itself to v5.46 on both my Win7 PCs when I wasn't even using them. I had left v5.40 installed for months with no problem. I am so angry I am beyond words. Looking in Task Scheduler, it still says CCupdate.exe has never run.
How is v5.46 getting installed and how do I stop it?
Yeah this issue is extremely annoying. I uninstalled CCleaner until there's more clarity around this issue.
BTW The Task Scheduler is probably only reporting that CCUpdate.exe never ran because the task was reinstalled along with the rest of CCleaner when it updated to 5.46. It probably ran at least once prior to the update though.
-
Thanks for confirming ... that "CCleaner Update" task is the emergency updater AFAIK.
-
25 minutes ago, nikki605 said:
Every time I try to install v5.40 Slim, it automatically updates to v5.46. I am so mad! How do I stop this unwanted update?
Does the slim version also install the so-called "emergency updater" task in the Task Scheduler? That would probably explain why.
I use MBAM and Kaspersky and therefore don't have Avast installed (or any other 3rd party software updaters), and I had all the settings related to update checking, monitoring etc. disabled in CCleaner, so it had to be the emergency updater task that updated my 5.43 (the standard free version) install to 5.46. I also run a very tight ship so there's is very little chance that it was auto-updated as a result of malware, especially since it is now clear that this is happening to others as well.
-
9 hours ago, John Grey said:
nor do I want it to update itsself, without me doing it.
FWIW, the same thing happened to me. My CCleaner (free version) silently auto updated yesterday from 5.43 to 5.46 without any prompts or warning. I probably wouldn't even have known it updated if I didn't happen to notice the version number change. I had all the usual settings disabled (monitoring, auto update check, etc.) as well, so the update came as quite a surprise to say the least. I didn't however disable the so-called emergency updater in Task Scheduler (which I now see is a popular suggestion) or create firewall rules so the emergency updater is almost certainly the culprit.
-
Add me to the growing list. My CCleaner (the free version) auto updated itself from 5.43 to 5.46 this morning without any prompts or notifications. I never would have known if I didn't happen to notice the version change. I had update checking, monitoring, etc. disabled. I specifically wanted to stay on 5.43 due to all the fuss about the later versions. I bet it's happened to a lot of other people as well but unless you're paying close attention you probably won't notice.
FWIW I'm on Windows 10 Pro and do not have Avast installed so this must have happened via the so-called "emergency updater".
-
I have the exact same issue. All my saved passwords are gone.
I always had "Saved Form Information" checked and while it deleted the stuff I typed into forms, it never deleted the passwords I specifically told FireFox to remember. Forms history and saved passwords in Firefox are two separate things so I agree with a previous comment that - at the very least - this should be two separate options in CCleaner.
Windows Vista Ultimate SP1
Mozilla Firefox 3.0.9
CCleaner 2.19.900
5.46 Latest Version Unwanted and Problems
in CCleaner Bug Reporting
Posted
FWIW this auto-update debacle is now being reported on by HowToGeek as well ...
https://www.howtogeek.com/fyi/ccleaner-is-silently-updating-users-who-turned-off-automatic-updates/
Also, the fact that yet another release had to be pulled really underscores the very reason why we do not want to be auto-updated against our wishes!