[CCleaner auto-update cannot be turned off, CCUpdate.exe always tries to phone home now]

The CCleaner can not display hidden tasks? And why was it necessary to do this task hidden?

[CCleaner auto-update cannot be turned off, CCUpdate.exe always tries to phone home now]

On 25.10.2017 at 18:44, hazelnut said:

You can turn it off in Scheduled Tasks.

See this thread

https://forum.piriform.com/index.php?showtopic=49069

 

I do not need this task, I delete it. This task will be added to the scheduler now with each update?
Why is this task not being displayed in CCleaner?

[Announcement: Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191]

https://d2wqgvap25i10a.cloudfront.net/monthly_2017_09/image.png.9dca49c1c337b7a6ea175e55ed7db80a.png

 

I had this. Where does that fall in the guidelines?

 

What version of the operating system are you using? 32 bit or 64 bit?

 

-----------------------------------------------

 

Question for administrators or people close to the topic:

Were there any cases of infection of 64-bit computers or not? If so, under what conditions 64-bit computers could infect?

[Announcement: Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191]

This malware issue affected my two 64 bit windows 7 systems.  The malware also attempts to change the Internet Explorer Home Page at every new launch of Internet Explorer.  The warning that some program is trying to do this appears every time.  Uninstalling the malware after using Malwarebytes or Bitdefender eliminates this effect until reboot.  I can establish cause and effect here.  The way that I discovered it was on Sept 19th, Bitdefender blocked the ccleaner exe.  When I rebooted, once the system tray application which runs by default loaded, the problem of the IE homepage hijack returned as well as a subsequent security warning regarding ccleaner.  This means that the malware is not only in the install file, but rather running in one or more of the program modules.  Only total uninstall eliminated the problem.  Additionally, simply because a system is 64 bit and ccleaner installs itself under a 64 bit heading, this does not exclude the fact that 32 bit modules are running.  The system tray module is a 32 bit module.  Lots of software running on 64 bit OS's is 32 bit in whole or in part.

 

On one of my systems an additional malware was blocked on the program path: backdoor.Agent.ABXS.

 

Nice thing is that one of my systems was a complete system reload, not used for anything of consequence yet, so the ccleaner exploit happened in a  rather controlled environment.

 

I have notified http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html of this and made my systems available to them if they want to look since I doubt that we will be receiving any truth from Avast/Piriform. 

 

I love the story about them keeping it quiet while working with law enforcement.  I called it years ago that this would be the BS excuse for companies to hide security breaches and address the lateness of announcing it to the general public.

 

 

Did you have a registry folder Agomo?

HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\Agomo

Or one of the listed registry folders?

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\001
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\002
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\003
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\004
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\HBP

[Announcement: Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191]

1. Was there any malicious code in the 64-bit version of CCleaner?

 

2. Why is a 32-bit exe-file installed on a 64-bit system?

 

 

3. Does the 64-bit system always run the 64-bit version of CCleaner?

 

4. If the 64-bit version is clean, could a Trojan from a 32-bit exe-file get into a 64-bit system? In theory?

 

5. Why in a 64-bit system when you skip the Account Control for CCleaner, a 32-bit version (CCleaner.exe) is added to the tasks?

 

[Saving the installer settings]

Can you add the ability to installer settings saved? Now the installer settings are reset each time. You have to reconfigure with each update.

 

[Announcement: Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191]

If the system is 64-bit (Windows 10), does this mean that the Trojan could not get into the system?

[Announcement: Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191]

if You have 64bit pc You're not infected because if You have installed the 5.33 version runs only the 64bit version on Your sistem (the 32bits is infected and the cloud version).

 

Does the Trojan work only when running the 32-bit version? The CCleaner installer does not start the Trojan? I correctly understand that the Trojan could get into the 64-bit system only if you manually run the CCleaner.exe (x32)?

 

You can check in the registry folder to check if there are the registry key on the pc.

 

In what registry folder can this be checked?

 

Check for the files TSMSISrv.dll, the 64-bit trojan is EFACli64.dll on Windows C

 

Files are in the root of folder C, or are you talking about searching the entire directory? Can there be a specific folder where the Trojan is saved?

[Announcement: Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191]

Sorry for my bad english, this is not my native language.

 

In connection with the latest events, I'm very nervous:

https://www.ghacks.net/2017/09/21/ccleaner-malware-second-payload-discovered/

 

I'm using Windows 10 x64 and CCleaner Free x64, but I do not remember if I installed version 5.33.6162 or not...

 

I have a few questions:

1. Whence the virus was installed? From CCleaner.exe (x32), CCleaner64.exe, or from the installer?

2. How can I check if I have ever had an infected version?

3. How can I check if I had a virus on my computer?

4. Does the last update (5.35) remove the virus?

5. Where to look for trojans, which is written in the news (32-bit trojan is TSMSISrv.dll, the 64-bit trojan is EFACli64.dll)?

 

 

PS: Forgive me if questions have already been asked, but it's difficult for me to navigate in a non-native language even with Google translator. 

[Pear :)]

In fact, this is not a problem, but if you change the size of the system to 125% the pear becomes fuzzy 

 

[CCleaner 5.28.6005 - Russian localization]

The untranslated element in version 5.30. Example of translation:

 

Enable silent background update = Включить фоновое обновление

 

 

Other examples of translation:

— Фоновое обновление

— Автоматическое обновление

— Включить обновление в фоне

— Включить автообновление

[CCleaner & Disabled Internet Explorer]

Thanks for the detailed answer.

[CCleaner & Disabled Internet Explorer]

Greetings from Russia. Sorry for my bad English.

 

I disabled the Internet Explorer in my system. But in the CCleaner menu, this browser is still present. The same applies to the Windows Media Player.

 

[CCleaner 5.28.6005 - Russian localization]

Greetings from Russia. Sorry for my bad English.

 

I do not know where to write. The latest version of the program does not fully translate some elements.

 

 

1. Исправить

 

 

 

2. Доступна новая версия CCleaner   Обновить

 

 

 

3. Включить автоматическое обновление

 

 

 

4. Is it just a built-in web page? (It is not necessary to translate)