malika4
Experienced Members-
Posts
30 -
Joined
-
Last visited
Everything posted by malika4
-
So a 64bit system has Clean And safe? Hasn t received The first payload You would Tell? "Unless the code ran on a 64-bit system long enough for the delayed action to be triggered, assuming the installation was not corrupt or the CCleaner64.exe binaries modified in any way, we believe a 64-bit system should not have received the second payload." It s correct that if The Agomo Keys aren t in The registry The backdoor was Not activated? And a 64bit syste without Agomo Keys i Clean And Not compromises?
-
on the piriform zendesk there is write: Who was affected? This issue was isolated to two versions: Cleaner v5.33.6162 for 32-bit Windows users and CCleaner Cloud v1.07.3191 (if you are using CCleaner Cloud, the 32-bit version runs on 64-bit machines). All builds on these version numbers were affected: Free, Professional, Slim, Portable, Business and Technician versions of CCleaner. so a 64bit windows if has the ccleaner cloud version it runs the ccleaner.exe (32bit version)
-
Hi, I don't have any Piriform folder on HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node on my desktop, in my husband's laptop there is but Agomo there isn't and in HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\ no Agomo On all my 3 pcs Windows 10 64bit I have this Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) and is like this by default (I haven't modified this) so I think that if this task can activeted the trojan all the 64bits systems will be affected because I read that all 64bit version have the task like this but on Avast Blog there is write that The total number of unique PCs (unique MAC addresses) that communicated with the CnC server was 1,646,536
-
No It s The dame Now, thanks
-
https://piriform.zendesk.com/hc/en-us/articles/115001699371 here There is write The sha256 of all versions. Now is corretto But 3 hours ago are like i wrote in The 1st post
-
Hi, I downloaded from Piriform site the 5.35 version on September 20. On Virus Total SHA-256 06b27f68366f8d25a599c3ad8b1d23f18158f4edddee3174a22d3698089a8bc3 File name CCleaner64.exe File size 9.4 MB Basic Properties MD5 e6f5ad3fd6d0f64ec88357fc481a71ab SHA-1 92fcff26e8c5f8238c2b7f1c025289c20168c9c2 On the piriform.zendesk.com there is write: CCleaner64.exe - 64-bit CCleaner executable MD5: e6f5ad3fd6d0f64ec88357fc481a71ab SHA256: 478262a5d9d72bf339bd9b17261fea42dfdf0e36e4f233bbf7d6c6e9de0b0dc8 why the sha256 are different? there is an error? becvause I see that on piriform.zendesk the cc5.35.exe and cc5.3564.exe have the same sha256: CCleaner.exe - 32-bit CCleaner executable MD5: 10f16bae4e236292a3bfa47b6f100518 SHA256: 478262a5d9d72bf339bd9b17261fea42dfdf0e36e4f233bbf7d6c6e9de0b0dc8 CCleaner64.exe - 64-bit CCleaner executable MD5: e6f5ad3fd6d0f64ec88357fc481a71ab SHA256: 478262a5d9d72bf339bd9b17261fea42dfdf0e36e4f233bbf7d6c6e9de0b0dc8
-
when the notice of the trojan was comunicate last monday I just have installed version 5.34, my antivirus only detected the installer that I have on Document folder. I searched the keys on the registry but there weren t and not Kis2017 or Malwearebytes detected them on my system. I have windows 10 64bit and ccleaner 64bit
-
  and another question, if we don 't have the Agomo key in registry are we safe for the 1 payload? if the one payload was not activated there is possibility that the second yes? or if we don't have the WbemPerf 1-4 and the GeeSetup_x86.dll TSMSISrv.dll EFACli64.dll we are safe? Please someone reply Is good enough a restore point or not? In my laptop I have do this in a date pre 5.33 but in my desktop I have no restore point systems to a pre-ccsetup533.exe so in case I have to format and reinstall Windows in many site like Avast forum, Bleepingcomputer and Majorjeeks said that if there aren't any of the malicious keys and files on the pc, the pc is clean and safe from the trojan infection https://www.ghacks.net/2017/09/21/ccleaner-malware-second-payload-discovered/ http://www.majorgeeks.com/news/story/how_to_tell_if_you_were_infected_by_the_ccleaner_malware_issue.html https://forum.avast.com/index.php?topic=208612.45 https://www.bleepingcomputer.com/how-to/security/ccleaner-malware-incident-what-you-need-to-know-and-how-to-remove/
-
today I read an article of Sky Tg24 (italian page http://tg24.sky.it/tecnologia/2017/09/21/attacco-ccleaner-grandi-aziende.html?social=facebook_skytg24) when they write that the malware was directed to Windows 7 and Xp pc of important companies so I think that the malware that is in the 32bit version of cclenaer 5.33 can exsecute on a 64bit version of Windows 7 (not in windows 10) So I ask at people with 64bit that have found the malware if they have Windows 7 and they found the Agomo registry key and the WbemPerf 1-4 registry key thanks p.s. Is from monday that I'm anxious and nervous for this question
-
But this is The cloud Page? It isn t The piriform Page forse download
-
Bru20, You antivirus found The Trojan that is ccleaner5.33.exe Even if You have 64bit in The program folder there is ccleaner5.33.exe And 5.3364.exe. do You have The registry Key agomo? If there is You are really infected. Do You have The installer? The antivirus Can sign this like compromise object