[Announcement: Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191]

Piriform: Can you please provide cryptographic hashes of the compromised installers and the infected CCleaner.exe binaries for versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191 and list them on your security notification page (https://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users). Maybe MD5, SHA1, and SHA256.

[[Enhancement] Allow environment variables for CustomLocation entries.]

@Nergal, I like your idea of being able to set CustomLocation(s) within the CCleaner GUI. Coupling that with being able to use environment variables for them would be a great improvement to the software.

[[Enhancement] Allow environment variables for CustomLocation entries.]

Steps to reproduce:

 

1) Download Tor Browser

 

https://www.torproject.org/dist/torbrowser/7.0.4/torbrowser-install-7.0.4_en-US.exe

 

2) Install the Tor Browser to the following location (X:\ being your root drive):

 

X:\Users\YOUR_USERNAME\AppData\Local\Tor Browser

 

3) I'm using CCleaner portable 5.32.6129 (ccsetup532.zip). Extract it and open it once. Now close CCleaner and open/edit the newly-generated ccleaner.ini with the following line:

 

CustomLocation1=FIREFOX|X:\Users\YOUR_USERNAME\AppData\Local\Tor Browser\Browser\TorBrowser\Data

 

4) Run Tor Browser and keep it open.

 

5) Open CCleaner and click "Analyze". If it recognizes Tor Browser (as it should since we hardcoded the full path) it should prompt you about needing to close it (if you haven't already set the option to dismiss those types of messages).

When asked to close Firefox (Tor Browser), click No and close CCleaner.

 

6) Open/edit ccleaner.ini again with the following line:

 

CustomLocation1=FIREFOX|%LocalAppData%\Tor Browser\Browser\TorBrowser\Data

 

7) Ensure Tor Browser is still up and running. If not, re-open up Tor Browser and keep it open.

 

8) Open CCleaner and click "Analyze". In my case, Tor Browser/Firefox will not be recognized because I used an environment variable. Does anybody else get the same results?

 

FAIL: CustomLocation1=FIREFOX|%LocalAppData%\Tor Browser\Browser\TorBrowser\Data

FAIL: CustomLocation1=FIREFOX|%UserProfile%\AppData\Local\Tor Browser\Browser\TorBrowser\Data

GOOD: CustomLocation1=FIREFOX|X:\Users\YOUR_USERNAME\AppData\Local\Tor Browser\Browser\TorBrowser\Data

 

The locations listed above should all be equivalent, yet in my case only the last case is ever recognized.

[[Enhancement] Allow environment variables for CustomLocation entries.]

That's odd, I can't understand why I'm not getting the same results.

 

CustomLocation1=FIREFOX|%UserProfile%\AppData\Local\Tor Browser\Browser\TorBrowser\Data

and

CustomLocation1=FIREFOX|%LocalAppData%\Tor Browser\Browser\TorBrowser\Data

 

Will never work for me. Though If I use:

 

CustomLocation1=FIREFOX|X:\Users\USERNAME\AppData\Local\Tor Browser\Browser\TorBrowser\Data

 

It recognizes it. 

[[Enhancement] Allow environment variables for CustomLocation entries.]

In CCleaner if you do:

 

Options > Include > Custom files to delete and folders to empty.

 

Yes, you can currently use environment variables when specifying file or folder locations. However, the enhancement I was referring to is specific to https://www.piriform.com/docs/ccleaner/advanced-usage/ccleaner-ini-files/how-to-clean-user-data-from-non-standard-mozilla-browsers (How to clean user data from non-standard Mozilla browsers) which currently does not support the use of environment variables.

[[Enhancement] Allow environment variables for CustomLocation entries.]

Current behavior:

If we want to clean user data from non-standard Mozilla browsers, we have to hardcode the locations of our Mozilla-based browser, "MagicFox".

 

CustomLocationX=FIREFOX|[folder path]

 

CustomLocation1=FIREFOX|C:\Users\USERNAME\AppData\Local\MagicFox\data

CustomLocation2=FIREFOX|C:\Users\USERNAME\AppData\Local\GeckoWow\profile\sam

 

Desired behavior:

Allow the flexibility of using environment variables to specify locations.

 

CustomLocationX=FIREFOX|[folder path]

 

CustomLocation1=FIREFOX|%LocalAppData%\MagicFox\data

CustomLocation2=FIREFOX|%LocalAppData%\GeckoWow\profile\sam

 

Why the requested enhancement?

Imagine a scenario where you're running a portable version of CCleaner from a USB stick (e.g., Z:\). In the same directory you've launched the portable CCleaner from there exists "ccleaner.ini" and you had previously added a CustomLocation rule to detect "MagicFox". Your rule looks like the following:

 

CustomLocation1=FIREFOX|C:\Users\Jack\AppData\Local\MagicFox\data

 

Then you realize you're running your portable version of CCleaner from your USB stick on Jill's computer. The location of _her_ "MagicFox" is:

 

C:\Users\Jill\AppData\Local\MagicFox\data

 

Because the user account names on Windows are different on each computer, unless I had added both these locations:

 

CustomLocation1=FIREFOX|C:\Users\Jack\AppData\Local\MagicFox\data

CustomLocation2=FIREFOX|C:\Users\Jill\AppData\Local\MagicFox\data

 

CCleaner will fail to recognize the location.

 

It would also fail in a scenario in which Jill's user account on Windows just happened to be named "Jack" also but Windows was installed on a non-standard drive letter (e.g., R:\), unless I had added both of these locations:

 

CustomLocation1=FIREFOX|C:\Users\Jack\AppData\Local\MagicFox\data

CustomLocation2=FIREFOX|R:\Users\Jack\AppData\Local\MagicFox\data

 

Both these issues could have easily been avoided if we were allowed to use environment variables to expand the locations.

 

Addendum:

Apply these same changes for cleaner.ini (Method #1^[1]) and the registry (Method #2^[1]) also.

 

 

References:

[1] https://www.piriform.com/docs/ccleaner/advanced-usage/ccleaner-ini-files/how-to-clean-user-data-from-non-standard-mozilla-browsers

[2] http://www.piriform.com/docs/ccleaner/advanced-usage/ccleaner-ini-files/environment-variables-and-system-variables-in-ccleaner