The problem is that on 64-bit systems the 32-bit binary is still part of the installation (there's a CCleaner.exe and a CCleaner64.exe). Here's my assumption so you can correct me if I'm wrong. When you launch CCleaner the CCleaner.exe (32-bit) file is the one that's initially started even on 64-bit systems which upon launch the CCleaner.exe (32-bit) binary detects that your system is a 64-bit OS, launches the CCleaner64.exe binary, and then the 32-bit version exits. So if my assumption is correct here it doesn't matter if the 32-bit binary was the only one that was infected, 64-bit OS or not... you're still going to become infected.
Heck, even the Scheduled Task that allows CCleaner to be auto-elevated without a UAC prompt is pointing to the CCleaner.exe (32-bit) binary.
I'm still not comfortable with their claim that 64-bit systems are uncompromised. The fact that the installer has this Trojan lurking around doesn't make me feel any better. MWB result attached.
Announcement: Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191
in CCleaner
Posted
I'm still not comfortable with their claim that 64-bit systems are uncompromised. The fact that the installer has this Trojan lurking around doesn't make me feel any better. MWB result attached.