robertcarroll6

Useful summary. Thanks

Lots of users waiting for some clarity from Piriform before making decisions on restoring/re-imaging. As of now: 1. the moderators seem to be saying restoring is overkill because installing 5.35 etc magicks problems away 2. the youtube video*** the mods are so anxious for us to view seems to be saying re-imaging is a waste of time since we are already "owned" by the hackers. 3. our best hope seems to be that the hackers will be too busy tussling with microsoft and google etc to bother with anything they got from our systems *** "https://www.youtube.com/watch?v=i1u

Excellent post pearshaped. The paucity of posts from Piriform/Avast employees and the lack of response to specific questions is pretty telling. Piriform/Avast seem to be hiding behind volunteer moderators who are working on partial information. The moderators are reduced to referencing blogs/articles which analyse the problem based on research by Cisco's Talos Group. In each blog/article Talos is quoted as saying that a restore/re-format is called for; however the volunteer moderators insist this is "overkill". Like everyone else affected by this issue, I am anxious to avoid th

Thanks for these suggestions Nergal but they raise a couple more questions: 1. You write "If you have 64 bit Windows, make sure you update your ccleaner to the latest version (5.35 at the time of this post)".. Are you suggesting people with 32-bit window shouldn't update to 5.35? 2, You write "If you are very worried you can follow the steps in https://www.ghacks.net/2017/09/21/ccleaner-malware-second-payload-discovered/ " In the article you link to it says "Talos Group suggested to restore the computer system using a backup that was created prior to the infection. The new ev

Regardless of who's making the decisions, the lack of response to (or even acknowledgement of) some very straightforward questions being asked here is disrespectful and particularly so given that piriform has delivered some pretty dangerous software to our devices.

Nergal, your work as a volunteer is very much appreciated. However it appears you are relying on the same avast/piriform blogs and press releases as the rest of us for your information and these blogs etc leave many straightforward questions unanswered. Several people are asking the same questions. Given the seriousness of the threat to our systems we really should be getting answers from piriform employees based on their current knowledge. The last post from a piriform employee was from Stephen nearly 24 hours ago (post #131). It was disingenuous at best: he posted a link to a

Congratulations Bangeny. You get the prize for being the only person today to get a question answered by anybody with any connection to pirifrom/avast.

Mind you, "login" (post 129 above) found ccleaner.exe in start-up schedule on his Windows 10 64-bit device

Not sure if it is relevant to your point, but I did find (see my post above) that it was ccleaner.exe (32-bit?) scheduled to run at start-up on my Windows 7 64-bit machine but on my Windows 10 64-bit machine it was ccleaner64.exe scheduled at start-up

Thanks Stephen You write... "We are working on getting you answers to some of your more technical questions." The avast blog is interesting but far too technical for most of us posting here. It is some of the less technical questions we need answers to. eg (as in my posts above): is the 2nd pay-load a threat to casual users?: is running the 64-bit a reason to feel any more secure?; does having ccleaner.exe as part of startup schedule mean even 64-bit machines are exposed to 32-bit threat. Or should just follow advice from cisco etc and wipe our machines and re-install

Hi Tom Piriform, Based what I found in my startup scheduled tasks (see previous post) after reading login's post, I now have a third question: 3. Does the fact that ccleaner.exe (contains 32-bit code?) was in my startup scheduled tasks indicate that I was more exposed to the malware? Thanks

Hi login, thanks for more info on this stuff. I had no idea ccleaner would be scheduled to run on startup. I found Windows 7 64-bit machine - ccleaner.exe (not ccleaner64.exe) scheduled to run on startup Windows 10 64-bit machine - ccleaner64.exe scheduled to run on startup Robert

Dear Tom Piriform I understand that more information is being uncovered all the time about this incident and that the situation inside piriform must be hectic. However I think we should be given information based on the current knowledge about this incident. Specifically I would appreciate it if an official person from piriform could confirm whether the following statements reflect the current state of knowledge: 1. To date, there is no evidence that the second level pay-load was distributed anywhere other than to a specifically targeted group of users. 2. Users who lau

Seems we're getting a bit of "severity creep" here. 1. The second-stage payload was delivered after all but us little people are okay because the hackers only aimed it at selected corporate targets? 2. Does the 32-bit bad, 64-bit safe distinction still hold? There is more information - including list of targeted corporates - at: https://www.bleepingcomputer.com/news/security/ccleaner-hack-carried-out-in-order-to-target-big-tech-companies/ and http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html

All pertinent questions that I think many users would like to see answered.