LordKane
-
Posts
4 -
Joined
-
Last visited
Posts posted by LordKane
-
-
Today I performed a scan with MalWareBytes (free) and it notified I was also infected with Floxif Malware (see scan result attached)
I am using CCleaner 5.34.6207 Professional and I did not receive such a notification when I did a scan only last week. I am not sure when my CCleaner was upgraded to 5.34 but I can only assume that it was done automatically with me being aware.
Since I instructed MWbytes to remove the offending entries I am hoping that I don't get the same result next tine I do a scan.
If the malware was included with the CCleaner upgrade then how did it get into the system?
sadly your results are not attached so I am going to assume it just found the left over registry keys.
-
I believe I was one of the 32-bit CCleaner users infected by the Floxif malware that was bundled with the previous v5.33 installer but the new v5.34 installer does not appear to be removing all traces of this malware off my system. How do I ensure that sure that this malware has been completely removed, short of restoring my system to a state prior to 15-Aug-2017?
_________________________________
Last week I posted in geekandglitter's thread Trojan.Rozena.Win32.59165 found by Zillya! about downloading two different installers for CCleaner Free v3.34 from the official Piriform site (cc_setup534.exe @ 9,954 KB versus the ccsetup534.exe @ 9,597 KB) but my post in that thread was deleted by one of the forum mods on 13-Sep-2017.
I just read today's Piriform blog entry Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users as well as the bleepingcomputer article CCleaner Malware Incident - What You Need to Know and How to Remove about Piriform's infected 32-bit v5.33 installer. The bleepingcomputer article states that "The malware was embedded in the CCleaner executable itself. Updating CCleaner to v5.34 removes the old executable and the malware."
I wiped CCleaner v5.34 (originally installed 13-Sep-207) off my system today with the Free Revo Uninstaller v2.0.3 (advanced mode) and reinstalled with a fresh copy of ccsetup534.exe downloaded from the Piriform site (http:// download.piriform.com/ccsetup534.exe @ 9,597 KB) but the Agomo registry entry at HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\Agomo still persists.
Windows Registry CCleaner Agomo Post 5_34 Reinstall 18 Sep 2017.pngShould I be deleting this Agomo registry entry manually, and what other registry entries and files might have been missed by the v5.34 installer?
-----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.3.0 * NS Premium v22.10.0.10 * MB Premium v3.2.2 * CCleaner Free v5.34.6207
in the bleeping article this is stated: "Please note. as seen below, upgrading to version 5.34 will not remove the Agomo key from the Windows registry. It will only replace the malicious executables with legitimate ones so that the malware is no longer present."
so I think you can just safely delete the offending entry, if it reappears then you have a problem.
-
Is it me or am i totally wrong in my approach, CCleaner has been one of several programs used in my arsenal for the sole purposes in the attaining and or achievement of as much privacy and security as reasonably possible .
CCleaner usage assists in both cleaning and deleting of web history and remnants of computer useage ,and now further too, being recently acquired by Avast ,who positions itself as an IT security provider.
Very ironic that ,now of all times ,we find that CCleaner has been hacked with a trojan ,how incredulous is that ,but wait its only proported to be approx 3 % of the millions of users who have trusted CCleaner and Piriform.
I purposely chose to continue with win 7 until its final death due to its stability and the failing issues with upgrades 8 ,8.1 ,10 from microsoft , the same was said for CCleaner ,until now .
Performance ,gives credability and integrity to suppliers ,not waiting 5 days or more to notify users via a back door , not to mention the facts that millions,of world wide computers users are NOT all totally knowledgeable of the IT world.
At this point i would welcome a clear and definate answer , (have my details been leaked ) and what proceedures should i further take now ,other than a Full scan for Malware
From my personal research on this issue, its not a trojan in the strictest sense, it had a payload but that payload was not activated, and its ability to be activated has been effectively disabled, and with the update the payload no longer exists so no your information has not been comprised.
see the orginal post about this issue and this recent update from Avast: https://blog.avast.com/update-to-the-ccleaner-5.33.1612-security-incident?utm_campaign=socialposts_us&utm_source=twitter&utm_medium=post
Traces of Floxif Malware From Infected CCleaner v5.33 Installer
in CCleaner
Posted
while I am not Piriform, probably not, the process only took a few seconds, but those servers are now under the control of Cisco and law enforcement and have been since about sept 12 or so, even then it only gathered specific data from your PC like its name, installed software, mac addresses what type of windows it was 32 or 64 bit, so the hacker or hackers where looking for a particular profile (no one knows what that is yet, its doubtful we ever will unless the author or authors are arrested or come forward.)