Jump to content
CCleaner Community Forums


  • Content Count

  • Joined

  • Last visited

Everything posted by jonmar

  1. It was also enabled by default for me. That's after first uninstalling CCleaner completely before installing 5.35. I've also never enabled that setting in the past so it can't have been remembered from past settings.
  2. Before installing the latest version of CCleaner (5.35), I checked my registry and there were some entries left over from 5.34 in HKLM/SOFTWARE/Piriform. In there I saw default and CR (or was it CZ? I can't remember now). I deleted HKLM/SOFTWARE/Piriform, rebooted, and then installed 5.35. I checked the registry again but this time I saw only default in there. What is the CR entry? Is it something legit or connected to the attack somehow? I haven't seen it mentioned anywhere in connection to this attack but I just wanted to make sure. Thanks.
  3. You continue to use confusing language like "all users with the 32-bit version". That's literally ALL users because the same installer is used for both 64-bit and 32-bit systems and on a 64-bit system both executable files are installed. Could we get some clarification on this? If 64-bit systems were not affected by the malware then why not? What prevented the malware from executing?
  4. I'm not sure I'm completely understanding how the 10 minute delay works. What I mean is that no one is ever going to keep the CCleaner app open for 10 minutes. It takes less than 30 seconds to scan and clean both the hard drive and registry and then you close the app. Does the 10 minute timer also continue ticking down while the CCleaner system tray icon is active? If it doesn't then it's a pretty useless malware. I must be missing something here.
  5. What is the name of the file you downloaded and scanned? I just downloaded the current installer, ccsetup535.exe, and scanned it with Windows Defender, Spybot and Malwarebytes and all scans were clean.
  6. Correct me if I'm wrong but the number of 20 PCs infected with the stage 2 payload is from the database of the seized CnC server. But the database only had data from a few days starting from sept. 12th to about the 15th? All of the data that was on there from aug. 15th to sept. 11th had been wiped, so there could be many more computers infected with the stage 2 payload.
  7. For info: I'm using Windows 10 x64, and always ran CCleaner from my task bar shortcut, so I think it always ran in 64-bit mode. But I never paid any attention to it before so I can't be 100% sure on that. I know it always installed in C:\Program Files\ and not C:\Program Files x86\. Could someone clarify something for me? When uninstalling CCleaner, does the uninstall process delete the Agomo registry key? The reason I'm asking is because I had updated from version 5.33 to version 5.34 before I knew about the attack. Then when I learned of the attack the first thing I did was uninstall CC
  • Create New...