Jump to content

Emrah

Members
  • Posts

    7
  • Joined

  • Last visited

Posts posted by Emrah

  1. @Emrah I wouldn't be able to tell you or anyone 100% but those are the steps I took and am (until further news is released) confident in my safeness.

    Thank you Nergal! I'm no expert in IT.. could you please clarify for me if I'm checking those the correct way?

     

    For the .dll files

     

    • GeeSetup_x86.dll (Hash: dc9b5e8aa6ec86db8af0a7aa897ca61db3e5f3d2e0942e319074db1aaccfdc83)
    • EFACli64.dll (Hash: 128aca58be325174f0220bd7ca6030e4e206b4378796e82da460055733bb6f4f )
    • TSMSISrv.dll (Hash: 07fb252d2e853a9b1b32f30ede411f2efbb9f01e4a7782db5eacf3f55cf34902 )
    • DLL in Registry: f0d1f88c59a005312faad902528d60acbf9cd5a7b36093db8ca811f763e1292a
    • Stage 2 Payload: dc9b5e8aa6ec86db8af0a7aa897ca61db3e5f3d2e0942e319074db1aaccfdc83

     

    I'm opening windows explorer and doing a search on "this PC". The advanced search options I have checked is "system files" so i'm searching system files only.

     

    In the search bar do I copy and paste "GeeSetup_x86.dll" or the whole name like "

    • GeeSetup_x86.dll (Hash: dc9b5e8aa6ec86db8af0a7aa897ca61db3e5f3d2e0942e319074db1aaccfdc83)

    Or just the number in brackets?

     

    For the last two "dll in registry" and "second payload" do I just copy and past the numbers into "search this pc"?

     

    I really appreciate your help! 

     

    Thank you

  2. @Emrah earlier today a second stage was found on a small number of computers at a select number of big companies. For more info read the links in my previous post

     

    Thank you for the reply! Could you please tell me, if following the instructions from this article https://www.ghacks.net/2017/09/21/ccleaner-malware-second-payload-discovered/#comment-4229234 and I don't have any of those registry keys or dll files installed on my system that I'm 100% safe and don't need to reinstall windows as I don't even have any restore points saved..

     

    Thanks!

  3. "Finally, it is extremely important to us to resolve the issue on customer machines. For consumers, we stand by the recommendation to upgrade CCleaner to the latest version (now 5.35, after we have revoked the signing certificate used to sign the impacted version 5.33) and use a quality antivirus product, such as Avast Antivirus. For corporate users, the decision may be different and will likely depend on corporate IT policies. At this stage, we cannot state that the corporate machines could not be compromised, even though the attack was highly targeted."

     

    Even includes a call to action to download and use avast security software...

     

    I may be wrong but this sounds like Avast did this to make more sales...

  4. What's all this about the second payload?

     

    Info: windows 10 64 bit and win 10 defender detected and quarantined the ccleaner virus. I uninstalled ccleaner with revo uninstaller. Did an advance scan and delete on all registry keys.

     

    Reinstalled ccleaner the latest version.

     

    Ran a scan with win 10 defender and malwarebyte, adware cleaner and superspyware kill (whatever its called) and nothing was detected.

     

    Am I safe from everything? Please tell me as my whole business relies on my PC and I have a lot of confidential files stored on it. Never had a problem with viruses in about 5 years...

     

    Thank you!

  5. You don't have to reinstall your windows. The trojan was embedded in the ccleaner​.exe as soon as you upgrade to ccleaner 5.35 the trojan is gone. Also the recipient server, to which data was being sent, has been shutdown.

    Thirdly your usernames and passwords were not at risk in this attack.

     

    Thank you for the reply!! 

     

    So I'm 100% safe then? I have a 64 bit OS pc and i was using 64bit Ccleaner version and my windows 10 defender still detected it and quarantined it.

     

    On authority sites like Tom's hardware and bleeping computer.com etc etc they're all quoting from Piriform that we all need to re install windows to make sure we're safe and also Microsoft Support told me this over support chat (even though win 10 defender detected it on my pc)....

     

    So you're 100% confident I don't need to do anything?

     

    I hope you're right and thank you so much!

     

    Emrah

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.