Jump to content

francky

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

 Content Type 

Posts posted by francky

    Announcement: Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191

    in CCleaner

    Posted

    Hi, I'm a Win7-Pro 64bit SP1 urser from the Netherlands, with the setting "Automatically check for updates to Ccleaner" for my (64b) free Ccleaner.

    1. Yesterday (2017-09-20) I got the system-tray notification "New version 535 - install now?", Yes, I did. After a moment, installation was ready, version 535, everything worked, looked fine, no security warnings.
    2. Today, all of a sudden my Windows Defender gave an alarm: "The ccsetup533.exe file contains malware (Backdoor:Win32/Floxif); severe threat; remove immediately" (or words like that), with a link to the explication: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Backdoor%3aWin32%2fFloxif&threatid=2147723494&enterprise=0.
    3. Maybe a false positive? So I checked Malwarebytes on this file; same result: "infected with Floxid; quarantine?".
    4. Decided to orientate myself first, and Googled along - lots of information on Piriform, Avast and numerous other sites!
    5. Then I checked all files in my updated Ccleaner program directory, with Window Defender as well as with MBAM. Result: all clean, no infections (not in the new 5.35.0.6210 version of the 32bit CCleaner.exe, nor in the 64bit CCleaner64.exe, nor in all other files).
    6. So only the install-file was infected, and it wasn't the announced 535-setup-file!
    7. Deleted the install-file with Windows Defender.
    8. Downloaded today a fresh install-file from the Piriform-download page, in order to see what would happen. Aha, WinDef and MBAM did not alarm anymore for this setup version (in the meantime 5.35.0.6210 !). :)

    For all security I made a full pc-scan with Malwarebytes: nothing found (and registry fine). - Now I'm quite sure I wasn't infected (as 64bit user!) and will not be infected.

     

    Remaining questions: was the infected setup-file for the 533-version temporary wrong (directing to the good 535-exe files) but now updated? And: why didn't I read something about that in all Piriform information? - Or did I miss something?

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept