Hi, I'm a Win7-Pro 64bit SP1 urser from the Netherlands, with the setting "Automatically check for updates to Ccleaner" for my (64b) free Ccleaner.
Yesterday (2017-09-20) I got the system-tray notification "New version 535 - install now?", Yes, I did. After a moment, installation was ready, version 535, everything worked, looked fine, no security warnings.
Maybe a false positive? So I checked Malwarebytes on this file; same result: "infected with Floxid; quarantine?".
Decided to orientate myself first, and Googled along - lots of information on Piriform, Avast and numerous other sites!
Then I checked all files in my updated Ccleaner program directory, with Window Defender as well as with MBAM. Result: all clean, no infections (not in the new 5.35.0.6210 version of the 32bit CCleaner.exe, nor in the 64bit CCleaner64.exe, nor in all other files).
So only the install-file was infected, and it wasn't the announced 535-setup-file!
Deleted the install-file with Windows Defender.
Downloaded today a fresh install-file from the Piriform-download page, in order to see what would happen. Aha, WinDef and MBAM did not alarm anymore for this setup version (in the meantime 5.35.0.6210 !).
For all security I made a full pc-scan with Malwarebytes: nothing found (and registry fine). - Now I'm quite sure I wasn't infected (as 64bit user!) and will not be infected.
Remaining questions: was the infected setup-file for the 533-version temporary wrong (directing to the good 535-exe files) but now updated? And: why didn't I read something about that in all Piriform information? - Or did I miss something?
Announcement: Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191
in CCleaner
Posted
Hi, I'm a Win7-Pro 64bit SP1 urser from the Netherlands, with the setting "Automatically check for updates to Ccleaner" for my (64b) free Ccleaner.
For all security I made a full pc-scan with Malwarebytes: nothing found (and registry fine). - Now I'm quite sure I wasn't infected (as 64bit user!) and will not be infected.
Remaining questions: was the infected setup-file for the 533-version temporary wrong (directing to the good 535-exe files) but now updated? And: why didn't I read something about that in all Piriform information? - Or did I miss something?