glitterfalls I agree...I am also in need of help. My heads doing me in on this.......!!! Do i reinstall windows (no option to restore to earlier time as they seem to be deleted) or not PLEASE someone from either Piriform or Avast make it CLEAR what we need to do. I have searched my computer for these dlls they mention. stage 2 installer is GeeSetup_x86.dll The 32-bit trojan is TSMSISrv.dll the 64-bit trojan is EFACli64.dll as well as…. VirtCDRDrv SymEFA Cant find any of these. I also looked in the Registry for the keys HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\001 HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\002 HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\003 HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\004 HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\HBP Again nothing there. There was a WbemPerf with a default key but no keys labelled 1 to 4. From my understanding and investigation there will be a “default” key there with no value. SO does that mean I am OK ?? or not ?? PLEASE someone from either Piriform or Avast make it CLEAR what we need to do. There seems to be a LOT of confusing messages out there. A LOT of technical sites and jargon that newbies like me, just don't understand. I'm careful to with what I download but now........I dont know.
Ok...First time user so bear with me. I'm at my wits end about this...please some guidance. CCleaner's been removed (as well as Defraggler). NOD32 picked it up and removed it. I uninstalled it completely using Revo Uninstaller. I've read all the articles now about the second "payload" so this now concerns me more. I don't have a system restore date (July/August) that I can restore back to. For some reason they don't exist, Only one's back in 2014 !! Thats probably a separate issue BUT I run Win7 64bit. I have been running Malwarebytes and NOD32 twice a day....Nothing there I have followed Bleeping Computers guide.....Nothing there. Not one of the apps/programs found a single thing. https://www.bleepingcomputer.com/virus-removal/remove-floxif-ccleaner-trojan After reading the article from GHacks https://www.ghacks.net/2017/09/21/ccleaner-malware-second-payload-discovered/ and Avast https://blog.avast.com/progress-on-ccleaner-investigation I have searched my computer for these dlls they mention. In fact I did a search using ".dll" for the whole computer and it found over 70 thousand of them. I then reorganized them by name and looked for these files. Not one found I also looked in the Registry for the key (“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WbemPerf\00[1-4]) Again nothing there. There was a WbemPerf with a default key but no keys labeled 1 to 4 So after all this can anyone at Piriform please tell me my machine is safe.