glitterfalls
-
Posts
5 -
Joined
-
Last visited
Posts posted by glitterfalls
-
-
Hello,
I would like to notify Piriform Admins/Moderators, that the (most likely custom) link:
https://dl.cleverbridge.com/502/(...)/ccsetup533_be.exe (link broken on purpose)
I received when buying my license is still active and (per filename, obviously) points to compromised v5.33 CCleaner installer. That is most likely what Edweather downloaded, as his link is problably active aswell.
Also, would it be possible for anyone from Piriform to officially confirm that on x64 systems (Windows 7 in my case) no parts of the malware get/got to execute (activate) and no unauthorized changes (no matter how insignificant) could be done to the system, regardless of which file (CCleaner.exe/CCleaner64.exe) is/was being run?
Since people at Talos "dissected" the malware, I'm preety sure Piriform/Avast did the same and someone knows the answer.
Other than the long gone v5.33 CCleaner.exe file, neither my AV Suite (ESET and Malwarebytes) nor I have found any other indicators of compromise, however, one could argue that the malware was/(is?) sneakily covering its tracks. I'm really sorry I do realize it sounds bit paranoid, its just that this is the first piece of malware I've had on any of my systems in ~20 or so years.
Previous posters seem to ponder at the exact same question, that's why I think addressing this issue will be most appreciated.
Thank you very much!
Like I was saying on my posts, something clearly happened on my computer and I'm on a 64. My antivirus was doing fine until this s**t popped up. I'm waiting for help on another site and hopefully I'll get it back to being fine.
-
glitterfalls
I agree...I am also in need of help.
My heads doing me in on this.......!!!
Do i reinstall windows (no option to restore to earlier time as they seem to be deleted) or not
PLEASE someone from either Piriform or Avast make it CLEAR what we need to do.
I have searched my computer for these dlls they mention.
stage 2 installer is GeeSetup_x86.dll
The 32-bit trojan is TSMSISrv.dll
the 64-bit trojan is EFACli64.dll
as well as….
VirtCDRDrv
SymEFA
Cant find any of these.
I also looked in the Registry for the keys
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\001
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\002
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\003
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\004
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WbemPerf\HBP
Again nothing there. There was a WbemPerf with a default key but no keys labelled 1 to 4.
From my understanding and investigation there will be a “default” key there with no value.
SO does that mean I am OK ?? or not ??
PLEASE someone from either Piriform or Avast make it CLEAR what we need to do.
There seems to be a LOT of confusing messages out there.
A LOT of technical sites and jargon that newbies like me, just don't understand.
I'm careful to with what I download but now........I dont know.
Somehow I doubt we'll get help from CCleaner. I'm gonna see if I can get help on the Microsoft community. That's about the only place I can turn to.
I'm glad you mentioned restore points. I was thinking this morning about restoring if I possibly could. With what you said, it doesn't sound like that's an option. Plus I'd be wary even the stuff from before this s**t Trojan got on there could've infected even the good restore points.
I hope I can find another alternative to CCleaner. I did like the program. But this is just too much. I can see picking up Trojans if I'm browsing porn sites or something like that. I'm not. Maybe I'm wrong thinking this way, it almost seems like I'm expecting perfection. It's just that CCleaner has been something that's been on my computers for years. I do hold them to higher regard. For something like this to pass through and for it to take so long for anybody to notice, it really bugs me and makes me strongly distrust anything else the company puts out.
I wish you the best of luck. Same goes for anybody else that's been impacted by this. This is a huge worry and causing the users a lot of stress. I'm just gonna come up with my other message and shut down for a few hours so I won't be tempted to keep on checking it every 2 minutes.
And I'm really crossing my fingers I don't have to do a full wipe and start from 0. There's a few things on my computer I don't have backed up. Hell, I don't even know if I can trust those files even if I did get out the external hard drive to back them up. They might screw up everything good on the external hard drive.
-
This is really pissing me off. Like I said on another thread, I was able to run a scan of MSE and delete the trojan. But there's still something very wrong. And the thing that drives me up the wall is I ran another scan of MSE and the system's clear. Hell, I even redownloaded Malwarebytes to run for one scan only (the new upgrade from this year didn't sound like it gelled well with the computer I have and that's why I had to get rid of it). Anyway, that scan came out clean. There's still something wrong with MSE because I'm getting errors when I try and click on "help". It's an application not found error and I got errors this morning and yesterday if I updated the virus and spyware definitions.I literally don't know what to do. And I sure as hell don't have the money to pay for somebody else's *uck up. I'm careful with the stuff I download and the sites I visit and here this crap's been undetected for a month. This was a program I'd had for many years but this whopper has pretty much cut my trust for the program. Not to mention my "security" programs that made me have the false believe the system was clean. It's very unfortunate that this program was one I always followed the 'nags' over about a new update being released. Idk if I'm keeping this program after this has blown over.I need help. If nobody here can help, please point me to a direction where I can possibly get some help without making the already bad problem even worse.Oh, and I did download the latest install of CCleaner. I'm gonna cool off and come back later.
-
There's still a HUGE problem somewhere. I admit I'm still highly pissed right now and I have to shut down the computer and go to bed before I can get this problem straightened out and that's if I can fix it. This issue has completely *ucked up MSE for me. I managed to run a scan and remove this threat. Updating virus definitions won't work and I can't even get "help" to work on the MSE program. I get an error about the application can't be found.
Announcement: Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191
in CCleaner
Posted
Agreed. I'm always careful with my computer and watch the sites I go to like a hawk, use the proper programs regularly enough to keep it in healthy condition. We didn't pick this *hit up from a seedy website, we got it through a program we really thought we could trust. And my guess is that it was a program that many of us used for years. This is bad. This isn't something small like "Your program's getting a bit sluggish. Still works, just seems sluggish." And for the time period this went undetected makes it even worse.
And I don't mean to seem *itchy to the people on this forum that volunteer to reply to posts or answer questions. It's nice that there's some of you out there doing that. It's just your company is leaving you high and dry from my point of view. I'm still pissed that I have to deal with this hassle I don't need and I'm worried about the whole damn thing. Can I make my computer safe again? Will I have to lose everything on the computer and have to reinstall everything?