Jump to content
CCleaner Community Forums


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About patrykr

  • Rank
  1. Hello, no one can confirm that for you with 100% certainty. Piriform, forum moderators and members provide the relevant information, the rest is up to you to figure out based on your knowledge of your system. There are some unusual and highly unlikely conditions which, when met, could get your system infected with the first payload. Let me tell you this, if I were in Millionaires, and the last $1.000.000 question would be "Did malika4 get infected with the first stage payload during the CCleaner v5.33 infection incident?", and one of the answers would be "No", I would (based on info you provi
  2. UAC (User Account Control) is basically the pop-up question you see when opening certain applications or most installers. It says something like: "Do you want to let this program make changes to your computer". CCleaner has an convenient setting (Advanced -> "skip UAC warning") allowing you to skip that pop-up question. The way it relates to the infection incident and 64 bit systems is as follows: - there are two files in install directory (infected CCleaner.exe and non-infected CCleaner64.exe) - when the setting is disabled, only the non-infected CCleaner64.exe gets executed and CCle
  3. I think it depends on how you define "infection", because, technically anyone using v5.33 was infected. The thing is, 64 bit systems were not affected by the infection (allegedly, as I have not seen official confirmation or better yet - an explanation). They were not, because the infected file CCleaner.exe does not normally run on 64 systems. It just runs for a little while (or not at all, depending on your UAC configuration), perhaps not enough for the virus to execute? - I'm sorry this is the part I got no answer to, despite of asking. After that, the file that really runs and works is the
  4. Dear Piriform/Avast Administrators/Programmers/Employees, I am really sorry you got hacked, I truly am. I have no idea what it must be like for you trying to scramble in the wake of huge corporations being affected. That being said, considerable base of smaller users is affected as well. These are likely users of all sorts, home users, power users, maybe even experts. Some might still be using trojanized v5.33 version and be completely unaffected (like for example my grandma would be, as she doesn't even own an email account). Some might just not care at all. Some might suffer from OCD and w
  5. But, what if they didn't fry the bigger ones? Wouldn't that live them in pursuit of smaller fry? Just sayin! What if Craig Williams of Talos is right about stealthiness and sophistication, and, I dont know, the malware left some huge black gaping hole in affected systems just waiting for someone to exploit
  6. Hello, how it works is only dependent on how it was programmed to work and the environment (system) it works within. There is a 10-minute pause/delay programmed into the malware before it dials-out. It was stated by people who reverse-engineered it, and also proven in the video you posted link to. The only question is, does the malware process gain independence after being loaded into memory, or is it still dependent on the main CCleaner process being active. It is super-easy to answer if someone wanted and had time to check. All one had to do is repeat the steps in the video, but clos
  7. Hello, do you know of any researchers other than Talos Group stating this? If that is true, it is worh noticing that 32-bit system CCleaner users, who were using it on as-needed basis could have avoided complete malware execution aswell. All one had to do was run and close CCleaner (without leaving in tray) within 10-minute window. It is how I've always been using it myself and 10 minute margin means it is more than doable. The first stage was meant to be spray-and-pray, that is why I would consider the above as a flaw in the malware, limiting (possibly) its reach. Talos states that t
  8. Hello, I would like to notify Piriform Admins/Moderators, that the (most likely custom) link: https://dl.cleverbridge.com/502/(...)/ccsetup533_be.exe (link broken on purpose) I received when buying my license is still active and (per filename, obviously) points to compromised v5.33 CCleaner installer. That is most likely what Edweather downloaded, as his link is problably active aswell. Also, would it be possible for anyone from Piriform to officially confirm that on x64 systems (Windows 7 in my case) no parts of the malware get/got to execute (activate) and no unauthorized c
  • Create New...