I was wondering if it is logical that CCleaner is seeing beyond it's VM window and cleaning the entire machine/disk? I have noticed that it cleans volumes more than it reports after hitting the Analyze button.
While it may be a problem for some, it seems to be pointing out an intrusion on my network.
Has anyone any experience or other info to corroborate this???
Thanks.
Ive seen several topics in the past regarding inconsistent analyze vs cleaned numbers. I have to ask. What do you mean by 'cleaning the entire disk' and 'intrusion on my network'?
Disk, I think he's running CCleaner on Virtual Machine (which acts like a seperate computer and calls your computer part of it's "Network" AFAIK) and that the CCleaner does not seem to be tricked by being run inside the VM and wants to clean the Real Computer (or as he said in his network)
Of course, not being a user or understander of VM, I could be just talkin out on my Palin ass
Hi TerenceH.
If you can give some specifics, like what OS and what VM? What is cleaned more than you expected to be?
Humpty and hazelnut are well versed in VM use. I am familiar a little bit but don't have CCleaner on any VM. Will install it and check if you tell me what to look for.
In general, I have never had anything escape from VMWare server, nor to affect the host machine from within the VM. It can happen but has not happened to me.
Sorry for the delay in getting back to this question. It does appear that the thread is on the correct track. I didn't want to overflow on info in the initial post.
- The observation is the variance between Analyze and Deleted sizes and files deleted.
- There appears to be items deleted which were not on the analyze list.
- The additional items are unfamiliar - meaning neither reason or cause to exist - not my files.
- I am the sole user on these machines
- My network and as many as 5 computers are affected and have this behavior.
- Running XP or Vista on those machines.
- Rebuilds do not prevent recurrence.
- When on a 'clean' machine there is no discrepancy between Analyzed and Deleted.
- When on an 'infected' machine there is always a slight discrepancy - the discrepancy is far geater when the machine has been utikized more.
- There are other behaviors exhibited on an infected machine.
- The machines are behaving as if they have been placed inside a VM environment.
- There are several clues - mostly hardware based adjustments - which corroborate this theory.
- The VM Environment (a lite form of NT) seems to spring from a PXE Agent stored in the extra space on the BIOS chip.
- ANY attempts to update the BIOS is blocked by a memory manager on the BIOS.
- IF CMOS is completely reset (through the hardware) the memory manager takes windows down removing either licensing files so windows must be reinstalled, or the file system structure files so the hard disk cannot be read.
- The CCleaner behavior begins to happen on the machines of people who provide direct assistance in researching the problems. ** Even people who I had not known prior and who are not directly or indirectly conected to my network.
I believe it is an installation of a stealth surveillance program called WebWatcher by Awareness Technologies. Their marketing documents expand on the stealth capabilities.
The VM environment 'envelope' would provide their stealth functionality as described. The machines are NOT able to see the outer machine. They boot directly into the VM. This is why the hardware changes (or even hardware setting changes) create clues.
I am asking if perhaps the discrepancy between Analyze and Deleted is another clue to being inside the VM.
Is CCleaner seeing beyond the VM? Is it possibly deleting the discarded working files from the outside machine once the data has been transmitted.
This is a sincere question. The initial installation of the surveillance program was illegal. The arrogant software company denied my request for removal when I detected it. The program is being used to cause financial difficulties, and insight into legal situations relating to divorce and custody. As such, I may be providing considerable R&D for the software company who will face charges for the damages caused by their program. Damages affecting my professional, financial and personal life for the last 2 years.
FYI, there isn't a lawyer around willing to take my case... i think it will reveal that there are alot of lawyers using this type of program to spy on opposing parties (counsel or client). I don't imagine they want to be the one to expose the magnitude of the problem.
In the past when providing this much information, I usually will notice a programming change which conceals the condition in the future. I do have examples of the file listings and sizes which point out the discrepancy.
I hope this was breif enough... I sincerely appreciate any info on the topic.
Terance
As far I can see from your post your problems result from the software that you said was installed illegally, to view info about finance and a divorce and custody case.
CCleaner will have no bearing on how this 'illegal' software performs I should think
If I were you I'd get yourself a new computer and start afresh.
Good luck.
All too often this has happens when presenting the information on this topic. I did not provide such detail initially because it clouds the issue or the question. Redirection and confusion have been effective tools in preventing any answers to even the simplest of forum questions.
My original question remains... Is it possible that CCleaner is seeing beyond the VM 'envelope' when it notices and deletes files?
I sincerely request that the chaos of the details not blur the question in this thread. This is the first thread to have survived multiple intelligent replies without being re-directed or confused. I assure you there is no secret agenda.
Thank You,
Terance
All too often this has happens when presenting the information on this topic. I did not provide such detail initially because it clouds the issue or the question. Redirection and confusion have been effective tools in preventing any answers to even the simplest of forum questions.
My original question remains... Is it possible that CCleaner is seeing beyond the VM 'envelope' when it notices and deletes files?
I sincerely request that the chaos of the details not blur the question in this thread. This is the first thread to have survived multiple intelligent replies without being re-directed or confused. I assure you there is no secret agenda.
Thank You,
Terance
I do not know if CC has any special skill to modify " beyond the VM 'envelope' ".
I believe you can use VM to run/simulate Linux on a Windows machine etc., and I would expect CC to clean any files the VM allows for write access.
I also think of VM (and Sandboxes) as techniques to protect the system from Internet malware, and if that is your requirement, any indication that CC is transgressing the protection boundary suggests defective protection against malware.
Regards
Alan
Alan,
Unfortunately, I am not in a position to test/simulate. Simply trying to survive. I have witnessed this behavior on multiple machines. XP and Vista. And it was on the Linux install when I discovered their use of the VM to hide. Real life simulations as it were.
There is NO PROTECTION from the type of intrusion I am experiencing. There is an organization (antispywarecoalition.org) which bridges the gap between the makers of surveillance software and the anti-spy/anti-virus companies. They permit THIS program through unchecked along with several others. Even though they do not meet the criteria listed to ignore the programs. Even though the functionality provided is FAR more than any parent would use on a child, or any supervisor on an employee. There is no reason for such a suite of obfuscation and redirection in anything else but stealh surveillance and detectikon prevention.
Currently have it narrowed down to a PXE program in the BIOS, protected by a Memory Manager. I am hoping to find a way around it. It has been very destructive. When I discovered it, the software company didn't realize my level of experience and lied about the install. When I proved it to them, they began harrasing me... It continues still today.
Thansk for your info, and any other feedback.
Terance
Terance
I recently read somewhere, possibly in Spyware Hell, that some malware especially cripples CCleaner and other junk removers because some malware hopes to lurk un-detected in junk / temp folders and files, so takes pre-emptive action.
Consequently, if you are suffering with a form of malware, advice in this forum based on how CCleaner SHOULD work may be totally inappropriate to a crippled/corrupted installation.
If I were in your situation I would consider the whole network to be corrupt - all computers and routers and firewalls.
As a perpetual paranoid I would also consider the possibility of virus infection of firmware, bios, cmos,and any other non-disc locations.
I would not trust a hardware firewall - it could already be compromised.
Even if the hardware firewall was NOT compromised, I would only expect it to protect my network from the WWW internet, and fear that it has no ability to prevent cross-infection within my network.
I would fully isolate one computer from all the others, purge as far as possible, and add a good quality software firewall (I recommend Comodo) which gives better protection than a hardware firewall against WWW intrusions, and can be infinitely superior against anything already inside the network.
Only after doing this for all computers would I begin to put them together as a network.
I see danger where ever I look, so going over the top is a bit of a habit, but it might also be why I have been "virus free since 83" !!!
I have expressed my fears and how I would spend my first 5 minutes approaching the situation, BUT I would definitely feel out of my depth.
BEFORE taking any action I would first seek advice and hand-holding from experts, such as in our companion forum Spyware Hell at http://forum.piriform.com/index.php?showforum=12.
I wish you well
Best regards
Alan