CCleaner

Discussion in 'Windows XP Security' started by priscus, Sep 18, 2017.

  1. priscus

    priscus

    Joined:
    Jun 1, 2016
    Messages:
    195
    Likes Received:
    12
    Anyone using versions: v5.33.6162 and CCleaner Cloud v1.07.3191 is advised to download new versions.

    August download has been hacked.
     
    priscus, Sep 18, 2017
    #1
    1. Advertisements

  2. priscus

    priscus

    Joined:
    Jun 1, 2016
    Messages:
    195
    Likes Received:
    12
    1. Advertisements

  3. priscus

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    4,529
    Likes Received:
    229
    Location:
    Florida
    priscus, thanks for the update, I use an older version of ccleaner, 5.26.5937 with auto updates disabled, and monitoring disabled, :)
     
    Elizabeth23, Sep 18, 2017
    #3
  4. priscus

    Jody Thornton

    Joined:
    Jul 14, 2014
    Messages:
    165
    Likes Received:
    11
    Location:
    Richmond Hill, Ontario
    Can XP even run 5x versions of Ccleaner?
     
    Jody Thornton, Sep 18, 2017
    #4
  5. priscus

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    4,529
    Likes Received:
    229
    Location:
    Florida
    I have gone with this version since an upgrade to anything after version 5.26.5937, did not play well with xp. cannot remember what issues I had, :)
     
    Elizabeth23, Sep 18, 2017
    #5
  6. priscus

    priscus

    Joined:
    Jun 1, 2016
    Messages:
    195
    Likes Received:
    12
    Your lucky.

    Have got six devices, running ver5.34. but they HAVE previously run 5.33!

    According to blog referenced above, these require either system restore to date prior to when 5.33 ran, or re-install.

    Have only just finished wrapping up final tail ends associated with last herculean task of re-installing OS.

    And my restore point of 9th Aug for two of my XP systems appeared to be a solution, but ten minutes into the process, it terminates with message that it cannot complete restore to that date.

    So, I will have to live with the infected systems until one of the malware programs offers a solution: it seems to date, only one in sixty four of them are detecting it!
     
    priscus, Sep 18, 2017
    #6
  7. priscus

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    4,529
    Likes Received:
    229
    Location:
    Florida
    1. I do not use system restore and have disabled it on all my pc's and use ERUNT which makes a new registry restore point with each restart.

    2. Even with a full clean install sometimes I will get a "cannot complete restore" unless I do the restore from safe mode, A safe mode restore has not ever failed, yet, :)

    3. if you have completed a reinstall with a full drive wipe then your system should be clean, I use Darik's (dban) everytime I reinstall as it does a better wipe then the normal wipe done at the beginning of installation, and if you use xp's wipe do not use the quick wipe,(or quick format)

    4. go with the older version, and as I am sure you do this regularly , as do I, always save downloads to desktop and scan with antivirus and with malwarebytes free. This way you have a 99% chance of catching anything before it is released onto the pc. :)
     
    Elizabeth23, Sep 18, 2017
    #7
  8. priscus

    priscus

    Joined:
    Jun 1, 2016
    Messages:
    195
    Likes Received:
    12
    Malwarebytes found Trojan: 'Floxif' (potentially dangerous) on two of my machines.

    I cannot prove they had been left as a consequence of the toxic payload enabled by the malware in Ccleaner, but it would appear to be the only thing which the two machines have in common, and neither had visited any dodgy sites, or had any unknown material clicked upon.

     
    priscus, Sep 19, 2017
    #8
  9. priscus

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    4,529
    Likes Received:
    229
    Location:
    Florida
    but your machines are clean now, yes??
     
    Elizabeth23, Sep 19, 2017
    #9
  10. priscus

    priscus

    Joined:
    Jun 1, 2016
    Messages:
    195
    Likes Received:
    12
    Well......

    Malwarebytes has removed Floxif from both machines, and is finding no other issues. Neither is Avast on the XP machine, or Windows Defender on the W10 machine.

    However, at least as of yesterday, NONE of the regular AV (except clamav) are yet recognising the malware in CC 5.33, Article cites very low rate of detection: one in sixty-four.

    Although, it was Floxif that clamav had detected in their screenshot.

    So I will run av scans every session of using these machines just to ensure that there is not still a viable source of entry for malicious code.

    There are still three machines which I have not yet checked, and I am too busy to do so at present, so they will remain unused until I have the opportunity to deal with them.

    ps On W10, Windows Defender failed to find the instance of Floxif which was discovered by Malwarebytes, and 'Bootime'scan performed by Avast also failed to detect it on the XP machine.
     
    Last edited: Sep 19, 2017
    priscus, Sep 19, 2017
    #10
  11. priscus

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    4,529
    Likes Received:
    229
    Location:
    Florida
    it would be best to never depend on one scanner, I have malwarebytes as an on demand scanner and 360TSE as a real time antivirus and when I feel that there is something wonky on my pc I might run an online scan with kaspersky or eset, but I am not sure that they do it for xp anymore. but generally these two scanners keep my pc clean, :)
     
    Elizabeth23, Sep 19, 2017
    #11
  12. priscus

    priscus

    Joined:
    Jun 1, 2016
    Messages:
    195
    Likes Received:
    12
    Search engines list a number of specific 'Floxif' removal tools. Don't know how good they be. Have set this one to work, but has been scanning for nearly three hours now, which is just too long for regular use.

    https://www.avg.com/en-gb/remove-win32-floxif
     
    priscus, Sep 19, 2017
    #12
  13. priscus

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    4,529
    Likes Received:
    229
    Location:
    Florida
    Elizabeth23, Sep 20, 2017
    #13
  14. priscus

    priscus

    Joined:
    Jun 1, 2016
    Messages:
    195
    Likes Received:
    12
    Haven't tried it on the XP system yet. Was on the W10, that it took three hours to scan, and found no re-occurrence.
     
    priscus, Sep 20, 2017
    #14
  15. priscus

    priscus

    Joined:
    Jun 1, 2016
    Messages:
    195
    Likes Received:
    12
    https://www.wired.com/story/ccleaner-malware-targeted-tech-firms/

    Is beginning to make more sense now: someone went to a lot of trouble to try to sneak this through as an undetectable plant.

    Although version 5.34 has only been out for a matter of days, (They have been in the habit of updating on a monthly basis) Piriform have released version 5.35.
     
    priscus, Sep 21, 2017
    #15
  16. priscus

    Mike_Walsh

    Joined:
    Jan 20, 2016
    Messages:
    115
    Likes Received:
    20
    Location:
    King's Lynn, UK.
    @priscus:-

    Do be aware that ClamAV has a very high rate of 'false positives', so that screenshot shouldn't be taken too seriously.....

    One of the reasons nobody much uses it on the Linux side of the fence, either. Most folks I know prefer to use Comodo's 'AV for Linux' instead.


    Mike. ;)
     
    Mike_Walsh, Sep 23, 2017
    #16
  17. priscus

    priscus

    Joined:
    Jun 1, 2016
    Messages:
    195
    Likes Received:
    12
    Maybe, but not a falsey in this case.

    Both Malwarebytes and Avast now also detecting 'Floxif': just they have taken their time getting around to doing so.

    My first attempt at removal with Malwarebytes appeared successful and system tested clear, However it was not, and after a later switch-on, a re-occurrence was detected.

    Second attempt to rid of Floxif seems to have worked, and have purged the registry entries. (note the ver 5.35 of CCleaner does not have the 'Agomo' file so can safely eliminate its entries in registry.)

    Apparently the malware raged unchallenged for best part of a month because its certification was valid: now revoked, so hopefully AV will now, in general, be detecting it.

    The advice to restore or re-install, is because it is not known if any home users have received a secondary payload package of malware/spyware, as has been reported to have happened to the Tech. firm targets.
     
    priscus, Sep 23, 2017
    #17
  18. priscus

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    4,529
    Likes Received:
    229
    Location:
    Florida
    priscus: just a note, I have a flashdrive with all the installers for the programs I use (firefox, ccleaner, defraggler, erunt, etc) and in the versions I use so that when I reinstall xp, I use the flashdrive for the programs and do not go online and download the program, and also since flash drives are a big problem with installing viruses (especially if autorun and autoplay are not disabled) it is very helpful that 360 total security essentials, will scan a flashdrive the second you plug it in before it will let you open it.

    just another way to be safe, :)
     
    Elizabeth23, Sep 23, 2017
    #18
  19. priscus

    priscus

    Joined:
    Jun 1, 2016
    Messages:
    195
    Likes Received:
    12
    It would seem that the makers of A/V ware do NOT respond to emergent threats with anything like the haste that their hype would have us believe.

    In this case, it appears that the damage has been done by the time a user becomes aware of the infection, and even then, a significant window of opportunity exists before A/V is offering any protection.

    I guess that is why the advice given was to isolate any infected machine from any network connection until machine has been 'sanitised'.
     
    priscus, Sep 25, 2017
    #19
  20. priscus

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    4,529
    Likes Received:
    229
    Location:
    Florida
    need some bleach? :)
     
    Elizabeth23, Sep 25, 2017
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads
Loading...