CCleaner stuffed with malware

Author
kitekrazy1
Max Output Level: -40 dBFS
  • Total Posts : 3524
  • Joined: 2014/08/02 17:52:51
  • Status: offline
2017/09/19 05:40:47 (permalink)

Sonar Platinum, W7 Pro 32GB Ram, Intel i7 4790, AsRock Z97 Pro 4,  NVidia 750ti, AP2496
 
Sonar Platinum, W7 Pro, 16GB Ram, AMD FX 6300, Gigabyte GA 970 -UD3 P, nVidia 9800GT, Guitar Port, Terratec EWX 2496
#1

15 Replies Related Threads

    AndyB01
    Max Output Level: -87 dBFS
    • Total Posts : 200
    • Joined: 2004/04/16 16:33:07
    • Location: UK
    • Status: offline
    Re: CCleaner stuffed with malware 2017/09/19 07:40:28 (permalink)
    Only affected the 32-bit binary it seems so if you're on 64-bit you should be unaffected. Just goes to prove the old adage: the only safe network connection is an air gap.

    Apparently the destination server was taken down before the payload executed in the wild but goes to show how careful you need to be.

    Lots more info on line. Thanks for sharing though - good spot.

    Sonar Platinum, Win10 Pro 64-bit, 16Gb RAM, Six-core AMD, Twin SSD. Instruments: Roland A88 and Taylor 314CE all through a Focusrite Scarlett 2i4. More ambition than talent.

    #2
    abacab
    Max Output Level: -30.5 dBFS
    • Total Posts : 4464
    • Joined: 2014/12/31 19:34:07
    • Status: offline
    Re: CCleaner stuffed with malware 2017/09/19 14:00:34 (permalink)
    Sloppy controls on their part, but at least it only affected version 5.33.6162 in the 32-bit flavor.
     
    http://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users
     
    I was still running v5.31, so it sometimes pays to be a slow updater.  Not to mention that I use 64-bit as well.  Strange that the hackers only targeted 32-bit, but no complaints here.
     
    I also block outbound network connections with firewall by default, except for those applications that absolutely need it.  Hopefully that will reduce the impact of any trusted and signed programs that get back-doored like this.

    DAW: CbB; Sonar Platinum, and others ... 
    #3
    oockkk
    Max Output Level: -90 dBFS
    • Total Posts : 19
    • Joined: 2017/07/04 20:27:35
    • Status: offline
    Re: CCleaner stuffed with malware 2017/09/19 22:03:23 (permalink)
    I have been using this for a long time.
    #4
    RSMCGUITAR
    Max Output Level: -64 dBFS
    • Total Posts : 1318
    • Joined: 2014/12/27 02:33:15
    • Location: Toronto
    • Status: offline
    Re: CCleaner stuffed with malware 2017/09/19 22:32:51 (permalink)
    Luckily I hadn't updated in awhile. I do like the program though. How do you guys feel about using it going forward?
    #5
    Rimshot
    Max Output Level: -29 dBFS
    • Total Posts : 4625
    • Joined: 2010/12/09 12:51:08
    • Location: California
    • Status: offline
    Re: CCleaner stuffed with malware 2017/09/19 22:55:34 (permalink)
    I didn't have the bad version but I am going to continue using it going forward. I only launch it when I clean stuff up and always backup my registry beforehand. 
    I run Malwarebytes (full version) with all options on along with Windows AV and Firewall. I also run cloud and local backups so I hope I am covered. 
     
    It is just a bummer that so many titles are prone to hacking. I have dealt with my health insurance carrier 2 years ago and now bigger and badder problems these days. I don't think really any software is perfectly safe from hackers so we just have to beware and have good protection in place. 

    Rimshot 

    Sonar Platinum 64 (Lifer), Studio One V3.5, Notion 6, Steinberg UR44, Zoom R24, Purrrfect Audio Pro Studio DAW (Case: Silent Mid Tower, Power Supply: 600w quiet, Haswell CPU: i7 4790k @ 4.4GHz (8 threads), RAM: 16GB DDR3/1600 
    , OS drive: 1TB HD, Audio drive: 1TB HD), Windows 10 x64 Anniversary, Equator D5 monitors, Faderport, FP8, Akai MPK261
    #6
    abacab
    Max Output Level: -30.5 dBFS
    • Total Posts : 4464
    • Joined: 2014/12/31 19:34:07
    • Status: offline
    Re: CCleaner stuffed with malware 2017/09/19 23:09:02 (permalink)
    Backups ... backups ... backups ...

    DAW: CbB; Sonar Platinum, and others ... 
    #7
    RSMCGUITAR
    Max Output Level: -64 dBFS
    • Total Posts : 1318
    • Joined: 2014/12/27 02:33:15
    • Location: Toronto
    • Status: offline
    Re: CCleaner stuffed with malware 2017/09/20 04:12:00 (permalink)
    Yeah, I have Norton... Will probably just keep using CCleaner regardless
    #8
    GjB
    Max Output Level: -87 dBFS
    • Total Posts : 197
    • Joined: 2015/10/31 22:09:10
    • Location: Japan
    • Status: offline
    Re: CCleaner stuffed with malware 2017/09/20 08:40:28 (permalink)
    I did a regular manual scan of my PC with Malwarebytes on the 19th (here in Japan) and it unexpectedly found a Trojan.
    And where was it? In the CC folder.
    So it was good to hear about this news soon after and put 2 and 2 together.
    Unfortunately the software didn't tell me it was there until I scanned. I suppose that's what manual and automatic scan schedules are for. I don't worry too much about these things. Malwarebytes removed or quarantined it and I enjoy tinkering (although tinkering was the reason I updated CCleaner which caused the issue). I look forward to reformatting and reinstalling everything with the Windows 10 Fall update in October.
     
    Here's the record:

    post edited by GjB - 2017/09/20 13:51:51

    The Computer Mouse (web)
    Cakewalk by BandLab, Windows 10 Pro (64-bit), Focusrite 2i4 (Gen 1), i7-3770K, NH-D14, 32 Gigs, GTX 970, SSDs and HD, Sony MDR-7506, M-Audio Code 61. Easy-install guide
    #9
    abacab
    Max Output Level: -30.5 dBFS
    • Total Posts : 4464
    • Joined: 2014/12/31 19:34:07
    • Status: offline
    Re: CCleaner stuffed with malware 2017/09/20 13:56:39 (permalink)
    GjB
    I did a regular manual scan of my PC with Malwarebytes on the 19th (here in Japan) and it unexpectedly found a Trojan.
    And where was it? In the CC folder.
    So it was good to hear about this news soon after and put 2 and 2 together.
    Unfortunately the software didn't tell me it was there until I scanned. I suppose that's what manual and automatic scan schedules are for. I don't worry too much about these things. Malwarebytes removed or quarantined it and I enjoy tinkering (although tinkering was the reason I updated CCleaner which caused the issue). I look forward to reformatting and reinstalling everything with the Windows 10 Fall update in October.
     
    Here's the record:





    Very interesting!  I see that you are running a 64-bit version of Windows.  The trojan was only planted in the 32-bit installer of CCleaner.  So just curious, did you only have the 32-bit CCleaner installed?

    DAW: CbB; Sonar Platinum, and others ... 
    #10
    2:43AM
    Max Output Level: -68 dBFS
    • Total Posts : 1147
    • Joined: 2013/06/24 07:59:49
    • Location: PHX
    • Status: offline
    Re: CCleaner stuffed with malware 2017/09/20 14:04:00 (permalink)
    Just download and use an older version.  I've successfully used Crap Cleaner v5.22 (Oct 2016) up to this point with no issues and full compatibility with Win10.  Before that, I used v4.18 (Oct 2014) with no issues as well, but I think it did run a bit slower on Win10, hence why I chose to update.
     
    It should be a given that any FREE software that is continuously updated, like CCleaner, even Malwarebytes, etc. will be contain more and more bloat, and possibly malware and/or extras you don't want because you forgot to uncheck a hidden button.
    #11
    abacab
    Max Output Level: -30.5 dBFS
    • Total Posts : 4464
    • Joined: 2014/12/31 19:34:07
    • Status: offline
    Re: CCleaner stuffed with malware 2017/09/20 14:16:19 (permalink)
    I think the biggest issue here is that the hackers got access into the development servers of a trusted company, and planted a trojan inside software that was officially signed, therefore trusted by Windows and your AV.
     
    This method could be used against ANY mainstream software vendor, even Microsoft or Cakewalk.
     
    Not much you can do about this type of attack, except maybe not update as frequently, LOL!  The burden is on the developers to keep things under better lockdown until release.
     
    It is reassuring to see that Malwarebytes identified this particular trojan, as I run the free, on demand scanner at least once a week!

    DAW: CbB; Sonar Platinum, and others ... 
    #12
    GjB
    Max Output Level: -87 dBFS
    • Total Posts : 197
    • Joined: 2015/10/31 22:09:10
    • Location: Japan
    • Status: offline
    Re: CCleaner stuffed with malware 2017/09/20 14:16:28 (permalink)
    abacab
     
    Very interesting!  I see that you are running a 64-bit version of Windows.  The trojan was only planted in the 32-bit installer of CCleaner.  So just curious, did you only have the 32-bit CCleaner installed?


     
    I'm not too sure now that it's updated. It certainly automatically updated to the 64bit version. And I'd usually choose a 64 bit version of any software if there's a choice. Nowadays these things are automatic and default to the OS, but I'm not so sure about CCleaner on that point. There are no CCleaner folders or files in the Program Files (x86) folder.
    The only thing I did notice at the time of updating CCleaner was that the update went via Download.com which is not so unusual, but having it coming from Piriform is more reassuring.
    Maybe I'm weird, but I get just as much fun fixing things as I do breaking them. For me it's all just a reformat away.
    I couldn't say that if my PC was my bread and butter though. 

    The Computer Mouse (web)
    Cakewalk by BandLab, Windows 10 Pro (64-bit), Focusrite 2i4 (Gen 1), i7-3770K, NH-D14, 32 Gigs, GTX 970, SSDs and HD, Sony MDR-7506, M-Audio Code 61. Easy-install guide
    #13
    AndyB01
    Max Output Level: -87 dBFS
    • Total Posts : 200
    • Joined: 2004/04/16 16:33:07
    • Location: UK
    • Status: offline
    Re: CCleaner stuffed with malware 2017/09/20 14:19:49 (permalink)
    Although both CCleaner and MBAM offer paid for pro versions which should be better controlled but are probably not. There are other registry cleaners but CCleaner is less aggressive than some and you're generally less likely to inflict damage or break your system when using it. That said you should always back up registry changes anyway in case you need to regress.

    Sonar Platinum, Win10 Pro 64-bit, 16Gb RAM, Six-core AMD, Twin SSD. Instruments: Roland A88 and Taylor 314CE all through a Focusrite Scarlett 2i4. More ambition than talent.

    #14
    abacab
    Max Output Level: -30.5 dBFS
    • Total Posts : 4464
    • Joined: 2014/12/31 19:34:07
    • Status: offline
    Re: CCleaner stuffed with malware 2017/09/20 14:36:28 (permalink)
    AndyB01
    Although both CCleaner and MBAM offer paid for pro versions which should be better controlled but are probably not. There are other registry cleaners but CCleaner is less aggressive than some and you're generally less likely to inflict damage or break your system when using it. That said you should always back up registry changes anyway in case you need to regress.



    I don't use the registry cleaner in CCleaner.  Modern Windows don't really need that, as obsolete registry entries are not likely to affect performance.
     
    But I like to use it to clean up cookies, internet cache, old logs, miscellaneous files, and leftover installer tidbits on a daily basis.  Saves on the manual labor of searching all that out and manually deleting it.

    DAW: CbB; Sonar Platinum, and others ... 
    #15
    JohanSebatianGremlin
    Max Output Level: -82 dBFS
    • Total Posts : 402
    • Joined: 2016/03/17 22:27:15
    • Status: offline
    Re: CCleaner stuffed with malware 2017/09/26 17:06:46 (permalink)
    RSMCGUITAR
    Luckily I hadn't updated in awhile. I do like the program though. How do you guys feel about using it going forward?

    CCleaner has a very loyal following so I'm sure my opinion will be disregarded by most. But when I was doing computer repair for a living, I couldn't count how many times I made easy money wiping and reinstalling hard drives after someone tried to use CCleaner to 'fix' the machine and ended up making it 10X worse.
     
    Because of this, I've never really felt the need to use it myself. But then I've never been much of a fan of any registry utilities.

     
    If gear was the determining factor, we would all have a shelf full of Grammies and a pocket full of change.  -microapp
     
    i7, 32gb RAM, Win10 64bit, RME UFX
    #16
    Jump to:
    © 2024 APG vNext Commercial Version 5.1