A computer components & hardware forum. HardwareBanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » HardwareBanter forum » General Hardware & Peripherals » Homebuilt PC's
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

"CCleaner compromised: better check your PC"



 
 
Thread Tools Display Modes
  #11  
Old September 19th 17, 04:18 AM posted to alt.comp.freeware,alt.conspiracy,alt.comp.os.windows-10,comp.lang.c,alt.comp.hardware.pc-homebuilt
mike
external usenet poster
 
Posts: 75
Default "CCleaner compromised: better check your PC"

On 9/18/2017 7:33 PM, Ant wrote:
In alt.comp.hardware.pc-homebuilt Tim wrote:
Arnie Goetchius wrote in
news


This apparently affected version 5.33 32 bit only. 5.34 has now been
released

And it only infected the 32bit version. So 64bit users were always ok, and
any 32bit users that are up to 5.34 are ok as well.


And according to Piriform, the code put into place was only a loader, a
'back door' so to say, and as far as they can tell no actual damaging
software ever used it. But the info it did steal was not something that one
would want spread around, although in and of itself would not be that
damaging.


Are portable versions OK?

If the program installed a back door, what do we do to fix that?
Uninstalling the program won't help that.
Do we have to update/reinstall CCleaner to get the bad stuff removed?
Does that delete the previously installed malware?
Is there a specific remover for the exploit?
What about anything that got installed by the exploit?
Pardon me if I don't accept the Piriform implication that it was
never exploited.

What's the scoop on that?
  #12  
Old September 19th 17, 06:32 AM posted to alt.comp.freeware,alt.conspiracy,alt.comp.os.windows-10,comp.lang.c,alt.comp.hardware.pc-homebuilt
Tim[_19_]
external usenet poster
 
Posts: 9
Default "CCleaner compromised: better check your PC"

mike wrote in news
If the program installed a back door, what do we do to fix that?
Uninstalling the program won't help that.
Do we have to update/reinstall CCleaner to get the bad stuff removed?
Does that delete the previously installed malware?
Is there a specific remover for the exploit?
What about anything that got installed by the exploit?
Pardon me if I don't accept the Piriform implication that it was
never exploited.

What's the scoop on that?


My understanding from Piriform's blog is that the code involved would load
when CCleaner loads. It loads as a standalone background task, and is not
self reloading at boot time. So once your copy of CCleaner is upgraded to
5.34 and Windows is rebooted, the rogue software should be no more. If you
feel comfortable with RegEdit, you can look at HKLM/Software/Piriform and
see if there is a key for Agnora (sp). If it is still there you can delete
it. As always, if you are killed or captured - oh wait, wrong instructions.
Before playing in the Registry one should always back it up and set a
Restore Point. That way if something is fat fingered you have a way back. I
have the 64bit version of 5.34, and there are only three registry keys
under Piriform. If you find more, check the Priform blog for what should
not be there and delete it.

"Exceptional actions always evoke exceptional criticism!"
  #13  
Old September 19th 17, 04:23 PM posted to alt.comp.freeware,alt.comp.os.windows-10,comp.lang.c,alt.comp.hardware.pc-homebuilt
Mr. Man-wai Chang
external usenet poster
 
Posts: 697
Default "CCleaner compromised: better check your PC"

On 19/9/2017 8:21 AM, Blake Snyder wrote:
What software do you recommend for checking software?

I have Wireshark, for example, but it's complex to use (as you may know).
I also have Fiddler4, & TCPView, & Glasswire.

None of those would have caught it though because all are active sniffers.

What free software, as a passive sniffer, do you recommend that
would/should have caught the spyware in CCleaner when even Avast & Kapersky
didn't catch it?


To be honest, I am running Avira Antivirus. But in email handling, I use
only my experience to check messages and their attachment. Not
experienced in using those probes and tools.


--
@~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!!
/ v \ Simplicity is Beauty!
/( _ )\ May the Force and farces be with you!
^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3
不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺! 請考慮綜援 (CSSA):
http://www.swd.gov.hk/tc/index/site_...sub_addressesa
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
USB bootable maker: Diff between "HP Drive Key Boot Utility" and "HP USB Disk Storage Format Tool"? Jason Stacy Storage (alternative) 1 April 21st 09 01:14 AM
Another reason to get "TV Failed to Initialize, Check Drivers" error with MMC9.16 and Cat7.1 Captain Midnight Ati Videocards 0 February 21st 07 09:49 PM
Canon MP130 "Check Ink Tank" Error Baphomet Printers 4 February 1st 07 05:42 PM
Solution to HP Error "Remove and Check Cartridges" [email protected] Printers 1 February 19th 06 05:26 PM
8IEXP Upgraded to 2.8Northwood but "Check System Health!" when bootup [email protected] Gigabyte Motherboards 2 December 18th 05 07:33 AM


All times are GMT +1. The time now is 08:52 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright 2004-2024 HardwareBanter.
The comments are property of their posters.