• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
  • Hi Guest. We've rebooted and consolidated our Communities section, so be sure to check it out and subscribe to some threads. Thanks!

CCleaner infected with malware

bionic77

Member
Jun 7, 2004
58,286
1
0
I am out of the loop when it comes to Windows (I switched to Macs 10+ years ago when they switched to Intel).

We still use Windows at my office but all of my personal computers are Macs. At work we have antivirus and antimalware installed but I don't really use my computer to go online so I have never gotten a virus. Pretty much every office virus we have gotten was from an older person opening an attachment from an email.

That said what is the best way to keep a Windows computer clean (outside of staying offline) and what is the most common way people are getting viruses and malware on their PCs these days?
 

Sulik2

Member
Apr 17, 2012
7,834
0
0
I am out of the loop when it comes to Windows (I switched to Macs 10+ years ago when they switched to Intel).

We still use Windows at my office but all of my personal computers are Macs. At work we have antivirus and antimalware installed but I don't really use my computer to go online so I have never gotten a virus. Pretty much every office virus we have gotten was from an older person opening an attachment from an email.

That said what is the best way to keep a Windows computer clean (outside of staying offline) and what is the most common way people are getting viruses and malware on their PCs these days?
The best way to keep a computer clean is keep it up to date. All windows updates and browser updates then don't be stupid online. Downloading free music, movies, games and porn is still the number one vector for getting infections. Only browsr legit websites and be careful opening emails and you can avoid getting malware without even needing an antivirus in most cases. Stuff like no script and adblock running in a browser will stop malicious ads from infecting your computer as well, which is another vector for infections that is harder to avoid.
 

bob_arctor

Tough_Smooth
Jun 7, 2004
18,636
2
0
47
This isn't related but I just got that "Aw Snap" pages won't load error on Chrome last night out of nowhere. Can't seem to fix it either. It hasn't stopped all my pages but enough of them. Anyone have any idea?

For now I've just gone to Firefox.
 

gamz

Member
Nov 11, 2015
13,665
2
0
I am out of the loop when it comes to Windows (I switched to Macs 10+ years ago when they switched to Intel).

We still use Windows at my office but all of my personal computers are Macs. At work we have antivirus and antimalware installed but I don't really use my computer to go online so I have never gotten a virus. Pretty much every office virus we have gotten was from an older person opening an attachment from an email.

That said what is the best way to keep a Windows computer clean (outside of staying offline) and what is the most common way people are getting viruses and malware on their PCs these days?
Don't give users admin rights and keep the OS up to date. That's it. We rarely get virus or malware.
 

magawolaz

Member
Mar 28, 2011
2,790
0
0
"Registry

You might also check your registry for indicators of compromise (type regedit.exe in the start menu, and try to navigate to):

HKLM\SOFTWARE\Piriform\Agomo:TCID
HKLM\SOFTWARE\Piriform\Agomo:MUID
HKLM\SOFTWARE\Piriform\Agomo:NID"

Do these go away when you uninstall CCCleaner before checking? I don't even have a \Piriform path in the registery anymore.
I believe so, uninstalled it before reading that guide and can't find it either lol.
 

deim0s

Member
Apr 25, 2009
4,376
0
0
If you guys are on 64bit and have the program in the same architecture, you're probably fine. Better check the file hashes and the registry entries just to be sure.

Either way, uninstall this shit.
 

emag

Member
Apr 26, 2012
3,355
0
0
Windows optimization software is unnecessary in the age of 30 second+ boot-ups.
My PCs have had sub-30s boot times for well over a decade, with mechanical drives as well as SSDs. I don't want malware and related crap running on my PC, regardless of how fast my device is.

(Yes, I realize this is a bit ironic in view of the topic of this thread.)
 

GhostTrick

Banned
Jan 11, 2012
16,582
3
0
If you guys are on 64bit and have the program in the same architecture, you're probably fine. Better check the file hashes and the registry entries just to be sure.

Either way, uninstall this shit.

How do you know if you had the 5.33 version if you uninstalled it ?
 

Diablos

Member
Jun 6, 2004
46,405
6
1,665
US
So glad I use Win10 64-bit because I just scanned the setup exe and it's definitely infected.

I'm going to look for an alternative to CCleaner, I have a feeling this program is going to take a huge hit after this.
 
Jan 16, 2012
4,407
0
500
Just to confirm, it should be safe to boot up the program to check the version prior to uninstalling, right? Everything I'm reading seems to indicate that since I'm on 64 bit and that the malware was basically never "activated" I should be okay, but I'm just making sure.
 

Sibersk Esto

Banned
Jan 19, 2014
25,814
0
0
64 bit, 5.27 version with none of the regedit folders, but I'm uninstalling it anyway. I don't like the idea of something that's been exploited like this on my computer.
 

MilkBeard

Member
Jun 20, 2013
9,220
2
0
Windows optimization software is unnecessary in the age of 30 second+ boot-ups.
I think a lot of people use it simply for a quick way to delete all cookies, form data, and temp junk on the computer, i.e. to easily erase physical history on computer so your loved ones and friends won't stumble into the weird stuff you look at online ;)
 

GameAddict411

Member
Aug 4, 2013
5,494
0
0
I am out of the loop when it comes to Windows (I switched to Macs 10+ years ago when they switched to Intel).

We still use Windows at my office but all of my personal computers are Macs. At work we have antivirus and antimalware installed but I don't really use my computer to go online so I have never gotten a virus. Pretty much every office virus we have gotten was from an older person opening an attachment from an email.

That said what is the best way to keep a Windows computer clean (outside of staying offline) and what is the most common way people are getting viruses and malware on their PCs these days?
Don't visit shady websites, and don't click on ads, and certainly don't open anything you downloaded randomly.
 

Clockwork

Member
Jun 7, 2007
3,354
2
900
I think a lot of people use it simply for a quick way to delete all cookies, form data, and temp junk on the computer.
That's what I use it for (and have for years).

I managed to avoid the impacted version (using 64-bit and also a prior release) but I did just update and will continue to use it as though it was business as usual...
 

jrcbandit

Member
Nov 28, 2010
2,561
0
0
Texas
I'll have to check what version I have installed, although it's 64 bit. I mostly used it to delete cache and logs.

For malwarebytes, is running the old version 2. Whatever with latest definitions fine? Version 3 was buggy as hell when it launched and never heard anything good about it so I never updated.
 
Nov 16, 2011
2,757
0
0
Well, found a installer (that is infected) for 5.33 in my recycle bin

Did check the registry and cannot find the entries mentioned and a MalwareBytes, AdwCleaner and a quick scan with Windows Defender show clean.
 

LoveCake

Member
Nov 4, 2013
5,200
2
425
England
"Registry

You might also check your registry for indicators of compromise (type regedit.exe in the start menu, and try to navigate to):

HKLM\SOFTWARE\Piriform\Agomo:TCID
HKLM\SOFTWARE\Piriform\Agomo:MUID
HKLM\SOFTWARE\Piriform\Agomo:NID"

Do these go away when you uninstall CCCleaner before checking? I don't even have a \Piriform path in the registery anymore.
I have just tried these as you have said on the regedit.exe MY COMPUTER (finding through the whole system) and I didn't get any of these showing up.

I have the x64 Pro version, I have NOT yet updated to the new version.



Am I ok
 

Neith

Banned
Apr 25, 2017
1,546
0
0
I used Ccleaner mostly to securely erase any data I needed to. I use only the 64 bit version, but the 32 version was still there. Every time I boot up it only used the 64 version.

But MB told me it was there, which I think was the 32 version, and I killed it. Or most of it.
 

Joezie

Member
Apr 6, 2013
678
0
0
wew, this is going to be a doozy.

Parental computer had the affected 32 bit version but they don't have the exe and removed the program.

I've run a RogueKiller scan, an MB scan and have searched the registry for any of the apparent infected values but 0 results so far. News sense tells me I'm not looking hard enough and that it is probably hiding but Comp sense tells me if its not showing up they probably didn't download an infected version of 5.33 to begin with and likely before the time period of infection.

The struggle is real.
 

Primus

Member
Jan 13, 2015
1,602
1
0
Hrm, none of the articles say whether or not the portable version was also infected. I'm going to assume it was and update our shop's utility stuff anyways (the portable version is great for a quick clean on older machines) just in case.
 

Lord Error

Insane For Sony
Jun 8, 2004
28,320
0
0
This kind of thing is becoming more frequent. First it happened with Transmission torrent client on Mac, then with something else, and now CCleaner. Really sucks, and there's practically nothing a user can do to prevent this as it can happen to any practically software you're using.
 

KojiKnight

Member
May 24, 2012
20,249
1
630
That said what is the best way to keep a Windows computer clean (outside of staying offline) and what is the most common way people are getting viruses and malware on their PCs these days?
Same way as you would on a mac, iphone, or android phone... downloading stupid random shit on the internet and clicking every attachment they get in their spam. Same as it's always been.
 
Jun 6, 2004
14,917
0
1,590
This kind of thing is becoming more frequent. First it happened with Transmission torrent client on Mac, then with something else, and now CCleaner. Really sucks, and there's practically nothing a user can do to prevent this as it can happen to any practically software you're using.
Good thing Equifax went all "security issues? hold my beer..." 2 weeks ago, or I'd be more ticked about this normally.
 

dh4niel

Member
Mar 1, 2014
3,565
1
0
So if I uninstall and do a malwarebytes scan I should be good?

Edit: Turns out I have v5.31 i'm uninstalling and doing a scan anyway.
 

Brian Griffin

Member
May 13, 2009
4,010
1
0
WA, USA
Wow what a coincidence. It's been months since I updated and then randomly decided to run the cleaner and update to 5.34 from like 5.18. So I'm safe then right? Because I skipped 5.33?