• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

CCleaner infected with malware

bionic77

Member
I am out of the loop when it comes to Windows (I switched to Macs 10+ years ago when they switched to Intel).

We still use Windows at my office but all of my personal computers are Macs. At work we have antivirus and antimalware installed but I don't really use my computer to go online so I have never gotten a virus. Pretty much every office virus we have gotten was from an older person opening an attachment from an email.

That said what is the best way to keep a Windows computer clean (outside of staying offline) and what is the most common way people are getting viruses and malware on their PCs these days?
 

Sulik2

Member
I am out of the loop when it comes to Windows (I switched to Macs 10+ years ago when they switched to Intel).

We still use Windows at my office but all of my personal computers are Macs. At work we have antivirus and antimalware installed but I don't really use my computer to go online so I have never gotten a virus. Pretty much every office virus we have gotten was from an older person opening an attachment from an email.

That said what is the best way to keep a Windows computer clean (outside of staying offline) and what is the most common way people are getting viruses and malware on their PCs these days?

The best way to keep a computer clean is keep it up to date. All windows updates and browser updates then don't be stupid online. Downloading free music, movies, games and porn is still the number one vector for getting infections. Only browsr legit websites and be careful opening emails and you can avoid getting malware without even needing an antivirus in most cases. Stuff like no script and adblock running in a browser will stop malicious ads from infecting your computer as well, which is another vector for infections that is harder to avoid.
 

bob_arctor

Tough_Smooth
This isn't related but I just got that "Aw Snap" pages won't load error on Chrome last night out of nowhere. Can't seem to fix it either. It hasn't stopped all my pages but enough of them. Anyone have any idea?

For now I've just gone to Firefox.
 

gamz

Member
I am out of the loop when it comes to Windows (I switched to Macs 10+ years ago when they switched to Intel).

We still use Windows at my office but all of my personal computers are Macs. At work we have antivirus and antimalware installed but I don't really use my computer to go online so I have never gotten a virus. Pretty much every office virus we have gotten was from an older person opening an attachment from an email.

That said what is the best way to keep a Windows computer clean (outside of staying offline) and what is the most common way people are getting viruses and malware on their PCs these days?

Don't give users admin rights and keep the OS up to date. That's it. We rarely get virus or malware.
 
This seems like as good a place to ask as any:

I'm currently using paid Malwarebytes + windows defender. Is that sufficient or does windows defender not cut it?
 

magawolaz

Member
"Registry

You might also check your registry for indicators of compromise (type regedit.exe in the start menu, and try to navigate to):

HKLM\SOFTWARE\Piriform\Agomo:TCID
HKLM\SOFTWARE\Piriform\Agomo:MUID
HKLM\SOFTWARE\Piriform\Agomo:NID"

Do these go away when you uninstall CCCleaner before checking? I don't even have a \Piriform path in the registery anymore.
I believe so, uninstalled it before reading that guide and can't find it either lol.
 

deim0s

Member
If you guys are on 64bit and have the program in the same architecture, you're probably fine. Better check the file hashes and the registry entries just to be sure.

Either way, uninstall this shit.
 

emag

Member
Windows optimization software is unnecessary in the age of 30 second+ boot-ups.

My PCs have had sub-30s boot times for well over a decade, with mechanical drives as well as SSDs. I don't want malware and related crap running on my PC, regardless of how fast my device is.

(Yes, I realize this is a bit ironic in view of the topic of this thread.)
 
If you guys are on 64bit and have the program in the same architecture, you're probably fine. Better check the file hashes and the registry entries just to be sure.

Either way, uninstall this shit.


How do you know if you had the 5.33 version if you uninstalled it ?
 

Diablos

Member
So glad I use Win10 64-bit because I just scanned the setup exe and it's definitely infected.

I'm going to look for an alternative to CCleaner, I have a feeling this program is going to take a huge hit after this.
 
Just to confirm, it should be safe to boot up the program to check the version prior to uninstalling, right? Everything I'm reading seems to indicate that since I'm on 64 bit and that the malware was basically never "activated" I should be okay, but I'm just making sure.
 
64 bit, 5.27 version with none of the regedit folders, but I'm uninstalling it anyway. I don't like the idea of something that's been exploited like this on my computer.
 

MilkBeard

Member
Windows optimization software is unnecessary in the age of 30 second+ boot-ups.

I think a lot of people use it simply for a quick way to delete all cookies, form data, and temp junk on the computer, i.e. to easily erase physical history on computer so your loved ones and friends won't stumble into the weird stuff you look at online ;)
 
I am out of the loop when it comes to Windows (I switched to Macs 10+ years ago when they switched to Intel).

We still use Windows at my office but all of my personal computers are Macs. At work we have antivirus and antimalware installed but I don't really use my computer to go online so I have never gotten a virus. Pretty much every office virus we have gotten was from an older person opening an attachment from an email.

That said what is the best way to keep a Windows computer clean (outside of staying offline) and what is the most common way people are getting viruses and malware on their PCs these days?

Don't visit shady websites, and don't click on ads, and certainly don't open anything you downloaded randomly.
 

Clockwork

Member
I think a lot of people use it simply for a quick way to delete all cookies, form data, and temp junk on the computer.

That's what I use it for (and have for years).

I managed to avoid the impacted version (using 64-bit and also a prior release) but I did just update and will continue to use it as though it was business as usual...
 

jrcbandit

Member
I'll have to check what version I have installed, although it's 64 bit. I mostly used it to delete cache and logs.

For malwarebytes, is running the old version 2. Whatever with latest definitions fine? Version 3 was buggy as hell when it launched and never heard anything good about it so I never updated.
 
Well, found a installer (that is infected) for 5.33 in my recycle bin

Did check the registry and cannot find the entries mentioned and a MalwareBytes, AdwCleaner and a quick scan with Windows Defender show clean.
 

LoveCake

Member
"Registry

You might also check your registry for indicators of compromise (type regedit.exe in the start menu, and try to navigate to):

HKLM\SOFTWARE\Piriform\Agomo:TCID
HKLM\SOFTWARE\Piriform\Agomo:MUID
HKLM\SOFTWARE\Piriform\Agomo:NID"

Do these go away when you uninstall CCCleaner before checking? I don't even have a \Piriform path in the registery anymore.

I have just tried these as you have said on the regedit.exe MY COMPUTER (finding through the whole system) and I didn't get any of these showing up.

I have the x64 Pro version, I have NOT yet updated to the new version.



Am I ok
NrbDUuS.gif
 

SeanC

Member
Haven't updated in a long time, still .24. I'm like "It's been the same thing for years why waste time downloading?"
 

Neith

Banned
I used Ccleaner mostly to securely erase any data I needed to. I use only the 64 bit version, but the 32 version was still there. Every time I boot up it only used the 64 version.

But MB told me it was there, which I think was the 32 version, and I killed it. Or most of it.
 

Joezie

Member
wew, this is going to be a doozy.

Parental computer had the affected 32 bit version but they don't have the exe and removed the program.

I've run a RogueKiller scan, an MB scan and have searched the registry for any of the apparent infected values but 0 results so far. News sense tells me I'm not looking hard enough and that it is probably hiding but Comp sense tells me if its not showing up they probably didn't download an infected version of 5.33 to begin with and likely before the time period of infection.

The struggle is real.
 

Primus

Member
Hrm, none of the articles say whether or not the portable version was also infected. I'm going to assume it was and update our shop's utility stuff anyways (the portable version is great for a quick clean on older machines) just in case.
 

Lord Error

Insane For Sony
This kind of thing is becoming more frequent. First it happened with Transmission torrent client on Mac, then with something else, and now CCleaner. Really sucks, and there's practically nothing a user can do to prevent this as it can happen to any practically software you're using.
 
That said what is the best way to keep a Windows computer clean (outside of staying offline) and what is the most common way people are getting viruses and malware on their PCs these days?

Same way as you would on a mac, iphone, or android phone... downloading stupid random shit on the internet and clicking every attachment they get in their spam. Same as it's always been.
 
This kind of thing is becoming more frequent. First it happened with Transmission torrent client on Mac, then with something else, and now CCleaner. Really sucks, and there's practically nothing a user can do to prevent this as it can happen to any practically software you're using.

Good thing Equifax went all "security issues? hold my beer..." 2 weeks ago, or I'd be more ticked about this normally.
 

dh4niel

Member
So if I uninstall and do a malwarebytes scan I should be good?

Edit: Turns out I have v5.31 i'm uninstalling and doing a scan anyway.
 
Wow what a coincidence. It's been months since I updated and then randomly decided to run the cleaner and update to 5.34 from like 5.18. So I'm safe then right? Because I skipped 5.33?
 

Leatherface

Member
Well that sucks. I use both Avast and CCleaner. :\
I run 64bit Windows though so hopefully I haven't been compromised.

What do you all recommend as an alternative to both these programs?
 
Top Bottom