Jump to content

Recommended Posts

This forum has advised people to use CCleaner as part of a protocol to solve problems with Kaspersky which is why I am post this here.

 

According to this article in Forbes:

 

https://www.forbes.com/sites/thomasbrewster/2017/09/18/ccleaner-cybersecurity-app-infected-with-backdoor/#6f46f57b316a

 

the CCleaner servers were hacked and a modified version with a backdoor installed was distributed. Users of CCleaner are advised to update to the latest version immediately.

Share this post


Link to post

Kaspersky already detects by KSN at least one of the infected variants:

Quote

18.09.2017 20.37.33;Detected object (file) deleted;D:\harlan4096\Descargas\CCleaner_5.33.6162\ccsetup533.exe;D:\harlan4096\Descargas\CCleaner_5.33.6162\ccsetup533.exe;UDS:DangerousObject.Multi.Generic;09/18/2017 20:37:33

 

Share this post


Link to post

harlan4096,

Thanks that's good to know. Due to the Kaspersky Security Network Statment - Sections B. "RECEIVED INFORMATION" and C. "USE OF THE PROCESSED DATA" I do not have KSN activated on this particular machine. My test was by undertaking a manual scan of the installer as well as unpacking the installer and manually scanning the known bad CCleaner.exe itself.

Good advert for KSN though.

 

- - - - - - - - - - - - - - - -
//Edit: Quote: "This forum has advised people to use CCleaner as part of a protocol to solve problems with Kaspersky which is why I am post this here.''

Thanks for the heads up. This topic is amicably closed as resolved. 

Edited by richbuff

Share this post


Link to post

Hi,

I'm one of the lucky few who had the infected CCleaner version 5.33.6162. I've updated CCleaner, and then uninstalled it. Kaspersky do not find anything on my system, but should that calm me? It did raise the alarm on thursday and reverted some settings in Windows. I read a newspaper article today that said one should reinstall Windows however.

This is a little used computer. I only use it for some streaming of ships AIS data. It is however connected via Dropbox and TeamViewer to two other computers also running Kaspersky. Nothing have been found on those computers either.

Should I do any further steps, or can I assume the computers are safe to use?

Thanks

 

Edited by Hoggorm

Share this post


Link to post

Per many articles, if you were infected, restore from a backup or reimage your machine. They honestly have no idea how deep this is going and are finding out more information every couple of days. Do not base your decision off Piriform, be safe and reimage.

 

//Edit: Merged, and still amicably closed as resolved.

Edited by richbuff
Merged.

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.