Avast's CCleaner Free Windows Application Infected With Malware

Reader Tinfoil writes: Cisco Talos announces that malware cleaning app, CCleaner, has been infected with malware for the past month. Version 5.33 of the CCleaner app offered for download between August 15 and September 12 was modified to include the Floxif malware, according to a report published by Cisco Talos a few minutes ago. Cisco Talos believes that a threat actor might have compromised Avast's supply chain and used its digital certificate to replace the legitimate CCleaner v5.33 app on its website with one that also contained the Floxif trojan. The company said more 2.27 million had downloaded the compromised version of CCleaner.

CCleaner wasn't malware all along?

[ameline]

CCleaner wasn't malware all along?

It certainly seemed that way given how they advertised.

It seems that most anti-virus programs slow your machine down more than the malware than they purport to protect you from - and they're as damaging to your privacy too.

I'm not at all clear on what value they bring to the table.

Re:CCleaner wasn't malware all along?

[ameline]

Of course I could have easily confused them with some other anti-malware vendor when it comes to their advertising -- many of them seem to be pretty scummy - just skimming the border of drive-by installs, piggybacking on other installs (looking at *you* Adobe) etc.

Re:CCleaner wasn't malware all along?

[CaptainDork]

It's not an anti-malware program.

It's an optimizer.

Re:CCleaner wasn't malware all along?

I'm not at all clear on what value they bring to the table.

With CCleaner and similar software you get to choose the Malware you have installed in your machine, in other cases you don't choose.

Re:CCleaner wasn't malware all along?

[forkfail]

Norton should sue for patent infringement.

Re:CCleaner wasn't malware all along?

Of course I could have easily confused them with some other anti-malware vendor when it comes to their advertising -- many of them seem to be pretty scummy - just skimming the border of drive-by installs, piggybacking on other installs (looking at *you* Adobe) etc.

The notion of something like CCleaner is inherently flawed to begin with. If your system is compromised in any way, the only sane response is to wipe the disk(s), reinstall from known-good media and restore your data from a proper backup (you do keep those, right?). If anything else looks like a good idea, then either your OS has shit security or you are failing to use the security it provides.

It's not really surprising that an inherently problematic concept ("just remove it!") attracts other problems. It's called nucleation. In terms of wisdom (learning from experience - yours or others') this is really basic entry-level observation.

Windows and the consumer culture surrounding it encourages practices that are terrible from a security perspective. You can't reliably verify that a compromised machine is ever 100% trustworthy again, not without wiping and restarting. Windows actually can be locked down and made relatively secure but few users bother to do it and even in the hands of an experienced admin, this is much more straightforward on most *nixes.

Re:CCleaner wasn't malware all along?

It's not an anti-malware program.

It's an optimizer.

If they're trying to optimize Windows, oh man have they got their work cut out for them. Even with all its massive resources and full access to source code, even Microsoft couldn't do that!

Re:CCleaner wasn't malware all along?

IT'S NOT ANTIVIRUS SOFTWARE YOU STUPID TWAT. LEARN TO READ, THEN BASH.

"It certainly seemed that way given how they advertised." You're a fucking moron.

"I'm not at all clear on what value they bring to the table." You're a fucking moron.

Re:CCleaner wasn't malware all along?

IT IS NOT ANTI-MALWARE, IT IS A DUPE FILE REMOVER, CACHE FILE CLEANER, UTILITY TOOL FOR REMOVING STUBBORN UNINSTALLERS THAT BROKE, ETC.

You fucking idiots want to keep saying it's AV because you don't seem to know a god damn thing about it lol. "Oh it's a terrible security model" - On Windows? MORON.

WHINY PETULANT SLASHDOT BITCHES WHO THINK THEY'RE EXPERTS WITHOUT READING A GOD DAMN THING, LOL

Re:CCleaner wasn't malware all along?

ALSO - only the 32 bit version and cloud versions between 8-15 and 9-12 were infected. 64 bit I have verified is not infected. The trojan is detected by Spyhunter which has a trialware version until you go to remove malware.

Re:CCleaner wasn't malware all along?

It's not an anti-malware program.

It's an optimizer.

It's a desert topping.

Re:CCleaner wasn't malware all along?

How in the heck did this diatribe get mod'ed up to 5?

Re:CCleaner wasn't malware all along?

Question, you say if you have a virus to wipe the disk first. Win10 has the 'fresh install' from a USB thumbdrive option. Does that suffice enough to completely clean an infected computer?

Re:CCleaner wasn't malware all along?

No, it's a floor wax!

Re:CCleaner wasn't malware all along?

Because he is absolutely correct.

Re:CCleaner wasn't malware all along?

[thegarbz]

If your system is compromised in any way, the only sane response is to wipe the disk(s),

Wipe the disks? Are you nuts. I say we take off and nuke the entire site from orbit. It's the only way to be sure!

Re:CCleaner wasn't malware all along?

It's not an anti-malware program.

It's an optimizer.

It's a desert topping.

Which desert? The Gobi desert? The Sahara? Something else?

I'll enjoy eating this nice dessert while you pick one.

Re:CCleaner wasn't malware all along?

[Curunir_wolf]

Kind of, at least after they were bought by a nefarious corporation intent on monetizing it any way they could.

The original was a really nice application, from an independent developer tired of all the crap on his computer, including the stuff pre-loaded by the vendors. The "C" in CCleaner stands for "crap" - the original name was "Crap Cleaner."

Re:CCleaner wasn't malware all along?

[Curunir_wolf]

No, silly, it's a dessert topping AND a floor wax!

Re:CCleaner wasn't malware all along?

So it was just detected by a virus scanner? So it is very likely a false positive then.
I once scanned my computer, it found two viruses in applications, I did some research and they where just false positives.

Re: CCleaner wasn't malware all along?

[cyber-vandal]

Wouldn't it be amazing if everyone had as much free time as you?

Re:CCleaner wasn't malware all along?

It's really just an overly simplified version of autoruns and the windows cleanup util. I always cringe when I have to work on a computer that's run this because there's a good chance it's deleted something that was actually important.

Re:CCleaner wasn't malware all along?

If you don't even name which program you scanned with or what you detected, how does that help us to tell us that?

Re: CCleaner wasn't malware all along?

[sound+vision]

Their value is in the detection, they can tip you off that the user has been installing questionable things. Of course, in many environments that's beside the point, since a compromised desktop shouldn't be able to bring important things down, and it will just get reimaged at the next reboot.

Re: CCleaner wasn't malware all along?

Fuckin' A.

Re:CCleaner wasn't malware all along?

Thank you! At least I know someone out there still gets that great old SNL skit from Season One. YouTube audio only: https://www.youtube.com/watch?v=wPO8PqHGWFU

Video from NBC.com (now with extra trackers!) http://www.nbc.com/saturday-night-live/video/shimmer-floor-wax/n8625?snl=1

Re:CCleaner wasn't malware all along?

I know, right? It's not anti-virus, anti-malware, anti-ransomware or any other anti-whatever. It's a system optimizer called CCLEANER (crap cleaner).

Re:CCleaner wasn't malware all along?

Would a mod please ban this fake fucking spam account? This guy is completely full of shit and has no idea what the product is.

Re:CCleaner wasn't malware all along?

I love what you just said... that's how I feel inside sometimes when I read some of the comments posted. Keep up the posts. ;-) you made my day. DrewJackson dba Clint Eastwood.

" IT IS NOT ANTI-MALWARE, IT IS A DUPE FILE REMOVER, CACHE FILE CLEANER, UTILITY TOOL FOR REMOVING STUBBORN UNINSTALLERS THAT BROKE, ETC. You fucking idiots want to keep saying it's AV because you don't seem to know a god damn thing about it lol. "Oh it's a terrible security model" - On Windows? MORON. WHINY PETULANT SLASHDOT BITCHES WHO THINK THEY'RE EXPERTS WITHOUT READING A GOD DAMN THING, LOL"

Re:CCleaner wasn't malware all along?

[arglebargle_xiv]

I once scanned my computer and found nearly a dozen viruses, which panicked me for awhile. It was OK though, managed to rewrite them a bit so a later scan found zero again.

Re: CCleaner wasn't malware all along?

Wouldn't it be amazing if you didn't form a COMPLETE HORSESHIT NO BASIS OPINION without at least so much as READING ABOUT IT AT ALL? Time is limited, so stfu until you have some.

Re: CCleaner wasn't malware all along?

You never watched the movie, Aliens?

Re:CCleaner wasn't malware all along?

[Quirkz]

At least valid antivirus software doesn't flood your screen with popups.

Er, I mean, it doesn't nag you to do things you don't want to do.

Well, it doesn't fill your hard drive full of gigabytes of junk.

That is, at least it doesn't mess with your internet connection and cause inexplicable outages.

You know what? I give up.

Re:CCleaner wasn't malware all along?

Because he is absolutely correct.

You are ab-so-f-ing-lutely correct.

Re: CCleaner wasn't malware all along?

No, because you would end up with Windows 10 again. You need to use known-clean installation media like Linux.

Re:CCleaner wasn't malware all along?

[cbiltcliffe]

Strangely enough, I've run CCleaner for years, on probably hundreds of different systems, and never had it break something by deleting something it shouldn't.
Most system cleaners/optimizers are crap, but CCleaner is one of the only ones that I actually trust(ed).

Re:CCleaner wasn't malware all along?

[cbiltcliffe]

I suspect you're mixing it up with PC Decrapifier. That's the one to remove all the preinstalled crap from major OEM vendors.

Re:CCleaner wasn't malware all along?

There's one individual working in a different department from me who likes to run CCleaner on everything he can get his hands on. A while back, he broke several production machines with it, but because of his political clout in the organization, was able shift the blame to the dev team (for apparently failing to program/test against an arbitrary third-party utility we had no advance notice would be run).

Fun times.

Re:CCleaner wasn't malware all along?

[CaptainDork]

Been using it since Moby Dick was minnow. Never had a problem at home, on other home computers, and a gazillion work computers.

Re:CCleaner wasn't malware all along?

[AllyGreen]

(S)He's not, I've used ccleaner for a long time now, probably coming up on a decade. I think they dropped the name crap cleaner around 2010. It's still decent and useful software just with a terrible marketing strategy. Never seen the need to even look at anything more than their free version though.

Re: CCleaner wasn't malware all along?

[cyber-vandal]

Completely reinstalling Windows, all the updates and all the software you might be using is a time-consuming process and most people want to do something else with that time.

Re:CCleaner wasn't malware all along?

[geekmux]

It's not an anti-malware program.

It's an optimizer.

Ironically, anti-malware serves the same goal, unless you don't consider an uninfected system as optimally configured...

Re:CCleaner wasn't malware all along?

[CaptainDork]

No.

Anti-malware guards against, well, malware.

ccleaner does not guard ... if deletes shit like cookies, browsing history, and (optionally) registry entries.

You can download the latest version of ccleaner and test drive it instead of guessing what it does.

.. And the malware is

[scsirob]

... AVAST AntiVirus! Who would have guessed that a great tool like CCleaner would be messed up by Avast in no time at all.

Never had a problem until

[p51d007]

Avast bought it. Always was a quick easy way to dump the garbage off your computer instead of 2-3 or more programs to do the same thing.

Re:Never had a problem until

I felt the same way when I heard about Avast acquiring CCleaner. I refused to upgrade until I could find some reviews that said Avast hadn't ruined it with bloat like their anti-virus, and damn I'm glad I waited.

Re:Never had a problem until

[Pyrion]

Same. I'm still running 5.28. I expected shenanigans with the new versions, but not to this level.

Why payload is so gimped?

[sinij]

From the linked article: "The malware collected information such as computer name, a list of installed software, a list of running processes, MAC addresses for the first three network interfaces, and unique IDs to identify each computer in part. Researchers noted that the malware only ran on 32-bit systems."

Someone capable of poisoning signed downloads (high complexity) should be able to select functional payload (low complexity). I don't see any alternative explanation to "ran on 32-bit systems" limitation other than incompetence. This doesn't add up.

Re:Why payload is so gimped?

It was probably a feeler to see how far it would get without raising alarms about crypto-ransomware or bitcoin mining.

Re:Why payload is so gimped?

- 32 bit systems affected so the impact has been reduced if you are running a newer 64 bit OS version (last 4 years)
- Should we also be concerned about other Piriform products?

Re: Why payload is so gimped?

That is a very scummy way to do market research. Though the customers of said research are probably fine with that.

Re:Why payload is so gimped?

[zlives]

because this advertising tool by design not a hacked piece of software. they are just trying to do what windows 10 does.

Re:Why payload is so gimped?

Going back to vista 64 and server 2008 the driver model is the same for the client and the server OS. As such there's no way to disable driver signing for the 64bit version. Ironically both problems are related to certificates, but it's possible they found a problem with the cert configuration for ccleaner but couldn't figure out how to sign a driver.

Re:Why payload is so gimped?

[mea2214]

From the linked article: "The malware collected information such as computer name, a list of installed software, a list of running processes, MAC addresses for the first three network interfaces, and unique IDs to identify each computer in part. Researchers noted that the malware only ran on 32-bit systems." .

This sounds exactly what Windows 10 telemetry does.

Missing Malware Info

Floxif is a malware downloader that gathers information about infected systems and sends it back to its C&C server. The malware also had the ability to download and run other binaries, but at the time of writing, there is no evidence that Floxif downloaded additional second-stage payloads on infected hosts.

The malware collected information such as computer name, a list of installed software, a list of running processes, MAC addresses for the first three network interfaces, and unique IDs to identify each computer in part. Researchers noted that the malware only ran on 32-bit systems. The malware also quit execution if the user was not using an administrator account.

Re:Missing Malware Info

[TWX]

It's almost like it was meant to inspect corporate or government computers where lazy IT admins might not have migrated 64-bit-capable workstations to 64-bit OSes because they've been maintaining a 32-bit OS/image for years, and to then allow that information to be inspected to determine which computers to attempt to infect with other payloads.

Re:Missing Malware Info

You don't burn such opportunity on half-cooked scouting attempts.

Anyone know if the malware is detectable / fixable

As a regular and longtime user/installer of CCleaner, including version 5.33, it's possible that I may be infected. I've not seen any symptoms nor has Malware Bytes/Comodo detected anything, but....

Can any of the current tools check if any of my PCs are/may be infected?

These applications still exist?

[cdreimer]

The only applications that I use is Microsoft Defender and Malware Bytes. All the third-party applications for keeping WinXP running weren't needed in Vista/7/8/10.

Re:These applications still exist?

FFS, creimer, please go watch this video and take its advice to heart.

https://www.youtube.com/watch?...

"The only applications I use ARE Microsoft Defender and Malware Bytes."

For a "published" "writer", you sure do have problems constructing grammatically correct English sentences.

Re:These applications still exist?

[cdreimer]

For a "published" "writer", you sure do have problems constructing grammatically correct English sentences.

If I wrote perfect sentences, you would have nothing to bitch about on Slashdot.

Re:These applications still exist?

The only applications that I use is Microsoft Defender and Malware Bytes. All the third-party applications for keeping WinXP running weren't needed in Vista/7/8/10.

cdreimer, that sounds like a really boring PC. At least install Excel so you can have some fun typing in numbers and making up formulas.
Not as exciting as cat videos, I know, but something. There'e only so long I can watch Microsoft Defender before the magic starts to wear off.

Re:These applications still exist?

No, the content of your sentences would still be unutterable shit, but at least they would be grammatically correct unutterable shit.

If you're going to shitpost, at least make it *difficult* to criticize your shitposts, you dumbfuck.

Re:These applications still exist?

Oh yes, I see, you are providing a valuable service to Slashdot. Furthermore, you are the only one providing anything to bitch about.

Creimer, it's amazing that no woman has just snapped you up. Between your muscular physique, your efficient metabolism that can somehow get bigger than 360 pounds on 1500 calories a day, and your humble personality, I'd marry you myself.

BTW, it *was* 1500 calories a *day*, not every meal, right?

You are not only supremely intelligent, cultured, refined and knowledgeable, but your biology is the next level of human evolution. Clearly your cells have mastered hydrogen fusion reactions.

Re:These applications still exist?

[cdreimer]

There'e only so long I can watch Microsoft Defender before the magic starts to wear off.

Microsoft Defender on my PCs kick off at 3:00AM in the morning. If you're having trouble sleeping that late at night, I suggest taking Nyquil.

Re:These applications still exist?

Microsoft Defender on my PCs

And of course, YOUR schedule must be the universal schedule.

at 3:00AM in the morning.

As opposed to 3:00AM in the afternoon? Or 3:00AM in the evening? Like your many rolls of fat, your language is redundant.

If you're having trouble sleeping that late at night, I suggest taking Nyquil.

What, just because he's not sleeping YOUR way, he's doing it wrong? Creimer you're such a wanker troll. Also, you're trying to kill him by giving him bad medical advice, which makes you a DOUBLE wanker troll, and fourteen years old to boot, probably with a ladyboy girlfriend!

Re:These applications still exist?

Look no further than the Repulsive One's bio:

C.D. Reimer writes about the everyday reality that he finds weird, twisted and absurd for which most people accept as being perfectly normal. He lives and works in Silicon Valley, consoling hurt computers and fixing broken users.

A real howler! (I'll just ignore the humor in the "and works" part.) I also quite enjoyed his "longer than he is taller" in the repugnant and vile:

https://www.scribd.com/book/193804069/A-Misplaced-Stick-Short-Story

You can get a sense that the fat fraud doesn't give a fuck about the foul and abominable feces he retches up on the world:

"a tree possessed by something more angrier than a disturbed beehive"

Apparently this was because his uncle tried to copulate with a knothole with a beehive in it. This guy's family would make inbreds shake their heads.

Re:These applications still exist?

Another bitter literary critic who failed to find publishing success.

Re:These applications still exist?

You two should get a room.

Re:These applications still exist?

[cdreimer]

And of course, YOUR schedule must be the universal schedule.

IIRC, Microsoft Defender runs as an automatic task at 3:00AM. Since that's default setting, I haven't changed it.

Re:These applications still exist?

[cdreimer]

https://www.scribd.com/book/193804069/A-Misplaced-Stick-Short-Story

Scribd is still having issues with my ebooks. I have notified Smashwords to push out my catalog again. Thanks for bringing this to my attention.

Re:These applications still exist?

I love the cover image for "The Giggling Mongoose: Scarlet Hearts" -- the cover image reads, "The Giggling Mongoose: Scartlet Hearts" - he can't even fucking spell the titles of his books properly... do you really expect him to put any effort into the actual CONTENT?

Re:These applications still exist?

[cdreimer]

I love the cover image for "The Giggling Mongoose: Scarlet Hearts" -- the cover image reads, "The Giggling Mongoose: Scartlet Hearts" - he can't even fucking spell the titles of his books properly... do you really expect him to put any effort into the actual CONTENT?

If only Photoshop had a spellchecker! Thanks for pointing that out. I'll have it fix tonight. The downside of being an indie author is that you're one-person publishing house and mistakes happen all the time.

Re:These applications still exist?

[cdreimer]

You two should get a room.

I doubt I could put up with the constant wanking. I find such lack of self-control disturbing.

Re:These applications still exist?

I'll have it fix tonight.

Do the universe a favor and have yourself fixed. (Although you already seem to be using your personality as a contraceptive.)

You aren't writing "A Brief History of Time" here, feces-breath, you're writing stuff that wouldn't even pass in a high school English class. You just needed to copy-paste your vile ASCII vomit into Photoshop (a paid copy, one assumes?). Better yet, given your immense programming skill, why not just use a database of the titles of all your UNESCO heritage works and title your silly eructations automatically?

https://en.wikipedia.org/wiki/ImageMagick

You bed-wetting fungus.

Re: These applications still exist?

Thank you for taking the time to call out Creimer. Everytime I see one of his posts I want to take the time to call him out but then say whatever. Keep it up guys; soon we will have a Creimer free slashdot. Then we can all go back to ripping on APK. Our favorite past time.

I consider what the trolls are doing a service. Creimer has been polluting threads for too long. It's a good thing we stopped the affiliate link nonsense. That was absurd that it went on that long.

Re: These applications still exist?

I doubt that you could fit in that room. Shiiiieeeeeeet(clay Davis voice) I doubt you could even find your dick hiding in all those fat rolls.

Re: These applications still exist?

you sound bitter, sweet tits

Re: These applications still exist?

[cdreimer]

It's a good thing we stopped the affiliate link nonsense.

That's funny. I counted 50+ affiliate tags being used by ACs over the last few months. Most never got called out because they're ACs. Sounds like a double standard to me.

Re: These applications still exist?

Tell me which page you find the first instance of an amzn.to affiliate link that isn't you: https://www.google.com/search?...

Re: These applications still exist?

Tell me which page you find the first instance of an amzn.to affiliate link that isn't you:

https://www.google.com/search?...

Still fixated with creimer. Change your search criteria to amazon.com to find the other tags. Considering how often Amazon is mentioned on Slashdot, you might to write a Python script to scrape the results.

Re: These applications still exist?

Changing search criteria to amazon.com returns all results about Amazon.com stories on slashdot. So what page of the results is another person's amazon affiliate link? Just tell me.

Re: These applications still exist?

Changing search criteria to amazon.com returns all results about Amazon.com stories on slashdot. So what page of the results is another person's amazon affiliate link? Just tell me.

Nope. Go write a Python script, pull in all the search results, find every Amazon url, search for every '&tag=' and print out a list of tags. How hard can it be?

Re: These applications still exist?

Why would I do that? Google seems to think that cdreimer/creimer are the only accounts that do this on Slashdot. He claimed he has seen other people do it all the time (50+ times over last few months from just what he has seen himself). I think he's a liar. I am not saying people never use them, but he is by FAR the the most frequent user. Enough so that other people's posts don't show up in the first 20 pages of google search results.

Re: These applications still exist?

Enough so that other people's posts don't show up in the first 20 pages of google search results.

You're looking for amzn.com, which creimer used extensively as a calling card. If you want to find all the ACs using affiliate links, you need to filter the out the tag-specific amazon.com URLs from the noise. How else do you think the ACs are getting away with it?

Since Slashdot web page loads the OneLink JavaScript, which only works with the full URL and not the URL shortener, expect more Amazon links to pop up.

Re:These applications still exist?

If only Photoshop had a spellchecker!

Yeah, if only.

It's a good thing mammals have an automatic breathing reflex, one wonders how you'd manage otherwise.

Re: These applications still exist?

" you might to write a Python script"

creimer-like grammar detected. Come on, Chris, if you're going to impersonate ACs, try to put some effort into it.

Re:These applications still exist?

"I doubt I could put up with the constant wanking."

Hilarious from a guy who hasn't had an erection since the first Clinton administration. Or much use for one.

"I find such lack of self-control disturbing."

Speaking of self control, how many times a day do you post here?

Re:These applications still exist?

You don't need to be a three-star Michelin chef to criticize the food in a restaurant. And you've been serving under-seasoned shite for years.

Re: These applications still exist?

[ILoveFatCashews]

" you might to write a Python script"

creimer-like grammar detected. Come on, Chris, if you're going to impersonate ACs, try to put some effort into it.

Do you want some spam-flavored macadamia nuts with your whine?

Re: These applications still exist?

" you might to write a Python script"

creimer-like grammar detected. Come on, Chris, if you're going to impersonate ACs, try to put some effort into it.

You seriously need to stop assuming that every AC is creimer. This fixation is unhealthy.

Re: These applications still exist?

That's funny, I counted 10 of your siblings in this video:
https://www.youtube.com/watch?...

Why does everybody now knows they are your siblings? Easy proof:
https://school.discoveryeducat...

Re:These applications still exist?

As other posters have mentioned, Photoshop does indeed have a spellchecker. But, hey, don't worry about it, I asked your siblings and they didn't know about it either:
https://www.youtube.com/watch?...

Here is some of what those other posters might have been thinking about:
https://school.discoveryeducat...

Re:These applications still exist?

Don't change your default behavior either:
https://www.youtube.com/watch?...

https://school.discoveryeducat...

Re:These applications still exist?

Information about pachyderms, Christopher Dale Reimer and autistic people:

Autistic people have obsessions about things normal people don't care. For example, one of our autistic patient went haywire when he realized that there was a penny missing in his pocket change.

To calm him down, one of our educator pretended to have found it on the floor and gave a penny to him.

The autistic patient condition went even worse because he realized it wasn't the same penny!

Chris has an obsession with budgeting every penny. He doesn't understand that most people do not budget to the penny and have a flexible amount they allow for miscellaneous items.

I am Nancy Guerrero and I am Director of Special Education for the Santa Clara County Office of Education. We use Chris' (a.k.a. creimer,cdreimer) picture in our document because he is the hardest case we have ever had to handle:
http://www.sccoe.org/depts/stu...

Our artists were inspired by the low carb diet that Christopher follows scrupulously for the small lunch box and by the picture linked below for the rest. I am sure that you will notice the similarities such as the bump on the side of his chest and more:
https://www.cdreimer.com/slash...

Please be easy on Christopher although, I am aware that some of our staff handling Chris post joke comments here and obvoiusly, the Santa Clara County Office of Education disapprove that behavior vehemently:
https://school.discoveryeducat...

But it isn't Chris' fault if he is the way he is. We do the best we can do with him and he is partially integrated into society. We try to cure his abnormal need for attention but he is kind of stubborn and won't listen to anybody.

Thank You dear users,
-Nancy Guerrero

Re: These applications still exist?

Only ACs that display creimer's typical shibboleths. He's not clever enough to disguise himself properly.

Re: These applications still exist?

Dear Mr. Reimer:

Section 5 of the Amazon.com Associates program Operating Agreement (excerpted below) clearly spells out the need for you to identify yourself as an Amazon Associate on your Site, or any other location where Amazon may authorize your display or other use of Content.

You must clearly state the following on your Site or any other location where Amazon may authorize your display or other use of Content: “We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.” Except for this disclosure, you will not make any public communication with respect to this Agreement or your participation in the Associates Program. You will not misrepresent or embellish our relationship with you (including by expressing or implying that we support, sponsor, or endorse you), or express or imply any affiliation between us and you or any other person or entity except as expressly permitted by this Agreement.

It has come to our attention that you have failed to comply with this requirement repeatedly in your activities on Slashdot.org, and in doing so, you are adversely impacting the brand image and intellectual property of Amazon.com. Please desist in all non-compliant use of Amazon Associate links, or we will be forced to take adverse action against your account.

Thank you,
John Smith
Customer Relations - Amazon Associates

"Malware cleaning app"

[Mr.Intel]

Cisco Talos announces that malware cleaning app...

Except it wasn't a malware cleaning app. Just a cleaning app. Maybe it happened to clean malware that got caught in the recycle bin, but that's about the extent of it. Of course, it ended up being a malware-infected cleaning app. Maybe that's what the OP meant??

Re:"Malware cleaning app"

Cisco Talos announces that malware cleaning app...

Except it wasn't a malware cleaning app. Just a cleaning app. Maybe it happened to clean malware that got caught in the recycle bin, but that's about the extent of it. Of course, it ended up being a malware-infected cleaning app. Maybe that's what the OP meant??

I believe the word "malware" in the sentence was meant to be used as an adjective (which is a bad and ambiguous way of use). So malware (adjective) cleaning (modifier) app (noun) would mean a cleaning app which becomes a malware itself. But as you said, malware-infected would give a much more clear meaning than attempting to use malware alone as an adjective.

"Sorry we infected your PC"

Shit happens. Don't sue us, mkay?

Re:Anyone know if the malware is detectable / fixa

[TWX]

Sure. CCleaner version 5.34. Available from downloads.ru today!

Can it clean it's own malware though?

[JoeyRox]

That would be a cool trick - identifying itself as malware and then deleting it.

Re:Can it clean it's own malware though?

[JoeyRox]

correction: "its own malware".

Re:Can it clean it's own malware though?

It was never a malware cleaning program. Someone needs to be hit over the head, whoever wrote the original submission and whoever didn't bother to check facts before posting.

Re:Can it clean it's own malware though?

[khandom08]

.... whoever wrote the original submission and whoever didn't bother to check facts before posting.

You must be new here.

Re:Can it clean it's own malware though?

As others note, it's not a malware cleaner, though it can be helpful when used with care in cleaning up after a malware attack, or in reducing attack surfaces. However, the cobbler's kid syndrome strikes here: Avast is fundamentally an AV company, and in most respects not an extremely evil one; so their AV couldn't catch the malware in the software they released?

Damn ...

[CaptainDork]

... First, Web of Trust and now this.

Re:Damn ...

[antdude]

And others we don't know about. :( "Trust no one." --The X-Files

What of version 534?

is it infected too?

Only LUDDITES use CCleaner

Those of us "in the know" only trust APKs hosts file generator to stay protected from malware.

Cruz/Palin 2020

Re:Only LUDDITES use CCleaner

Those of us "in the know" only trust APKs hosts file generator to stay protected from malware.

Cruz/Palin 2020

A hosts file is a single blacklist. A problem with blacklisting is that you have to implicitly trust the creator of the blacklist (unless you're going to tell me you personally verified each individual entry in it?). You have to trust that they didn't miss anything that should have been included in the blacklist, which is hard to confirm. You also have to trust that their reasons for adding an entry are what they claim (remember the politically motivated entries in censorship software like NetNanny?). That's also hard to confirm.

In that particular case you have to decide for yourself whether APK seems like a calm, sane, reasonable, logical person to trust something as important as your security to. It's not like he's offering to write you a check paying for all the costs of any malware that does get through so yes this comes down to trust, and all you have to go on are his Slashdot posts.

The other problem with blacklists is they are always having to play catch-up. Malware sources are dynamic and change constantly. Any blacklist will always be behind this curve, even the best of them. As mentioned, it's a *single* blacklist. Good security is done in layers. That's one thing security experts all agree on. I wouldn't use any solution in isolation no matter how good it is. To insist otherwise is more like religious fervor, not based on research or real world experience.

Re: Only LUDDITES use CCleaner

Penelope's a good choice but i don't think Michael is eligible.

Re:Only LUDDITES use CCleaner

is this not true of virus scanners as well? they're always playing catchup, and you must trust that they didn't miss anything that should have been included, or trust that they don't pwn your machine on purpose.

Re:Only LUDDITES use CCleaner

is this not true of virus scanners as well? they're always playing catchup, and you must trust that they didn't miss anything that should have been included, or trust that they don't pwn your machine on purpose.

Yes, which is why my systems use things like PaX/Grsecurity, SELinux, ACLs, capabilities, and userland is compiled with SSP canaries.

I'd rather prevent an intrusion than trust some virus scanner to perfectly remove one after the fact. It helps that I don't use Windows.

The Other Possibility

The other possibility is that Avast is actually just another Malware company. When you consider how bloated it has gotten and how many resources it consumes, I don't think it is that far-fetched.

Longer discussion on the topic

https://news.ycombinator.com/i...

Where's the MD5/SHA1 for the infected files?

[nctritech]

They tell everyone of the infection but don't provide hashes for the infected files and installers. Class act right there. Just get 5.34 which is totally okay, we promise.

Re:Where's the MD5/SHA1 for the infected files?

They tell everyone of the infection but don't provide hashes for the infected files and installers. Class act right there. Just get 5.34 which is totally okay, we promise.

VirusTotal is a good place for this.

Newer is not better

Time to download CCleaner version 5.32, the last Piriform version of CCleaner, before Avast bought it.

Putting this in my permanent archive. Will never upgrade from this version.

http://filehippo.com/download_ccleaner/download/45657838f7d7df4140118c21888ca61d/

I always thought CCleaner was malware anyway?

[angel'o'sphere]

As i said: I always thought CCleaner was malware anyway?

Re:I always thought CCleaner was malware anyway?

Morons tend to be filled with vague, pointless and dumb thoughts, thanks for noticing that about yourself.

Floxif trojan

What software detects it?

Windows Defender? Malwarebytes?

Re:Anyone know if the malware is detectable / fixa

Spyhunter is trialware until you try to remove it.

Yes w/ 3 tools you have or can get... apk

See subject: It's easy using startup area enumerators like AutoRuns 1st & ProcessExplorer (addtionally exposes libs called beneath services etc. in usermode which you rightclick on (use DLL View panel/subpanel) & 'freeze' (HLT instruction stream intercept) & delete it on disk - kill process, can't return).

Lastly vs. rootkits?

Windows bootup disks (CD/DVD whatever) have disable command vs. driver driven rootkits, & FDisk vs. bootsector originated ones...

APK

P.S.=> As to that last part? I use what the inventor of those 2 tools above all "The best Windows, ever" & he was right - it let's me do all that, no bullshit, easy - it works... apk

Re: Yes w/ 3 tools you have or can get... apk

I thought the proper fix involved modifying a hosts file?

ma83

A sad worlD. At

I thought it's very appropriate ATM...

PC: Greetings, Professor:
Professor: Hi.
PC: Strange this Windows OS. The only winning move is not to use it. How about a nice Linux distribution?

Will it be published on IOS?

[Leninix]

With other treat about IOS removing antivirus from IOS store, I wonder if it will published on IOS. Doubleplus Good.

Blocking many incoming potential threats?

See subject: Hosts are good for that & also threats you have inside already that try communicate back to C&C (if they use hostnames, most do) but the QUESTION WAS HOW TO DETECT & REMOVE EXISTING ALREADY INTERNAL/INSIDE THREATS - the tools I noted do it.

* I "get it" you're just another UNIDENTIFIABLE "ne'er-do-well" troll STOOGE, but that's not MY fault - it's yours...

(... & @ least I did something about these threats, how about YOU?)

APK

P.S.=> Period... apk

That's

[cyber-vandal]

A vast issue for them

Re:That's

[TheDarkener]

Ba-zing!

How does APK find time with all that moose dick

How do you find time to post to slash dot when you are busy sucking so much moose dick?

It is because you are taking in the ass right now by one instead.

You are worse than cdreimer.

He is at least entertaining, you are just sad.

Well duh

[slashmydots]

First of all, I'm fairly certain it's made by Piriform, not Avast. Second, it absolutely, unequivocally makes your computer slower with its default options. I mean deleting thumbnail cache? That's idiotic! So in that sense it absolutely is malware and always has been. But hopefully they get absolutely destroyed in court and get jail time so they shut down. I cannot stand their products.

Re:Well duh

[slashmydots]

I checked. Avast bought Piriform like 2 months ago.

Re:Well duh

[sinij]

I mean deleting thumbnail cache? That's idiotic!

Not if you frequently view, obviously for research purposes, pornographic materials that normally reside on an encrypted drive.

Re:Well duh

I've fixed Explorer before from barfing due to corrupted thumbnail caches. Also, if someone does a lot of image work or browsing, they can take up a few gigabytes worth of space after a while, because the thumbnails don't appear to expire. Any default options are going to be a matter of opinion - fortunately CCleaner usually defaults to "safe" ones that have little potential for lasting damage besides one-time delays at boot and file listing.

Re:Well duh

[TheDarkener]

What about stale thumbnail cache? Have you never seen the wrong thumbnails displayed in a file browser window for an image? Additionally, you say that in the sense it deletes thumbnail cache it's "absolutely malware and always has been"? I don't get it.

What program(s) do you use to do what CCleaner does?

I offer what YOU have total control of... apk

See subject: IF something in hosts files offends you (or blocks access to), you can easiily edit out what you don't like using text editors...

* I wish you didn't HAVE to update it - I wouldn't have built APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ otherwise - so you DO stay current vs. the most current threats on the internet landscape.

APK

P.S.=> That is the TRUE BEAUTY of it, personal control (as well as kernelmode efficiency & speed in something that's proven for 44++ yrs. in hosts as part of the IP stack itself)... apk

STFU "BullshitWinkle" (lol)... apk

See subject: YOU have to start a new FAKE NAME ACCOUNT (for your FAKE LIFE) named "BullShitWinkle", lol - you project it so much so I figured I'd give you a new name!

* RoTfLmAo...

APK

P.S.=> Rocky & Bullwinkle got NOTHING on you - you keep "going off" on mooses, I figure you are revisting some "childhood trauma" over some incident w/ a moose, hence BullWinkle, lol... apk

APK offers moose dick

APK offers moose dick

And bullshit

"BullShitWinkle"! It's YOU, lol... apk

See subject & my thoughts on what YOU need to do (lmao) https://it.slashdot.org/comments.pl?sid=11129871&cid=55221247/

APK

P.S.=> You keep projecting your issues w/ mooses, & Bullwinkle's a moose so, there ya go (lol)... apk

APK is rolling around in moose dick laughing

APK is rolling around in moose dick on the floor laughing while his ass gets filled

APK has real problems but just loves the moose dick too much to ever give it up even with all the trauma to internal organs it has cause him

Re:APK is rolling around in moose dick laughing

https://en.wikipedia.org/wiki/...

I guess it's a good thing

that I don't update my software.

Does one need this trash?

[OneHundredAndTen]

I installed CC Cleaner in my phone a couple of years ago. It couldn't do anything beyond what one can already do with the tools shipped with Android. And, as a bonus, it would interrupt you whenever it saw fit, and it used lots of CPU and battery to boot. This things has been nothing but malware from day one.

Re:Does one need this trash?

[TheDarkener]

"CC Cleaner" sounds like an imitating (malware-ridden) app.

"CCleaner" is the app TFA is discussing.

Superficial and inacurate

[XSportSeeker]

This post is sorely lacking tons of information and the few that are in it are wrong.
CCleaner is NOT a malware cleaning app. It's a registry and regular file cleaner software.
Furthermore, let's dig into the case:

- This ONLY affects the 32-bit version of CCleaner and CCleaner Cloud, which accounts for some 3% of Piriform users. If you are using 64-bit version, you are probably safe. From Piriform’s website: “This compromise only affected customers with the 32-bit version of the v5.33.6162 of CCleaner and the v1.07.3191 of CCleaner Cloud. No other Piriform or CCleaner products were affected.”;

- From Piriform’s accessment, here’s the actual danger: “The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3rd party computer server in the USA. We have no indications that any other data has been sent to the server. Working with US law enforcement, we caused this server to be shut down on the 15th of September before any known harm was done.”

- The investigation is still ongoing, but Piriform is saying that the issue has been solved, that no harm was done, and what seems like it didn’t originate from official CCleaner/Piriform sources. Which is to say, it could be embedded code that was inserted on 3rd party download websites. There is further explanation on Talos' post how it was a sofisticated attack because whoever did it managed to put up a valid cert on the infected version of Ccleaner though, so there should be more information coming out as the investigation proceeds.

If you wanna dig more into the whole thing, here's Piriform's official statement:
https://www.piriform.com/news/...

And here's Talos security accessment of the case:
http://blog.talosintelligence....

Re:Superficial and inacurate

...now I'm worried about Chocolatey's repository for the ccleaner package

APK's thoughts are always on moose dick

APK's thoughts are always on moose dick

He is always trying to figure out how to get more of it

He did try getting 2 in his ass once but he was hospitalized for a couple of weeks

slash dot was a nicer place for those few short weeks

Re:APK's thoughts are always on moose dick

You're the one with the moose fetish bullwinkle.

One more reason

[TheDarkener]

I am looking forward to my exit in supporting other people's Windows boxen. I cannot *wait* until I can say, with a big fat grin on my face, "Sorry, I don't do Windows support anymore", or better yet, "Sorry, I've literally *never* used Windows 11" (or whatever stupid Windows name they call it by then).

I'm getting goosebumps just thinking about it. Oh, happy days await me. =}

Re:Anyone know if the malware is detectable / fixa

The real question is why are you running 32-bit software in this day and age?

Because that's the only version what was affected. ie. the 64-bit version is apparently OK.

Re:Anyone know if the malware is detectable / fixa

[Mr.+Shotgun]

There is a more technical breakdown of the malware from the folks at Talos that discovered it. According to them ClamAV has a signature to detect the altered installers. Also it looks like Malwarebytes has the signature too so if that is what you are using get the updated signature files and run a scan.

Otherwise look for outbound traffic attempting to go to 216.126.225.148, that is the hardcoded C2 server the malware uses.

Coincidence?

[n329619]

The version before Avast bought it was version 5.32 on July 2017. Here we see version 5.33 with the Floxif malware after August 2017.

Coincidence? I think not.

Wow I can still tell this is cremier

Because a normal person wouldn't AC-respond to any comment buried 20 layers deep inside of a reimer spergfest to tell a rando that their behavior is "unhealthy"
I notice that some unpopular internet posters have the same reaction to their detractors that the general population has to them.

So reimer feels that it's normal to tell someone their internet behavior is "unhealthy" when you don't like what they're doing. But reimer's behavior is extremely unhealthy.. getting made fun of online is not good for one's mental health and making yourself into number one lolcow on the birthplace of the GNAA is extremely stupid.

Have you considered what would happen to you if someone like weev noticed you?

Right and has some great features...

I mean I don't normally use windows (Linux for home for since the turn of century) but when I do always installed this to clean registry. I was never sure why microsoft didn't just add a cleaner but hey!