Jump to content

Emrah

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you Nergal! I'm no expert in IT.. could you please clarify for me if I'm checking those the correct way? For the .dll files GeeSetup_x86.dll (Hash: dc9b5e8aa6ec86db8af0a7aa897ca61db3e5f3d2e0942e319074db1aaccfdc83) EFACli64.dll (Hash: 128aca58be325174f0220bd7ca6030e4e206b4378796e82da460055733bb6f4f ) TSMSISrv.dll (Hash: 07fb252d2e853a9b1b32f30ede411f2efbb9f01e4a7782db5eacf3f55cf34902 ) DLL in Registry: f0d1f88c59a005312faad902528d60acbf9cd5a7b36093db8ca811f763e1292a Stage 2 Payload: dc9b5e8aa6ec86db8af0a7aa897ca61db3e5f3d2e0942e319074db1aaccfdc83 I'm opening windows explorer and doing a search on "this PC". The advanced search options I have checked is "system files" so i'm searching system files only. In the search bar do I copy and paste "GeeSetup_x86.dll" or the whole name like " GeeSetup_x86.dll (Hash: dc9b5e8aa6ec86db8af0a7aa897ca61db3e5f3d2e0942e319074db1aaccfdc83)Or just the number in brackets? For the last two "dll in registry" and "second payload" do I just copy and past the numbers into "search this pc"? I really appreciate your help! Thank you
  2. Thank you for the reply! Could you please tell me, if following the instructions from this article https://www.ghacks.net/2017/09/21/ccleaner-malware-second-payload-discovered/#comment-4229234 and I don't have any of those registry keys or dll files installed on my system that I'm 100% safe and don't need to reinstall windows as I don't even have any restore points saved.. Thanks!
  3. "Finally, it is extremely important to us to resolve the issue on customer machines. For consumers, we stand by the recommendation to upgrade CCleaner to the latest version (now 5.35, after we have revoked the signing certificate used to sign the impacted version 5.33) and use a quality antivirus product, such as Avast Antivirus. For corporate users, the decision may be different and will likely depend on corporate IT policies. At this stage, we cannot state that the corporate machines could not be compromised, even though the attack was highly targeted." Even includes a call to action to download and use avast security software... I may be wrong but this sounds like Avast did this to make more sales...
  4. What's all this about the second payload? Info: windows 10 64 bit and win 10 defender detected and quarantined the ccleaner virus. I uninstalled ccleaner with revo uninstaller. Did an advance scan and delete on all registry keys. Reinstalled ccleaner the latest version. Ran a scan with win 10 defender and malwarebyte, adware cleaner and superspyware kill (whatever its called) and nothing was detected. Am I safe from everything? Please tell me as my whole business relies on my PC and I have a lot of confidential files stored on it. Never had a problem with viruses in about 5 years... Thank you!
  5. Thank you for the reply!! So I'm 100% safe then? I have a 64 bit OS pc and i was using 64bit Ccleaner version and my windows 10 defender still detected it and quarantined it. On authority sites like Tom's hardware and bleeping computer.com etc etc they're all quoting from Piriform that we all need to re install windows to make sure we're safe and also Microsoft Support told me this over support chat (even though win 10 defender detected it on my pc).... So you're 100% confident I don't need to do anything? I hope you're right and thank you so much! Emrah
  6. Hi! I have the 64 bit version and my windows 10 defender detected this makware and quarantined it. I updated to the latest version. Can you please tell me if I still need to back up all my files and do a fresh reinstall of windows to make sure I'm 100% safe and are all my passwords and cofidential files safe? Thanks!
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.