Pamperlang

FWIW this auto-update debacle is now being reported on by HowToGeek as well ... https://www.howtogeek.com/fyi/ccleaner-is-silently-updating-users-who-turned-off-automatic-updates/ Also, the fact that yet another release had to be pulled really underscores the very reason why we do not want to be auto-updated against our wishes!

I wonder if users will be silently auto-updated to 5.47 now too (even if they have updates disabled)? The forced update to 5.46 quietly re-enabled the sending of usage data (even if it was disabled before) so not being able to disable it in 5.47 is a real slap in the face. I'm inclined to think it's a glitch too (otherwise why even provide these options in the GUI) but boy, these mistakes are pretty embarrassing to say the least.

There is a news article about this issue up at BleepingComputer now ... https://www.bleepingcomputer.com/news/software/ccleaner-disregarding-settings-and-forcing-update-to-546/ It includes a YouTube video showing how to reproduce the problem.

Yeah it's definitely not just "some users", at the very least it's "most users" but I'm pretty sure it's basically everyone not on the latest version (as you stated).

Agreed. The whole thing feels "back-door"-ish ... there is literally zero notification that it got updated so initially thought it was malicious. Ugh! When I did my test yesterday, after installing the free version of 5.43 and opening it up for the first time I was greeted with the usual "there's a newer version, do you want to download it" dialogue which I declined. I then disabled checking for updates and closed it. Two minutes later I had 5.46 anyway. Let's pause here for a second and think about this. Most people who aren't aware of this forum and this thread would, at that point, probably think they downloaded a bad/malicious installer because it silently and automatically did something (i.e. updated to 5.46) that you specifically told it not to do just 2 minutes ago when you installed it.

Since I'm extremely security conscious I decided to do an experiment to establish with absolute certainty that my 5.43 (free) CCleaner install was updated by CCUpdate.exe to 5.46 (and not by something malicious) even though I was already 99.999% sure it was (thanks to this thread). But my OCD was eating at me so ... I have an older machine with Win 7 Pro on it that I use as an HTPC. It only has Windows 7 Pro and Malwarebytes on it. Nothing else. No Avast software has ever been installed on it. I copied over the exact same 5.43 (free version) installer I used 3-4 months ago (I save the installers for everything I install to a USB drive) and ran the installer. After running the installer I checked the Control Panel and verified that it said 5.43. I opened CCleaner and verified it said 5.43. I unchecked monitoring and "check for updates" and closed CCleaner. Literally 1-2 minutes later I refreshed the Control Panel and lo and behold it now said 5.46 ! I opened CCleaner and yeap, I now had 5.46. So it literally updated itself from 5.43 to 5.46 mere minutes after I installed it. FWIW I checked the SHA256 fingerprint of the ccsetup543.exe file I used against the SHA256 posted in the Announcements forum and they're exactly the same. So basically, installing any version older than 5.46 is probably pointless at this time since it will likely get auto-updated almost immediately to 5.46 (silently, without notification or warning) unless you disable your internet connection or something.

You were probably auto-updated via the update task in Task Scheduler (CCupdate.exe) soon after you switched the laptop on. It appears that most people who is not on the latest version (5.46) is silently getting updated to 5.46 through CCupdate.exe.

Thanks for confirming Nergal! I was pretty sure I was updated via "CCUpdate.exe" (emergency updater) but since I had the free version of CCleaner installed (I always thought only the paid versions get silent auto-updates) and did NOT have Avast installed (I use MBAM) I couldn't help but be a little worried about malware and such Thanks again!

Can anyone please confirm that they're free version of CCleaner was auto-updated without having Avast installed? It sounds like there were a few but confirmation would be appreciated. (I did not have Avast installed but was auto-updated from 5.43 (the free/standard version) to 5.46 on September 10) Thanks!

Some sort of notification is essential, especially when the user specifically configured CCleaner not to update. I had the free/standard version (5.43) installed and had update checking disabled so naturally when I noticed that it updated my initial concern was that it was something malicious.

Thanks for the additional info Ben. One more quick question ... I was on 5.43 and was auto updated to 5.46. You mentioned that 5.43 was already GDPR compliant so I'm just wondering why the 5.43 clients are also being auto-updated? Is it to make sure we have the new privacy controls, etc? Basically I just want to know for sure that 5.43 was also included in the auto-update. Thanks!

That "CCUpdate.exe" task is the emergency updater and was added in 5.36. It is used to update CCleaner regardless of your auto update settings. From the v 5.36 release notes ... We don't know yet what criteria is used to determine who receives the forced update to 5.46 (hopefully someone from PiriForm will be able to tell us although we do know that it's no longer used just for "worst-case scenarios") but as long as you keep that "CCleaner Update" task disabled you probably won't be updated.

FWIW after CCleaner updated to 5.46 I also had these two files in "C:\Windows\Temp": ccCB5A.tmp (file name is probably random) = SHA-256: 789ff77fdc292246a1956d314e277f497391162f3be4b1be3913bc20c6e7ddb7 ccupdate.exe = SHA-256: 8202b4a2e3a34e799324e97ed13610be07f2b01ae9bd11898fe1d748ea9d04c8

Deleted (forgot to quite reply)

Ben, thanks for the confirmation. Can you please provide a bit more detail with regards to what you mean by "some users"? Is it basically "everyone who is not on 5.46" or is there more to it? Can you also please confirm that these updates were triggered by CCUpdate.exe as we all suspect? I don't have Avast installed so it couldn't have happened by Avast's software updater. Just want to make sure. The additional information will go a long way to giving me some peace of mind. I was on the standard (free) 5.43 version (with update checking and monitoring disabled) so I obviously wasn't expecting my installation to silently update itself. As you can imagine, for those of us that run a tight ship and are very security conscious, seeing a product silently update itself causes a lot of stress and anxiety about malware if you weren't expecting it (or don't know the technical details about the update process).