Tom CCleaner

Hey! Our dev team are aware of this and we're currently looking into it! We hope to have it resolved soon. Tom

Hey, could you email our customer support team at support@piriform.com they should be able to help

Hi, I can see that your ticket is in our support queue, an agent will reply to you shortly

Hi, Can I refer you to this quote from our CTO: You can read the full article here: https://blog.avast.com/update-to-the-ccleaner-5.33.6162-security-incident Tom

Hi, we released this version earlier today. It's an important update and we're advising all users to update. Tom

Hi, we're advising all users to update - thanks

Hi, I've suggested already to everyone that you download the latest version which we know to be clean and not use version 5.33, even if it is 64-bit. You can download the latest CCleaner here: www.piriform.com/ccleaner/download/standard Thanks.

Hi again, Your anti-virus will flag this regardless of whether you're running the 32-bit or 64-bit version as it is the entire version that has been balcklisted. There are no options when you download, CCleaner runs the correct version for your PC. Tom

Good morning all. Apologies for the lack of communication. I hope that you can understand that it's been an incredibly busy time for our Customer Support team and given how quickly we identified the issue and made the announcement, we didn't have time to arrange extra support. I'm going to attempt to answer a couple of the main questions that you all have. I would like to ask that if you have more questions, please read our blog post before asking as this may enable you to find the answer first You can find this here: http://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users In addition to this, I'm not able to provide any more information than what is in any of the Piriform/Avast public statements although I can clarify the points to help with confusion. The main question that people are asking seems to be "Am I affected if I'm using the 64-bit, what happens because the 32-bit is installed? What happens if I ran the 32-bit version?" The answer to this is that no matter which .exe you run, if 64-bit can be run on your machine, it will be the one that runs. Opening the 32-bit will just launch the 64-bit version so you really shouldn't worry. "Is the Pro or slim affected" Any version with the number 5.33.6162 is affected. This includes Free, Slim, Portable, Pro, Business and Technician Edition. You're also asking "Am I still infected?" Well the problem was in the CCleaner.exe. This means that if you're removed this version then you're no longer at risk. In addition, as stated previously, the remote server has been shut down which means that even if the infected application is try to communicate - it can't. That being said, we're still encouraging everyone to update to the latest version. You can download this here: www.piriform.com/ccleaner/download/standard I hope this clears things up a little. Thanks - Tom Edit to add: Please note that it is only CCleaner and CCleaner Cloud that were affected by this. Speccy, Defraggler, Recuva, CCleaner Network and CCleaner Android are unaffected.

Hi Guys. Even if you're on the 5.33 version, you're no longer at risk but we are trying to get everyone updateded as soon as possible. All AV programs will likely flag CCleaner 5.33 and 5.34 now however they are safe to use. We're working on resolving this so there are no false readings. Thanks for your patience. At this time all the information I have available is on our blog post: http://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

Morning guys. Apologies tor the slow reply to this. The above post is correct - sorry for the confusion.

Hi all, The only version affected is the 32-bit binary of CCleaner v5.33.6162. It was the application that was the issue, not the installer. If you’re using a 64-bit version of CCleaner, then you’re unaffected although we recommend updating to the latest version. There is also no effect to the Mac or Android versions. At this time, we won’t be releasing a detection tool as the issue was in CCleaner itself, so uninstalling or updating the software removes the risk. You can download directly for free from here: www.piriform.com/ccleaner/download/standard For those interested, the MD5 hash of the affected CCleaner.exe is: ef694b89ad7addb9a16bb6f26f1efaf7 Thanks - Tom

Dear CCleaner customers, users and supporters, We would like to apologise for a security incident that we have recently found in CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191. We recently determined that these versions of our software had been compromised. We resolved this quickly and believe no harm was done to any of our home users, but we do have evidence that this has targeted large technology and telecommunication companies in Japan, Taiwan, UK, Germany and the US. This compromise only affected customers with the 32-bit version of the v5.33.6162 of CCleaner and the v1.07.3191 of CCleaner Cloud. No other Piriform or CCleaner products were affected. We encourage all CCleaner users to download the latest version of CCleaner: here. We apologize and are taking extra measures to ensure this does not happen again. For further information, please read the official announcements linked below. Official Information CCleaner v5.33 and CCleaner Cloud v1.07 Security FAQ https://piriform.zendesk.com/hc/en-us/articles/115001699371 Piriform blog: Security Notification for CCleaner version 5.33.6162 (Monday, 18 September 2017) Security Notification for a general audience. http://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users Piriform blog: Security Notification with Technical Overview (Monday, 18 September 2017) A similar announcement to the above, aimed at a technical audience and revealing technical details about the nature of compromise. http://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users Avast blog: Follow-Up Announcement by Avast CEO & CTO (Tuesday, 19 September 2017) This blogpost confirms the timeline of events surrounding the detection, investigation and announcement of the compromise; what precautions we are advising customers to take and what information we are basing this on; and what precautions we are taking to ensure this does not happen again. https://blog.avast.com/update-to-the-ccleaner-5.33.6162-security-incident Avast blog: Investigation Progress Update #1 by Avast Threat Labs team (Thursday, 21 September 2017) This blogpost reveals more information regarding the target of the attack and more technical details about how the compromise behaves. https://blog.avast.com/progress-on-ccleaner-investigation Avast blog: Investigation Progress Update #2 by Avast Threat Labs team (Thursday, 21 September 2017) This second progress update explains why only part of the command & control server logs were recovered and provides yet deeper technical understanding of the way the malicious code was put together. It also shares some clues as to the identity of the perpetrators. https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident Avast blog: Investigation Progress Update #3 by Avast Threat Labs team (Monday, 25 September 2017) This third progress confirms how many and which companies were specifically targeted by the attack and present a hypothesis on the origin of the perpetrator(s). The blogpost also contains a full list of IOCs (Indicators of Compromise - in this case a list of files whose existence show that a system has at one time been compromised by this attack). https://blog.avast.com/additional-information-regarding-the-recent-ccleaner-apt-security-incident Future announcements will be made on the Piriform and Avast blogs. Piriform Software blog: https://www.piriform.com/news/blog Avast Software blog: https://blog.avast.com/

Sorry, I forgot to ask what version of Firefox you're currently using?

Thanks, I'll let the devs know