[Problem With CCleaner Cloud & Windows Defender :(]

Hey! Our dev team are aware of this and we're currently looking into it! We hope to have it resolved soon.

 

Tom

[Appears CCleaner not cleraning]

Hey, could you email our customer support team at support@piriform.com they should be able to help

[Support to got back file deleted by google drive on virtual box]

Hi, I can see that your ticket is in our support queue, an agent will reply to you shortly

[Traces of Floxif Malware From Infected CCleaner v5.33 Installer]

Hi,

 

Can I refer you to this quote from our CTO:

 

 

 

About 30% of CCleaner users also run Avast security software, which enables us to analyze behavioral, traffic and file/registry data from those machines. Based on the analysis of this data, we believe that the second stage payload never activated, i.e. the only malicious code present on customer machines was the one embedded in the ccleaner.exe binary.

 

You can read the full article here: https://blog.avast.com/update-to-the-ccleaner-5.33.6162-security-incident

 

Tom

[Is There A CCleaner 3.535 Yet?]

Hi, we released this version earlier today. It's an important update and we're advising all users to update. Tom

[Version 5.35 ?]

Hi, we're advising all users to update - thanks

[Announcement: Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191]

Hi,

 

I've suggested already to everyone that you download the latest version which we know to be clean and not use version 5.33, even if it is 64-bit. You can download the latest CCleaner here: www.piriform.com/ccleaner/download/standard

 

Thanks.

[Announcement: Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191]

Hi again,

 

Your anti-virus will flag this regardless of whether you're running the 32-bit or 64-bit version as it is the entire version that has been balcklisted. There are no options when you download, CCleaner runs the correct version for your PC.

 

Tom

[Announcement: Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191]

Good morning all. Apologies for the lack of communication. I hope that you can understand that it's been an incredibly busy time for our Customer Support team and given how quickly we identified the issue and made the announcement, we didn't have time to arrange extra support.

 

I'm going to attempt to answer a couple of the main questions that you all have. I would like to ask that if you have more questions, please read our blog post before asking as this may enable you to find the answer first You can find this here: http://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

 

In addition to this, I'm not able to provide any more information than what is in any of the Piriform/Avast public statements although I can clarify the points to help with confusion.

 

 

 

The main question that people are asking seems to be "Am I affected if I'm using the 64-bit, what happens because the 32-bit is installed? What happens if I ran the 32-bit version?"

 

The answer to this is that no matter which .exe you run, if 64-bit can be run on your machine, it will be the one that runs. Opening the 32-bit will just launch the 64-bit version so you really shouldn't worry.

 

 

"Is the Pro or slim affected"

Any version with the number 5.33.6162 is affected. This includes Free, Slim, Portable, Pro, Business and Technician Edition.

 

 

You're also asking "Am I still infected?"

Well the problem was in the CCleaner.exe. This means that if you're removed this version then you're no longer at risk. In addition, as stated previously, the remote server has been shut down which means that even if the infected application is try to communicate - it can't. That being said, we're still encouraging everyone to update to the latest version. You can download this here: www.piriform.com/ccleaner/download/standard

 

 

 

I hope this clears things up a little.

 

Thanks - Tom

 

 

Edit to add: Please note that it is only CCleaner and CCleaner Cloud that were affected by this. Speccy, Defraggler, Recuva, CCleaner Network and CCleaner Android are unaffected.

[Traces of Floxif Malware From Infected CCleaner v5.33 Installer]

Hi Guys.

 

Even if you're on the 5.33 version, you're no longer at risk but we are trying to get everyone updateded as soon as possible. All AV programs will likely flag CCleaner 5.33 and 5.34 now however they are safe to use. We're working on resolving this so there are no false readings. Thanks for your patience.

 

At this time all the information I have available is on our blog post: http://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

["Strange" version of CCleaner appeared on PCs without warning]

Morning guys. Apologies tor the slow reply to this. The above post is correct - sorry for the confusion.

[Announcement: Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191]

Hi all,

 

The only version affected is the 32-bit binary of CCleaner v5.33.6162. It was the application that was the issue, not the installer. If you’re using a 64-bit version of CCleaner, then you’re unaffected although we recommend updating to the latest version. There is also no effect to the Mac or Android versions.

At this time, we won’t be releasing a detection tool as the issue was in CCleaner itself, so uninstalling or updating the software removes the risk. You can download directly for free from here: www.piriform.com/ccleaner/download/standard

For those interested, the MD5 hash of the affected CCleaner.exe is: ef694b89ad7addb9a16bb6f26f1efaf7

 

Thanks - Tom

[Announcement: Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191]

Dear CCleaner customers, users and supporters,

We would like to apologise for a security incident that we have recently found in CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191. We recently determined that these versions of our software had been compromised. We resolved this quickly and believe no harm was done to any of our home users, but we do have evidence that this has targeted large technology and telecommunication companies in Japan, Taiwan, UK, Germany and the US. This compromise only affected customers with the 32-bit version of the v5.33.6162 of CCleaner and the v1.07.3191 of CCleaner Cloud. No other Piriform or CCleaner products were affected.

We encourage all CCleaner users to download the latest version of CCleaner: here. We apologize and are taking extra measures to ensure this does not happen again.

For further information, please read the official announcements linked below.

 

Official Information

CCleaner v5.33 and CCleaner Cloud v1.07 Security FAQ

https://piriform.zendesk.com/hc/en-us/articles/115001699371

 

Piriform blog: Security Notification for CCleaner version 5.33.6162 (Monday, 18 September 2017)

Security Notification for a general audience.

http://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

 

Piriform blog: Security Notification with Technical Overview (Monday, 18 September 2017)

A similar announcement to the above, aimed at a technical audience and revealing technical details about the nature of compromise.

http://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

 

Avast blog: Follow-Up Announcement by Avast CEO & CTO (Tuesday, 19 September 2017)

This blogpost confirms the timeline of events surrounding the detection, investigation and announcement of the compromise; what precautions we are advising customers to take and what information we are basing this on; and what precautions we are taking to ensure this does not happen again.

https://blog.avast.com/update-to-the-ccleaner-5.33.6162-security-incident

 

Avast blog: Investigation Progress Update #1 by Avast Threat Labs team (Thursday, 21 September 2017)

This blogpost reveals more information regarding the target of the attack and more technical details about how the compromise behaves.

https://blog.avast.com/progress-on-ccleaner-investigation

 

Avast blog: Investigation Progress Update #2 by Avast Threat Labs team (Thursday, 21 September 2017)

This second progress update explains why only part of the command & control server logs were recovered and provides yet deeper technical understanding of the way the malicious code was put together. It also shares some clues as to the identity of the perpetrators. 

https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident

 

Avast blog: Investigation Progress Update #3 by Avast Threat Labs team (Monday, 25 September 2017)

This third progress confirms how many and which companies were specifically targeted by the attack and present a hypothesis on the origin of the perpetrator(s). The blogpost also contains a full list of IOCs (Indicators of Compromise - in this case a list of files whose existence show that a system has at one time been compromised by this attack).

https://blog.avast.com/additional-information-regarding-the-recent-ccleaner-apt-security-incident

 

Future announcements will be made on the Piriform and Avast blogs.

Piriform Software blog: https://www.piriform.com/news/blog

Avast Software blog: https://blog.avast.com/

[CCleaner v5.32.6129 (x64) & Firefox 55 (x64)]

Sorry, I forgot to ask what version of Firefox you're currently using?

[CCleaner v5.32.6129 (x64) & Firefox 55 (x64)]

Thanks, I'll let the devs know

[CCleaner v5.32.6129 (x64) & Firefox 55 (x64)]

Hey guys,

 

Our devs thought they'd solved this so I'm sorry to hear that's not the case. Could you please send some screenshots showing where in Firebox they aren't displaying correctly and if possible, list some of the affected websites?

[(A)CCleaner cookie removal-(B) Why no updates for Mac?]

Hi, welcome to the Forum

If you email support@piriform.com one of our agents will be able to help you out with this request.

 

Thanks! Tom

[Windows Store Experience Host]

Hey, could you email our support team about this? You can do this at support@piriform.com - thanks!

["Last Download Location" breaks Firefox profile very serious !]

Hey, welcome to the forum

 

The development team would like to know exactly what is broken so that they can investigate further.

 

They've also asked if you could provide us with a copy of the file before and after cleaning so that they can try to identify what has changed - would this be possible?

 

Thanks - Tom

[Return of the Update Nag]

Hey to clarify, we've fixed the issue in 5.33, so you shouldn't experience the same issue when updating from 5.33 to 5.34 during the next release

[Return of the Update Nag]

Hey, this should be fixed now. Can you guys let us know if you see the same issue with 5.33?

[Account Dashboard]

Hey

 

Sorry for the delay in response. If you email support@piriform.com they will be able to give you any information about your licenses.

 

If you open CCleaner and click Options > About then you can click the blue license button and see which key it is using.

 

I'll pass your comments on about the website

 

Tom

[Return of the Update Nag]

Hey guys! Thanks for the reports of this. Our development team have been able to reproduce the issue and they're now working on a fix for this

[Internet Explorer Username/Passwords Removed]

Hi JMR

 

The devs have got back to me and it this is caused because Windows saves Edge and Internet Explorer files in the same place and we can't tell them apart. This means that when we clean something in one browser like this, it will clean it from the other browser too.

 

Thanks.

[Internet Explorer Username/Passwords Removed]

Hi JMR - Could you please tell us which websites are/aren't being cleaned so that our developers can try and recreate the issue?

 

Thanks - Tom