ewv

When I tried to use the 5.61 installer it bypassed all installation options and immediately began installing. In particular it apparently installs to its own default system folder in spite of a prior installation elsewhere. To prevent the installation I had to kill it from task mgr because the only option was to allow it to 'finish'. Previous installer versions have worked properly. The 5.61 slim build installer is working properly.

There appear to be two files, identifiable by their hashes as compromised, the 5.33 version of ccleaner.exe and the installer ccsetup533.exe. But there are three hashes given, with two different values for ccleaner.exe.

That is identified as ccleaner.exe, too. Why are there two bad ccleaner.exe's with different hashes and only one bad installer?

You wrote "the MD5 hash of the affected CCleaner.exe is: ef694b89ad7addb9a16bb6f26f1efaf7". The website for Cisco Talos, which discovered the problem, gives three SHA256 hashes at http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html 6F7840C77F99049D788155C1351E1560B62B8AD18AD0E9ADDA8218B9F432F0A9 1a4a5123d7b2c534cb3e3168f7032cf9ebf38b9a2a97226d0fdb7933cf6030ff 36b36ee9515e0a60629d2c722b006b33e543dce1c8c2611053e0651a0bfdb2e9 My 533 installer from 8/17/17 matches the second sha256. My 533 ccleaner.exe matches the first sha256 and your md5. What file is the file corresponding to the third sha256 from cisco? (My current version is 534, but the malware 533 was in use on two machines for almost a month.)