Jump to content
Piriform Community Forums

mrdimly

Members
  • Content count

    17
  • Joined

  • Last visited

Everything posted by mrdimly

  1. Hi, I'm confirming 2 tasks in task sheduler, but my v5.38 slim never updated itself to v5.46, maybe as auto-update remained always unticked. Nonethless it phoned home, by-passing firewall rules (as it has to do) until I disabled the 1st of the 2 tasks (CCleaner.update) I wasn't aware of. Such a task seems to be more regular update performing than a so called emergency one I never found anywhere. Could that sheduled "call back home" task be the previous mentioned "heartbeat" ? Some advice welcome. I did never have Avast. Thanks.
  2. Hi, I use an older version: when not launched I don't have any ccleaner process in the Task Manager, and I unchecked monitoring and update search; ccleaner is blocked in the firewall. Ccleaner yet seems to phone home some time after boot finished, and I wonder if this is part of what you call the "heartbeat". Thanks for your response,
  3. Work for me also. Where come these links from as they are ?
  4. Hi, 1st link works to download slim, but not the 2nd (URL points in realty to http://www.ccleaner.com/ ) Some links above change after signing-in and permit access to slim download; very strange as access to builds never needed to create an account before; is this an information to know ? Had always non-HTTPS versions of the pages, my AV (non desabled) is from a third party on W7 x64. May be some URLs appear as fakes in my location only ???
  5. Hi, Where may I find file hashes by Piriform for the actual ccleaner537_slim ? Submitted to Virustotal, the one indicated seems to be related to a portable file, therefore still confusing.
  6. Hi, Checksums are Ok for ccleaner536_slim (self-extracting exe) I just downloaded from piriform.com, same on VirusTotal, albeit they state that the studied file is a portable executable; a little bit confusing.
  7. Hi, Thanks for CClaner536 checksums, I'm looking for CCleaner536_slim later. As far I'm concerned, I use MD5_&_SHA_Checksums_Utility which shows MD5, SHA-1, SHA-256, SHA-512 (free version) with verifying function; it doesn't need installation and I downloaded from https://raylin.wordpress.com/downloads/md5-sha-1-checksum-utility/ (Publisher gives checksums). No competent AV flags it when downloaded on the above.
  8. It seems that some HKLM Agomo leftover registry key values would be found, after install-uninstall of CCleaner533 on x64 running computers , that belong to CCleaner Cloud (since 2017-09-18) and therefore aren't deleted by the most competent AVs. Vendor's statement about this would be of great interest. Here's how a competent AV sorts these out: https://forums.malwarebytes.com/topic/210927-ccleaner-hack/
  9. Hi, I'm learnig too, all things considered, that on 2017-09-18 I had a very competent AV keeping me safe with the CCeaner533 standard download, which was flagged at that time only by some AVs, among which mine, ( https://virustotal.com/en/file/36b36ee9515e0a60629d2c722b006b33e543dce1c8c2611053e0651a0bfdb2e9/analysis/1505759047/ ). Now, I'll try to get it back and updated really. For checksum's calculating at home, I found "MD5 & SHA Checksum Utility" (not verified, no need of installation SHA-1 4B70B5213249014C3785460720B81B5F9BEABEC3, SHA-256 D3D6F3597AEBA37312F61E59BA465E57B19140CC9A4517C7F9C49461F1D0A4BB), but we may need cheksums from the vendor itself for next versions of CCleaner; hope this'll be possible to stay in full confidence; what I mean is "as official checksums".
  10. Hi login123, I went to the Avast blog last week after your post, but am sorry not to recognize the official CCleaner533_slim self-extracting installer checksums (MD5, SHA-1, SHA-256) among those tens of IOCs 1st stage, 2nd stage, etc.... ?! (IOC: Intelligent Orientation Control or what else ?) Simply: 1st question: get these official checksums. 2nd question: what about some AVs that flag CCleaner533 standard installer, but not CCleaner533_slim installer ? Hope you have now a clear understanding of my questions.
  11. It might look differently here overseas (attachement), no 533 versions checksums. Not to mention that for example Qihoo-360 (my AV) flagged CCleaner533_standard since 2017-09-18, but not Microsoft nor many well-known AV brands ( https://virustotal.com/en/file/36b36ee9515e0a60629d2c722b006b33e543dce1c8c2611053e0651a0bfdb2e9/analysis/1505759047/ ) although nowadays Qihoo-360 doesn't yet flag CCleaner533_slim as some other well-known AV brands ( https://www.virustotal.com/fr/file/4f8f49e4fc71142036f5788219595308266f06a6a737ac942048b15d8880364a/analysis/ ) Don't ask why I'm still confused even after this huge amount of posts above.
  12. Hi, Sorry, but didn't find anything about CCleaner 5.33 checksums. Thanks for attention.
  13. Hi Stephen Piriform, Would be nice to give us MD5, SHA-1 and SHA-256 hashes for CCleaner 5.33 standard, slim, and portable versions for verifying purposes, as still having a 5.33_slim installer archived (downloaded 01 Sept 2017), although I uninstalled it successfully as it seems. I didn't find those anywhere and as many people am very curious to know about.
  14. Hi Nergal, I remain confused because I can't get a relevant response after analysis of my CCleaner 5.33 self-extracting EXE upload to Virus total and it seems I could assume the Agomo registry key files, if somewhere on any computer, are there after installing CCleaner 5.33 self-extracting EXE slim without even knowing anything about CCleaner Coud or that it only exists.
  15. Hi lmacri, I always downloaded and/or installed the slim version of different CCleaner versions apart from the 5.34 standard version I never installed, only saved for examination purpose; I never dowloaded and/or executed a portable version. So the files I submitted on Virus Total were the self-extracting exe files fore CCleaner 5.33 and 5.34. Some confusion comes from the analysis response of Virus Total which always says "The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem" ( https://www.virustotal.com/fr/file/4f8f49e4fc71142036f5788219595308266f06a6a737ac942048b15d8880364a/analysis/1506631637/ ). The digital key chains are different between my uploaded self-extracting 5.33 slim and their portable 5.33 Win32 EXE file. For the 5.34 version, I don't have the cc_setup534.exe, mine is self-extracting ccsetup534.exe preventing any comparison, but the problem may be the same as they say on Virus Total "The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem" ( https://www.virustotal.com/fr/file/cbc2f423d035cf315ac724e61287420013c517cf3d95dbdfa673179436184e64/analysis/ ). So analysis results on Virus Total are more confusing than informative as they never gave SHA256 hash for the submitted self-extracting exe files of CCleaner. And what about Agomo related registry keys coming with Floxif ? Isn't Agomo part of CCleaner Cloud ? Meaning that the bundle of the CCleaner 5.33 Win 32 EXE should have something to do with CCleaner Cloud ? Even more confusing ! Hope I'm wrong there !
  16. Hi, It remains that 3 CCleaner 5.34 installers downloaded at diferent dates from official site (standard installers) have varying KB rates by some margin.I can only submit mine I downloaded only once. For the CCleaner 5.33 slim installer,I also donwloaded only once, installed then uninstalled, Virus Total shows same SHA for slim and portable versions, I submitted slim, and they respond for portable, how does that match ? Have slim and portable the same digital signature by Symantec CA ? Thanks for your response.
  17. Hi, After reading lmacri's post about different Ccleaner 5.34 32 bit versions, I checked mine downloaded directly from piriform.com (ccsetup534 version 5.34.0.6207) and find out it's rated at 9.37GB (9 826 968 byte). So, which is the original one among theese "official" 3 ? It would be useful to know the hash rates and the time stamp of the exe for best trustworthiness. Same for the 5.33 32 bit slim version I submitted at Virustotal: their time stamp is very different from mine, albeit they said I submitted their own version, with surprisingly same hash rates. Very, very confusing facts for a normal user. Thanks for some advice.
×