EDIT- Also based on what is currently posted on VT, what the products are currently detecting is the backdoor set by the CCleaner installer. All the CCleaner installer did was set the backdoor. Most likely, the malware was downloaded and installed after the backdoor was set.
In other words, after CCleaner is installed. Might be the malware in the CCleaner installer is packed, encrypted, and obfuscated which means it can't be detected until the malware is loaded into memory. On September 13, Piriform released CCleaner 5.34 and CCleaner Cloud version that do not contain the malicious code. Updating to the latest version will not fix the backdoor. I do know the person who posted on the Eset forum that he was infected, noted it was advanced memory scanning that detected the malware at boot time. Version of CCleaner and Version of CCleaner Cloud are the ones infected with the backdoor.
#CCLEANER CLOUD V1.07.3191 SOFTWARE#
MSE is anti-malware software released by Microsoft for Windows 7 and can be used free of charge. CCleaner 5.33 installed on my Windows 7 32-bit has been disabled because Microsoft Security Essentials (MSE) detected malware. What is shown on VT is the detection for the Google Toolbar in the CCleaner installer i.e PUA. 32bit-CCleaner Cloud v The 64-bit version is not mentioned. The compromise could cause the transmission of non-sensitive data (computer name, IP address, list of installed software, list of active software, list of network adapters) to a 3rd party computer server in the USA.
#CCLEANER CLOUD V1.07.3191 CODE#
EDIT- And it has been confirmed at least one backdoor was set by the malware to enable its "mapping" activities that proceeded once the malware was initially installed:Ĭlick to expand.According to Eset, the sig they developed for the malware is this, "Win32/CCleaner.A, Win32/CCleaner.B", which is not what is shown on the MB link to VT you posted. CCleaner Cloud v was released on the 24th of August, and updated with a version without compromised code on September 15. It always has been and always will be established security procedure to reinstall or restore from image backup if a backdoor installation is suspected. Obviously, the best solution would be a restore from an image backup. I would opt for a Win 8/10 repair installation over a system restore point. Hence Cisco's recommendation to restore from pre-Aug. Positive backdoor detection can only be had by an actual sample of the installed code so a signature can be developed. Additionally the backdoor can remain dormant for days, weeks, months, and in some instances years. Her er, hvad Piriform har udtalt om sagen: Vi har for nylig fastslået, at ældre versioner af vores Piriform CCleaner v og CCleaner Cloud v var blevet kompromitteret. Detecting a backdoor is next to impossible to detect other than by constant and detailed network monitoring. Tilsyneladende, 32-bit versionen af v af CCleaner og v af CCleaner Cloud er blevet tilsidesat. If you were infected, the likelihood is high that the malware installed a backdoor. You should know that by now since most of the AV's, Malwarebytes, etc.
0 kommentar(er)
