Bay 12 Games Forum

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1] 2

Author Topic: WARNING for CCleaner users  (Read 2561 times)

martinuzz

  • Bay Watcher
  • High dwarf
    • View Profile
WARNING for CCleaner users
« on: September 19, 2017, 10:01:29 am »

Cisco Talos research team has discovered that hackers have infected CCleaner. Any users that installed, or updated the program between the 15th of august and 12th of september have also unknowingly installed a backdoor insto their system that allows hackers to access to the system, and any attached systems, giving them free access to sensitive information like banking and social media login information.

Cisco Talos has informed Avast!, owner of CCleaner, and the malware has been removed with a recent update. However, the update does not cure infections already present, it just stopped CCleaner from being a host vector.

According to the researchers at Cisco Talos, the only way to cure the infection is to completely wipe the harddrive and install operating system and all programs anew.

https://www.volkskrant.nl/media/populair-programma-voor-opschonen-pc-s-ccleaner-gehackt~a4517372/
https://www.cnet.com/how-to/ccleaner-was-hacked-heres-what-to-do-next/
Logged
Friendly and polite reminder for optimists: Hope is a finite resource

We can ­disagree and still love each other, ­unless your disagreement is rooted in my oppression and denial of my humanity and right to exist - James Baldwin

http://www.bay12forums.com/smf/index.php?topic=73719.msg1830479#msg1830479

smjjames

  • Bay Watcher
    • View Profile
Re: WARNING for CCleaner users
« Reply #1 on: September 19, 2017, 10:03:23 am »

Ouch. I haven't updated CCleaner in a long time though...

Thanks for the warning.
Logged

Antioch

  • Bay Watcher
    • View Profile
Re: WARNING for CCleaner users
« Reply #2 on: September 19, 2017, 10:28:11 am »

Quote
According to the researchers at Cisco Talos, the only way to cure the infection is to completely wipe the harddrive and install operating system and all programs anew.

That seems rather unlikely.
Logged
You finish ripping the human corpse of Sigmund into pieces.
This raw flesh tastes delicious!

Strife26

  • Bay Watcher
    • View Profile
Re: WARNING for CCleaner users
« Reply #3 on: September 19, 2017, 11:26:32 am »

Avast was claiming it's only 32 bit windows, but I have a lot of trouble trusting 'em at this point.
Logged
Even the avatars expire eventually.

Starver

  • Bay Watcher
    • View Profile
Re: WARNING for CCleaner users
« Reply #4 on: September 19, 2017, 12:05:26 pm »

CCleaner is still a thing? Used to be the biggest waste of time download that I had to remove from users' machines, after they installed it from webads to solve problems they didn't have, often giving them entirely new problems. And nagware.

However bad vanilla Windows is, tool-based 'optimisation' is so full of pitfalls. And now this. However this happened. I probably also need to think about getting my people I know are using Avast! (previously AVG, before the merger) to move onto another AV solution, if they're potentially open to this sort of threat in their software stable.

(Already they had to 'register' the free software, which initially confused things mightily for those forewarned about not listening to typically scummy "Upgrade now! Register now! Give us your email!" faux-alerts. I'm going to have to draw up a new list of personally-preferred AV vendors, I think. I'll also probably knock it off my paid-for-upgrade recommendation list, but there's very few of those left.)
Logged

Antioch

  • Bay Watcher
    • View Profile
Re: WARNING for CCleaner users
« Reply #5 on: September 19, 2017, 12:50:43 pm »

I primarily used ccleaner to look at what programs were loaded on startup.
Logged
You finish ripping the human corpse of Sigmund into pieces.
This raw flesh tastes delicious!

NRDL

  • Bay Watcher
  • I Actually Like Elves
    • View Profile
Re: WARNING for CCleaner users
« Reply #6 on: September 19, 2017, 01:00:05 pm »

Thanks for the heads up.
Logged
GOD DAMN IT NRDL.
NRDL will roll a die and decide how sadistic and insane he's feeling well you do.

Starver

  • Bay Watcher
    • View Profile
Re: WARNING for CCleaner users
« Reply #7 on: September 19, 2017, 06:39:06 pm »

I primarily used ccleaner to look at what programs were loaded on startup.
(Simply run "MSConfig", specifically the 'startup' tab, for the obvious stuff that isn't actually in the Programs/StartUp folder. And/or know how best to check regedit for "Run", "RunOnce", "RunOnceEx", etc (also works across profiles, with appropriate access), if you aren't scared of being direct. Mildly technical, but a useful lesson in wrangling the OS into shape to anybody who isn't scared of understanding what funny strings mean.)
Logged

Akura

  • Bay Watcher
    • View Profile
Re: WARNING for CCleaner users
« Reply #8 on: September 19, 2017, 07:40:44 pm »

Huh, I just checked and saw I still had CCleaner installed. Thought I removed that months/years ago.

Uh... does CCleaner automatically silently update? The version number when I uninstalled it just now said v3.06. Also, is Avast antivirus also affected by this?
Logged
Quote
They asked me how well I understood theoretical physics. I told them I had a theoretical degree in physics. They said welcome aboard.
... Yes, the hugs are for everyone.  No stabbing, though.  Just hugs.

Bumber

  • Bay Watcher
  • REMOVE KOBOLD
    • View Profile
Re: WARNING for CCleaner users
« Reply #9 on: September 20, 2017, 01:52:39 am »

Good thing I stopped updating after they broke the UI to look like Win8.

I use it to clear out temp files (such as from Adobe Flash applications), and to get rid of context (right-click) menu entries that programs add.
« Last Edit: September 20, 2017, 01:56:11 am by Bumber »
Logged
Reading his name would trigger it. Thinking of him would trigger it. No other circumstances would trigger it- it was strictly related to the concept of Bill Clinton entering the conscious mind.

THE xTROLL FUR SOCKx RUSE WAS A........... DISTACTION        the carp HAVE the wagon

A wizard has turned you into a wagon. This was inevitable (Y/y)?

Starver

  • Bay Watcher
    • View Profile
Re: WARNING for CCleaner users
« Reply #10 on: September 20, 2017, 08:08:49 am »

Good thing I stopped updating after they broke the UI to look like Win8.
Some developers seem to think that they must change their interfaces to match the latest fads, even by overriding the actual installed-upon platform's wundow manager defaults to make it all look like The Next Big Thing. Which is often an awful decision by MS/Apple/etc in designing their "different and 'better' look" latest-gen OS GUI.  Ribbon bars. Whatever that floaty orbital icons media player thing is. Over-use of transparency to make funky corners or stacked "lozange"-shapes. I also chucked one AV product from my armoury, some time ago, when their default operations window expanded beyond the limits of a Safe Mode screen resolution, awkward to use with remembering the alt-key shortcuts for off-screen controls.

Quote
I use it to clear out temp files (such as from Adobe Flash applications), and to get rid of context (right-click) menu entries that programs add.
Temp files not in %WINDIR%\TEMP, %TEMP%, %TMP% ,"%USERPROFILE%\Local Settings\Temp"/system variation or whatever your more current browser(s) use for Temporary Internet Files (often beneath the Local Settings equivalent), according to WinVer and program design, can be found with just a little more effort.

For right-click, the current version of Windows' folder view, Tools|Folders Options, the /File Types\ tab, choose a file type and then the [Advanced] button gives you access to file associations for that, to edit in or out what you want. Or regedit and search for the rogue "Opens with XYZ Media Editor"/whatever to easily track down all of the image, video, sound, smell and taste files that this addition has been made to. (*Warning - messing with regedit is powerful, obviously.* Though if you look enough before you touch you should be able to understand the depth of the rabbit-hole that you actually need to go.)


Ok, scary for some, but I'd argue that it should be scarier to rely upon an app you only install because of "Your PC is suboptimal!!! Fix it now!!!" scare-ad. If they've also advertised/distributed more legitimately, they already blotted their copybook in my eyes. I am of course kind of like the man who doesn't trust any car he can't tinker with in his own carport with a set of wrenches and screwdrivers, and has very few established mechanics he'd trust to fix the faults in his vehicle that he can't solve himself. (And yet is forced to find a heating engineer in the phonebook when the house's boiler goes down.)
Logged

hector13

  • Bay Watcher
  • It’s shite being Scottish
    • View Profile
Re: WARNING for CCleaner users
« Reply #11 on: September 20, 2017, 01:20:54 pm »

That's a bummer... looks like I may not have updated it since June though, and scans of those files reveal everything is apparently okay, so yay for laziness.
Logged
Look, we need to raise a psychopath who will murder God, we have no time to be spending on cooking.

If you struggle with your mental health, please seek help.

Bumber

  • Bay Watcher
  • REMOVE KOBOLD
    • View Profile
Re: WARNING for CCleaner users
« Reply #12 on: September 21, 2017, 12:15:40 am »

For right-click, the current version of Windows' folder view, Tools|Folders Options, the /File Types\ tab, choose a file type and then the [Advanced] button gives you access to file associations for that, to edit in or out what you want. Or regedit and search for the rogue "Opens with XYZ Media Editor"/whatever to easily track down all of the image, video, sound, smell and taste files that this addition has been made to. (*Warning - messing with regedit is powerful, obviously.* Though if you look enough before you touch you should be able to understand the depth of the rabbit-hole that you actually need to go.)
Not file types. Stuff like "Add to Dropbox" or "Convert to PDF". 7-zip is great about letting you configure what's there, Dropbox and WinMerge let you disable it, but others aren't so nice.

CCleaner lists them under startup entries, but I don't see them in MSConfig. Probably have to manually track them down in regedit.
« Last Edit: September 21, 2017, 12:23:06 am by Bumber »
Logged
Reading his name would trigger it. Thinking of him would trigger it. No other circumstances would trigger it- it was strictly related to the concept of Bill Clinton entering the conscious mind.

THE xTROLL FUR SOCKx RUSE WAS A........... DISTACTION        the carp HAVE the wagon

A wizard has turned you into a wagon. This was inevitable (Y/y)?

Starver

  • Bay Watcher
    • View Profile
Re: WARNING for CCleaner users
« Reply #13 on: September 21, 2017, 02:57:15 am »

For right-click, the current version of Windows' folder view, Tools|Folders Options, the /File Types\ tab, choose a file type and then the [Advanced] button gives you access to file associations for that, to edit in or out what you want. Or regedit and search for the rogue "Opens with XYZ Media Editor"/whatever to easily track down all of the image, video, sound, smell and taste files that this addition has been made to. (*Warning - messing with regedit is powerful, obviously.* Though if you look enough before you touch you should be able to understand the depth of the rabbit-hole that you actually need to go.)
Not file types. Stuff like "Add to Dropbox" or "Convert to PDF". 7-zip is great about letting you configure what's there, Dropbox and WinMerge let you disable it, but others aren't so nice.
Covered
But you should also see things like "File Folder" under the File Types of the Folder Options, that covers non-files, and other weird stuff. I mostly use that to go and add an ampersand in, via the Advanced button (Edit File Type dialogue), to (re)specify a shortcut key of choice, yet you can go and delete them out that way, too.

Or track them down all ".../shell/Send to Dropbox/command" branches, or whatever, registry keys and prune out the. "Send to Dropbox" branch (leaving the "Open", and other "Send to..."s under Shell, unless you're very sure that's something you also want to do). But look around before you do too much. Export to a file to read (open with notepad, or your notepad replacement of choice) a selection of HKCR/(stuff)/shell branches to get an idea. You can also go in and add the Ampersand in on the key, this way, if (like for me) this is the thing youbwant to do.

But this was never intended to replace a good Goole-gained reference to a much more considered page on how to do this properly. For one thing, they may have changed things by the time of Windows 10. I doubt it (given backwards compatibility with most of the historic Win9x-and-up programs that have been designed to poke in their own menu items, user-authorised or otherwise) but if installer requests are intercepted by a given API (like the WOW64 abstraction layer does for other things) and converted, it may change without n ways that manual pokes would discover.

And some global menu items sit under places with different formats, but are equally discoverable by a search, like I did with my own "Scan with (AntiVirus program)" entry, to see where it is... This may be the alternate method that DropBox globally uses.

I'm just trying to demonstrate that CCleaner only really does everything you can do yourself if you're bothered, but in a different format...

Quote
CCleaner lists them under startup entries, but I don't see them in MSConfig. Probably have to manually track them down in regedit.
...yeah, not sure about Add To Dropbox menu items being a Startup thing (unless that's from the internal knowledge that the entirely different "HKLM/SOFTWARE/Microsoft Windows/CurrentVersion/Run" item that initialises DropBox starts a process that aggressively reinstates the shell/ items, whenever removed, which is an ugly practice that should be killed with fire!) in any sane sense...  I understand their thinking, but it's giving the wrong impression to the end-user in the interests of conveniently presenting an "I can do it all with fewer clicks" thing that keeps people in awe of the really quite simple process they could use without getting into the habit of installing random programs.

(And I must admit that I never thought I'd describe the registry as 'simple'. I never really got over the whole 9x move away from .INIs! But it's only completely obscure when you don't know what you're looking for, and gets better as you expose yourself to it more.)
« Last Edit: September 21, 2017, 02:59:37 am by Starver »
Logged

Paxiecrunchle

  • Bay Watcher
  • I'm just here, because actually I don't know*shrug
    • View Profile
Re: WARNING for CCleaner users
« Reply #14 on: September 22, 2017, 03:54:32 am »

I don't think that I have this thing installed, and now I don't think I ever want to.
Pages: [1] 2