CCleaner hacked

Thanks for the heads up Paul. I have the latest version so all is good and I had not updated it all summer so I was running a version from early June.
Thanks!

Thank YOU Paul!

I did a MWBytes scan and it found the Trojan.Floxif via CCleaner I am assuming. MWBytes quarantined this, but is it sufficient in the complete removal other than also installing an updated version from 5.33?

I'm wondering if this may have been what caused the AVIRA Blue Screen SYSTEM_SERVICE_EXCEPTION Error we attempted to repair with JHolland?
(see screenshot)

Advise please.


Best, Raphael

I am finding your post very confusing. You got this infection with the brand new version just released??

The compromised version, v5.33.6162,  was released in August and according to their information that version is no longer even available for download on their web site at all. Where did you get your new version?? The ONLY place to get the program is directly from piriform.

They have released two new versions since this hacking happened, first one was  v. 5.34.6207 and the newest version v. 5.35.6210 just released,  it was thought both were clean

Since you just found the infection with the new install then you need to report this to Piriform because that indicates their problems are not over.

Software should only be downloaded from the developers web site if possible to lessen the chance of also downloading unwanted programs.

I thought you gave up on Avira per a prior thread

It might have been, but I don't think we will ever know for sure.

Thanks for that information. The removed item came from your Downloads folder and shows that it was the CC_Set Up file. Since it came from the Downloads folder I would feel very comfortable saying that it was the set-up file for compromised version, v5.33.6162
and NOT v. 5.34.6207 or v. 5.35.6210.

According to all I have read your original install of v. 5.34.6207 definitely would have removed the installed compromised v5.33.6162 and the Trojan but the downloaded set up file would  have remained in the downloads folder until deleted by you or removed by something like MBA-M.

The set up file had to have been opened and run in order to have infected the computer. So that shows that the two versions released AFTER that compromised version are good as have been noted in all articles that followed following the finding of the original problem. I have found NO mentions anywhere of the two new versions having problems.


The v. 5.34.6207 release absolutely DID fix the compromised version and also had very normal added fixes for Browser Cleaning:
Firefox: Internet History cleaning rule no longer removes Favicon content.
General:
Minor GUI improvements.
Minor bug fixes.

The release of v. 5.35.6210 was done only because All builds signed with new Digital Signatures.  No other changes were done or needed.
BOTH the newly released versions since the hack are 100% Clean.

This happening to you is one of the main reasons that I never keep the downloaded install/set up files for any programs. Once I have installed them I delete that downloaded install file.

 If I need to uninstall a program for some reason and install a new copy I Always go to the home page of the program and  download I brand new copy of the install/set up file. 

You actually could have mistakenly used that old file and installed the Trojan onto your computer.
Dump the install files once you have used them.