So not the original version, but the version distributed by Avast Antivirus?
By. Avast. Antivirus.
/me uninstalls Avast...
Antivirus firm Avast has admitted inadvertently distributing a trojanised version of CCleaner, a popular PC tune-up tool, for nearly a month, infecting an estimated 2.27 million users. Cisco Talos discovered that servers distributing the program were leveraged to deliver malware to unsuspecting victims. "For a period of time …
No, this is the normal version of CCleaner that is affected, not some specialist Avast version, shipped with Avast, avast now own Piriform. This is the normal standalone installer that everyone uses.
The article is confusing because Piriform is now owned by Avast, but the installer that is infected was downloaded in the normal way when you check for upgrade via FileHippo/Pirform
I had version 5.32 installed, and noticed the download installer had increased in size to 9.4MB for version 5.33, up from 6.8MB for 5.32. (Oddly 5.34 is still 9.4MB, but downloading the update in the software downloads 6.4MB). On seeing the size increase, I assumed they were shipping some form of Google Chrome add-on/other software included. The installer will install Google Chrome if it's not already installed on the machine. At the time I searched and also found another version on the Piriform website - CCleaner 'slim' which was still 6.8MB in size. This now seems to have disappeared.
I saw the size increase and backed off from updating. It's always worth a bit of due-diligence, and think why has an installer increased in size by a third?
I'm currently seeing/investigating an issue with an account that keeps getting created in the "Credentials Manager" on Windows 10, I'm starting to wonder if this is related to CCleaner on a machine that did get it. Search "cred" in the control panel and check what accounts are in there.
... CCleaner is just returning to a file size nearer to what it used to have - 5.27, for example, is 8.83MB (I've a copy here) which is only 552KB smaller than the latest one.
Interesting point about the Credential Manager listings - although a lot of the system credentials (OneDrive, Office16, Windows Live and the associated 'virtualapp/didlogical' one, etc.) don't help here, with their random username field - they do look suspicious, especially that virtualapp one. This PC is a 32-bit Win7 system, with CCleaner installed (although it logs in as a limited user instead of admin), and there's are no odd users created recently - the OneDrive ones and the virtualapp one refresh each login.
I don't think your suspicion over the size increase of the installer helped you - just pure luck.
Why do I say this? Because the portable zip of 5.33 was only 15kB bigger than 5.32. Furthermore, the trojaned 32 bit ccleaner.exe in 5.33 is only 22kB bigger than the clean version in 5.32. Both size increases are not especially unusual over recent versions.
In an age where single pieces of software often come in packages of many gigabytes in size, any size change under fifty megs or so is simply random fluctuation, noise, not signal - regardless of how small the original package may have been.
Any new feature, any change in a support lib or localization or skin set or help files or frameworks or build policies or installer options can fully be expected to change the package size by dozens of megabytes randomly, up or down but mostly just up, and there's just no way to tell whether it's a legit change or not unless you're willing to wait and see whether it blows up for any upgrade.
The time of ruminating pensively over kilobytes or megabytes of size differences was over the same time floppy disks died, especially knowing that ultimately it only takes a few hundreds of bytes to pwn your ass comprehensively. The only thing size is relevant for these days is to gleefully inform you not even your shiny new SSD RAID array has enough space for what you want to install...
In my opinion Avast went downhill the very moment they stopped being an anti virus program and insisted on becoming an "Internet protection suite". Their firewall was horribly bad, it had a major problem when it had to cope with many parallel connections (passive FTP anyone?) and would often put the whole OS to a grinding halt because it simply couldn't keep up.
If they're that bad with a simple firewall, then what would their other be like? That's what I wondered about anyway, and got rid of the whole thing. Never looked back.
Yes, the original version. Yes, The normal one downloaded from the Piriform Website. We're talking the regular way this gets installed was infected. Avast are the owners now, that's the confusion here.
If you downloaded and installed CCleaner 5.33 from the Piriform Website/FileHippo, you're infected.
Not the Android version then?? Simone want to tell the biased / incompetent clowns at the BBC ???
"Quick throw together a story about ccleaner, who cares what's actually affected, give it some Android spin".. anyone still think the press doesn't have an agenda????
...attackers hacked into a legitimate, trusted application and turned it malicious...
CCleaner works great for years, but it gets squired by Avast and almost IMMEDIATELY it has malware?
How is this not an inside job from someone at Avast?
I haven't seen this level of unethical behavior since Avira included adware in its paid-for antivirus.
“CCleaner works great for years, but it gets squired by Avast and almost IMMEDIATELY it has malware?”
This kind of business deal takes weeks to months to complete, so more likely a coincidence,
“How is this not an inside job from someone at Avast?”
If anyone inside did it, likely it was someone from Piriform that didn’t like the takeover.
“I haven't seen this level of unethical behavior since Avira included adware in its paid-for antivirus.”
Ethics has nothing to do with this unless you think Avast did this on purpose.
Damn, there goes another of the very few half-decent apps for Windows.
Like the "food" manufacturing industry, eventually your choice of software vendors will be reduced to about half a dozen, and then one. In fact, the way things are going, eventually there will just be one company that owns everything, with one CEO who is, for all intents and purposes, the new emperor of planet Earth.
I read a fantasy novel once that described a world in which monopolisation is considered to be a bad thing, and a mythical beast called a "regulator" is supposed to stop it happening. It must be out of print now, because nobody seems to be reading it.
"Damn, there goes another of the very few half-decent apps for Windows."
I stopped using CCleaner when I discovered Windows Cleanup! by Steven Gould. The only annoying thing is the sound, which is easy to disable. I have run CCleaner, then Windows Cleanup!, with the latter discovering another Gig of crap that CC didn't find.
If you use the 64 bit - no problemo - also simply updating to the next version deletes the malware, but not one of the registry entries. It would probably be easier for folks not familiar with the registry to use Revo uninstaller to remove this version of CCleaner, so the offending left over reg entries can be deleted. The new version of CCleaner reportedly does not see this unnecessary entry, so no luck doing it that way. I'd post the reg edit, but you can find it on search easy enough.
Android and iOS have app isolation. That means an app scanner app could not possibly work because it can't access the other apps, nor the system. At most it can scan downloads.
If you're habituated to Windows so badly that it's inconceivable to operate a non-Windows mobile device without third party protection from the Windows design flaws it doesn't have, the Android app you didn't need can use whatever permissions you gave it to not fullfil its advertised purpose. It would follow then that you gave it all of them.
I might put CCleaner on new builds and upgrades for a single tool-- the one for editing Windows start up -- which is much easier and safer than coaching somebody over the phone with regedit. Other than that, CCleaner doesn't keep Windows any cleaner than late model Windows and browsers do.
Most Windows users who rely on apps like CCleaner are indeed non-techies who have little knowledge of NTFS and how awesome it can be (when left to its own devices). But there's nothing dubious about hobbiests using a power tool or two. It's too bad, though, about their ignorant down-votes here at El Reg if the software is deemed less useful than it was for Windows 95. Aggresssive down- or up-voting too often has the odor of representatives on a mission.
[...] snake oil. Fodder for pseudo-experts and fiddlers.
Yes, sad to see you got 17 downvotes ... there is even a senior lead Slurp developer who supports your view, yet, a bunch of n00bs downvoted you on here ... dunno where this site is going, but I am appalled by the lack of expertise of some of the comment@rds on here, to say the least ... must be those fine Window Cleaner and Surface Experts, again ...
To AC - "I haven't used (or needed) CCleaner since I got an ounce of sense and realised that nobody actually needs a registry cleaner"
I rarely need the registry cleaner - if you operated as a restricted user just like you should on every other operating system, all you usually need to do to get rid of malware is run CCleaner at least before log off, shut down, or restart on Windows. I like it because it is easier than constantly running manual scans with my AV and AM solutions. I've tested this, and unless the malware is capable if silent install into the app data folder, other than "temp", CCleaner will take care of it. I've never run into a malware that can do anything without permission from the restricted user so far. Just don't get click happy with every pop up you see, and things will be JUST FINE!! I run a honey pot lab BTW, so I've seen just about every scenario you can imagine!
I always thought CCleaner was malware, oh well, near miss, not!
They don't really explain what happened ... were they breached? Someone surfing pron on the build server? A careless mixup with something they were analysing (presumably not on an airgapped machine).
Normally it wouldn't really matter, but with a firm that should be security focussed vague assurances don't really cut it.
is in removing stuff from the temp files in the app data folder and LSOs. That last acronym is what Zombie files are called ( or persistent cookies), it is one of the few free ways of getting rid of those nasty files, because not just any file cleaner can do that.
I like to run it to delete any malware attack files sleeping in the folders waiting for the user to make a mistake. I've tested for that many times, and I discovered as long as the malware isn't going outside the "temp" folders, you can rid you self of it post haste that way. Much easier than scanning with your favorite resident AV/AM solution.
AND despite what people say about registry editors, I've found that when unruly installer/uninstallers corrupt an uninstall routine, or say an application had an unsuccessful update patch, the registry cleaner undeniably helps fix the problem!! I may not use the registry cleaner for years, unless a problem comes up - because I generally use Revo to cleanup after bad uninstall routines. Coders are not want to remove all their junk from you files when you are ready to get rid of an app you don't like or just don't need anymore. I refuse to accept that a registry cleaner is NOT necessary - because without them I had headaches galore! I've also found that CCleaner's reg cleaner helps after a nasty battle with malware. The AM solutions do not always clean up the detritus very well it seems.
It's not an argument for or against it. If the build gets compromised, you're shafted.
Okay, manual updating will have reduced the number of people who installed the infected copy, and allowed the ultra-paranoid to avoid it. But it leaves a bunch of non-tech users completely unaware they have contaminated software. And those copies will remain infected until they're upgraded. At least those on automatic update now have a clean copy. And if they didn't run the infected copy, they're safe.
The truth of the matter is that it's simply not possible for hundreds of millions (or even billions) of fairly clueless consumers and office workers to run a big, complicated, general-purpose operating system with all the trimmings AND have security take care of itself automatically.
Economically, "one size fits all" has been a miracle worker, drastically reducing the cost of computers and software. But the fundamental axiom of security is that it militates *strongly* against everything else you could possibly want.
Unless you have the resources and time to do analysis in a sandbox of every update that comes your way, automatic updating is still less risky than continuing to run software with known vulnerabilities. And, even if you do sandbox analysis, then there's still a chance that vulnerabilities in your existing version will be exploited before you complete the analysis to inform you that the update was indeed safe.
But, there's a logical problem - like looking for WMDs in Iraq, one cannot *prove* the absence of malicious behaviour: one more hour, day, or week of analysis might always turn up something unpleasant.
Piriform CCleaner had great target characteristics for a supply chain attack: free to download, popular and extensively referenced (see how many tech sites recommend CCleaner on their 'top utilities' list), higher download volume, extensive current usage, requires privileged access to do its job, smaller company background (so limited internal security). A lot of effort went in to that so wondering who's next on the list?
Whether the Avast acquisition had any impact (other than to include Avast in the embarrassment) isn't clear yet. Piriform have been pretty open so far about what happened and when but knowing how the delivery systems were compromised is more interesting, especially if Avast proves to be a recently introduced weak link.
So through all this article and comments I have not seen any mention of counter efforts that a user should do other then uninstall and download a new copy. Apparently its only 32 bit versions were affected but seeing they waited 6 days to announce being compromised could they also be holding back on it also have been 64 bit effected.
As it is Avast owned, I am surprised that they have not at least offered free scan for the malware that their product carried. Who better to know exactly what dirt needs to be cleaned up.
In a moment of clarity, I thought it might be a disgruntled employee who objected to the takeover by Avast, since it seems like an inside job. From the blog posting on Piriform, it reads as if the malware hasn't fully activated - yet - and seems to be defanged for now.
On a side note, it's interesting to see how different malware suites squabble on over everyone else being PUPs or suspicious - ZoneAlarm Extreme Security installs PC Tuneup, which Malwarebytes flags up as PUP, then anything by Iobit gets the warning from MWB, so much so that they have told users to expect and ignore the "we're doomed!" messages.
Maybe one of them will hurry up and release a clean-up tool for this. Since it's gone from Cisco Talos telling us to nuke everything earlier on, to Piriform now telling us to calm down a bit because it's being tackled, maybe it'll all turn out okay without all the headless chicken impressions.
Only two installers were affected - the 32 bit and cloud version, from what I understand = simply updating to the newest version will get rid of the malware, but you may have to use REGEDIT to manually delete this entry - and yes I'd delete it, because it sets a bad trigger for anything else that might go wrong in the suture. Just delete Agomo - if you are not familiar with editing the registry, maybe you'd better get a geek friend to do it. And no - CCleaner will not find this superfluous entry. Oh, and delete any downloaded exe files you may have used to update CCleaner; you wouldn't want to accidentally activate the wrong update again.
Rubbish, it is a great bit of kit to help clean up a new machine.
I've found MCAfee on machines with no sign of it in the Windows list of progs, yet with CCleaner it was there --and all the little other supposed 'essentials' that need to be removed or disabled to make life worth living.
And a reg clean-up is needed now and them with Windows - even just to remove file associations with SW you will never even install.
"You never heard of a drive-by attack?"
To be fair, none of the articles oh-so-keen to use hip and cool terminology I've seen ever bothered to subsequently explain what certain IT attacks might have in common with gangsters in suits squeezed into a slow-moving black limo emptying their Tommy guns into a building. Not a single one of them. I mean it's perfectly fine since I'm sure there's no person on Earth unaware of what, for instance, a halocline is, but I sure won't be going looking for the nearest Don I can find asking him to elaborate...
this nugget of wisdom from el-reg itself.
"Our testing produced very little evidence that registry fixers and third-party defragmenters do any good at all, although other users with serious computer problems may experience otherwise."
As such if I ever see a machine with CCleaner on it, I assume it is borked and due for nuking. :)
This is kind of wierd; there are down votes on every post that disses ccleaner.
You cannot really marry software, but, I quess if you think you have it is nice to know that you are the faithful sort.
(in your heart you know that ccleaner still loves you and won't hit you again.)
Those downvotes are probably because most of those posts are written by ignorant people who think that CCleaner's primary use is as a registry cleaner.
In fact, it's been a good and hitherto reliable general cleanup program for Windows for years - I certainly share the general scorn of registry cleaners and have never ever used that part of the software.
I hadn't realised that it had been bought by Avast, otherwise I'd have thought twice about touching it again - I always hated their bloated and useless AV software and more recently they've completely ruined AVG too (granted, AVG had done a half the job for them in the past three or four years :( )
Does anyone know if the portable version also installed Malware on systems?
It is also a far more comprehensive uninstaller and startup tweaker than you get in the OS, as well as the disk space utilisation tool being quite handy sometimes. Not had a problem with it myself, ever. However learning that it's now owned by Avast, I'm less than happy to continue using it.
The 32 bit ccleaner.exe in the portable version of 5.33 included the Floxif malware. If you've ever run it on a system, that system should be considered compromised. You'll have to decide between Talos' recommendation to restore to a pre-CCleaner 5.33 backup of the system, or Piriform's assertion that Floxif only ever profiled machines and sent the details back to the attackers' C2 host.
The 64 bit ccleaner64.exe in the portable version of 5.33 seems to be safe. If you only ever used that version, then supposedly you have no reason to be concerned.
"The dodgy software was signed using a valid certificate that was issued to Piriform Ltd..."
Huh? How? A "signed" bit of software is supposed to be blah-blah-blah and thus secure from such things.
Oh, I see. The morons at Symantec strike again.
Symantec issue (sell) code-signing certificates to software authors. Those authors then sign their artifacts (executables, DLLs, whatever) before release, so as to allow users/admins (and the OS) to verify that they are indeed legitimate and unmodified. Symantec do not sign artifacts themselves, nor do they perform any kind of per-release code review of their customers' pre-release software.
Symantec (and other CAs) may do some due diligence to assure themselves that the applicant is not impersonating an established code signing entity, and that they are technically competent to keep their certificate safe and only sign things they intend to, but then again, they may not. Certainly, attackers have previously managed to get their hands on legitimate signing keys and certificates and use them to sign malware in the past - various versions of Stuxnet were signed with Realtek, JMicron and Foxconn certificates.
Looks like the attacker(s) compromised the build system that produced the binary installer package. For some reason, Ken Thompson's paper Reflections on Trusting Trust (link) springs to mind.
Software companies might take a good look at how the supply chain is managed for other high-value products (where "high value" means "dangerous if compromised"). The ur-case is the Tylenol poisonings and the manufacturer's response. Your meds have a secure supply chain and tamper-proof packaging because of it.
And this is why, when I'm checking whether untrusted installers are signed, I check to see if they've been signed with the same certificate as previous, trusted installers.
It would be nice if the OS could pin certificates automatically, and highlight to users/admins if the signing certificate has changed from the previously-installed version.
People are dissing CCleaner, but what exactly is so diss-able about it? I've got v4.17/2014 and use it from time to time after any time I've done online banking or uninstalled something I've tested and discarded. I've never found any problems with it.
I agree that Avast Antivirus has grown unmanageably though. It takes ages to start up, everything seems to move around between updates, and it's now in "finger painting" mode.
>Because it causes more issues than it "fixes"
Examples please from the actual usage of CCleaner on Win7/8/10 ie. currently supported versions of Windows.
I only ask because whilst cleaners/performance enhancement utilities were hit and miss back in the 1990's on Win95/98/ME when many Windows developers had little real understanding of the registry, neither myself or anyone else in my circle have had problems arising from the use of CCleaner in recent times (eg. since XP-SP3) - other than with a 'cleaned' system, previously thoroughly infected with malware that had played it's merry games with the registry, executables and the filesystem(*)...
>a lot of the "problems" it "finds" are non-issues and do not need fixing.
Is that a problem?
I used to use CCleaner a lot on XP to quickly reset the IE browser cache, whenever IE struggled to load because of cache issues. Similarly, there have been times with Win7 when Chrome has been unable to update itself due to cache issues, a quick run of CCleaner and problem resolved.
(*) Aside: in these cases the problems that arise merely confirm a 'cleaned' system is unstable and in need of a complete reinstall.
I used a registry cleaner back in W98 days. If I ran it a second time it would clean more stuff out. Run it a few times and Windows would not run. Then I would do the only thing that cleans Windows up, a reinstall.
If they really worked, then a second run should not find anything to do.
I consider Windows tune up applications to be malware, much like I consider Windows.
Depressing to see ads displayed by Android apps that shout "Phone running Slow? Run [some shit product] Now!"
"If they really worked, then a second run should not find anything to do."
CCleaner tends to do that.
Running stuff on W98 and trying to compare with today is not exactly the same is it?
Things tend to change a bit.
(and who didn't have a 98 boot floppy to get XP users up and running again?)
The thing is, some of the ccleaner backers claim it is not only a registry cleaner, as it deletes MRU's (which are registry entries, n00b), finds installed software (again, registry keys n00b^2), and apparently cleans up other stuff such as startup programs (registry keys (for the most part, msconfig is your friend)) ....
Listen, mate, if you are so keen on keeping your MRU's clean, clean them once, export registry key and keep it in a safe location ... when you wanna clean, delete and import. 5 minute job to write & test a batch script... no more time spent trying to keep CCleaner up-to-date ...
You never know what CCleaner will do, MRU's are safe, installed software pretty much also .. but the rest ?
If you are in front of a computer that need cleaning, you backup & reinstall ... really, it is that simple.
Ccleaner users are n00bs, no ifs, buts, or maybes.
Downvote all you want, I don't care, but please, think for two minutes and accept that you are wrong, no, seriously, you are, really!
Paris, coz she likes a good thorough cleaning every now and then ...
If you genuinely think that wiping a PC and reinstalling the OS and all applications (then manually overwriting their registry keys with old versions - seriously?!) - is an acceptable alternative to a quick clean up of accumulated temporary files, old system logs etc you should perhaps step away from the keyboard now...
Is cleaning Zombie files, or LSO cookies. It is one of the few free utilities that does that. If you ask any IT expert that has been around a LONG time, they all recommend CCleaner. It is an industry wide understanding. Personal opinions are fine, but you will never brow beat me into uninstalling CCleaner - it has proven itself in my honey pot lab over, and over and over again.
>The thing is, some of the ccleaner backers claim it is not only a registry cleaner, as it deletes MRU's (which are registry entries, n00b)
So Hans 1, should I stop using MS Office as it has a setting that modifies the MRU list and other settings that modify registry keys, as by your definition its a registry cleaner?
I do use CCLeaner on all 3 personal machines, the basic cleaning function is quite good at removing residual files browsers dont seem to tidy.
I don't automatically update but did recently on 3 home machines.
The malware has been detected by the Cisco Talos team beta testing their Immunet product.
This blog entry describe the infection and contains a link to download the immunet Av/ anti malware product.
The blog recommends restoring to a point before the update was applied which is sensible advice. But Immunet can detect and quarantine the nasties inserted by the doctored installer.
If you decide not to do a full restore then you'll need to perform a full system scan. This took 3 1/2 hours on my laptop and I have a couple of other machines to do tomorrow where I will probably just factory reset the machines (both are window tablets mainly used for internet and email).
I may end up doing a full reinstall but need to be absolutely sure that all documents photo's etc have been secured as several family members use this laptop when they visit.
A.C. because I'm so embarrassed about not noticing the big increase in installer size.
So...from the above, it seems that anyone who has used CCleaner in the past 6 mos is a sucker, and should have known better. And that anyone who has used Avast as an anti-malware/anitvirus/and-anti-whatever program is pretty much hoisted. By their own petard. And of course that includes those paid-for users.
So, brilliant ones: what is your solution to the problem of people who want to keep their skirts clean, and like to do something about it once in a while? I get the "jettison Avast ASAP" point of view. Including the regardless-of-the-dirty-CCleaner-is-rotten POV.
Most of the users out there are not the "striding-brilliantly-through-the-Cosmos" adepts that y'all are.
Isn't it about time that you offered some alternate suggestions?
Yup, I didn't get round to updating on this machine (everything is set to ask - not update).
But it's been a vital tool for quick cleans of friend's machines where years and years of basic usage has ended up with more detritus to wade through than actual useful stuff.
Progs installed, uninstalled, half-installed, failed installs -- all sorts of backyard junk, plus the never ending 'temp' files.
Usually Ccleaner then Malwarebyes - maybe the other way round next time?
and cannot afford much more than one paid solution. I've been putting Avast on their systems for years, and sometimes they were using an inferior free bee, and always had trouble with them. Avast has its quirks, but they are usually easy to correct. Now I only recommend even poor people should try to buy MBAM. If they go in together and buy a 3 license copy, they can get a really good deal and spread them among them selves. I still recommend Avast, because it will block many problems before they ever get on the computer, so MBAM has nothing to deal with in those instances. Avast is noisy, and I think that is why people think it acts like malware - I LIKE It to get noisy, because other wise you don't know the otherwise legitimate site is using bad security practices. There are just too many good features on Avast, like the application updater, and notifier, to ignore it. I will admit, that on folks using Windows 10, I feel the built in Defender is enough, but even then I recommend MBAM Premium if they have anything to lose! I will admit the paid for version of Avast is a pain in the behind and I will never recomment it!
I've used CCleaner for years (10 at least) and find it to be very handy at cleaning crap (CCleaner's original name was Crap Cleaner) like temp files many product installations fail to clean up. And when I do run it, it generally frees up a GIG or two of drive space. My mom, who is the very epitome of a clueless computer user picked up another browser hijacker the other day - I ran CCleaner on it, all better.
But I guess it's typical human behavior to blast something without having a clue as to what it actually does.
Not sure about it being typical human behaviour, more like typical Generation Moron behaviour from some commentards trying to show off their intellectual superiority on here and failing miserably.
I too have used CCleaner since the days it was known as CrapCleaner (the name didn't upset its home UK market but was eventually deemed too much for sensitive souls across the Pond) and of course, it isn't malware.
CCleaner started life more than a decade ago as a quick and easy cleaner of crap. It still is. Additional tools have been bundled in over the years, including a 'registry cleaner' whose value (to me) has always seemed pointless, as well as hazardous, but which others seem to like: their choice. The CCleaner version I run is the freebie, not the paid-for, and is old enough to have cobwebs all over it. But it works fast to clear caches, cookies and what have you whenever required, and plays nicely with my Malwarebytes Premium, Panda AV, and WinPatrol. It has always erred on the safe side, and though out-performed, as it were, by the only other utility of this type I've ever bothered with -- Kerish Doctor -- it has, unlike Kerish, never mis-identified any of the clutter.
I'm sorry Piriform has sold out to Avast because it's the end of an era and past experience of Avast has taught me to keep well clear of any of its bloatware. I'll keep on though with CCleaner 5.13.5460 which, as far as I'm aware, is still available on software archival sites, and leave the Generation Moron representatives on here to continue on with their own condemnation of a product about which they very clearly know absolutely sod all.
I've always found the registry cleaner to work well. Its value is limited nowadays, but on a 32-bit machine with 2-4Gb of memory and several programs running, risking the HIVE files getting too big to fit into actual RAM and becoming paged to disk instead... well, CCleaner's registry tool would prune 100s of K off the file, the machine still worked, and the reported things being removed were mostly left over broken links to .NET files orphaned by upgrades. If a machine had been sitting there updating for years, with software going on and coming off, then the reported issues from that tool could easily run into the thousands. I always used to rerun it until I got two consecutive "no problems", because keys referred to keys, which referred to keys, which referred to nothing.
"I too have used CCleaner since the days it was known as CrapCleaner (the name didn't upset its home UK market but was eventually deemed too much for sensitive souls across the Pond) and of course, it isn't malware."
Why didn't they just rename it CrudCleaner? Same implication, cleaner cuss word.
But I guess it's typical human behavior to blast something without having a clue as to what it actually does.
CCleaner does more harm than good, it is a useless piece of software, snake oil, if you like.
Don't trust me, fine, would you trust an MVP more than the MHP ?
I the MHP (Microsoft Most Hated Professional) recommends against using that crap ...
To those who doubt ... I know ccleaner, I have used it in the past to see what it does ... it is snake oil.
I cal BS to anybody claiming to be a professional that says CCleaner is useless - maybe you don't want to mess with the registry cleaner OH KAYYyy! But too many of the other features and proven themselves, along with the reg cleaner to me over the years, to convince me of any other reality. I've NEVER had a problem with CCleaner - I've ALWAYS solved problems with it, and all of my clients have breathed a sigh of relief every since.
NOBODY can talk me down or convince me otherwise, as I have just seen too much happen; especially in my honeypot lab! In fact I have actually seen malware try to manipulate CCleaner icons, and shortcuts in an effort to foil any restricted rights user from operating it - you can't tell me it is not effective in removing most threats that stay inside the parameters the operating system sets, just as long as the user doesn't fall for any Social Engineering to allow the attack. I've seen too much proof to be convinced other wise!
Your ability to comprehend the user-chooser multiple functionality of CCleaner is obviously as fitful as your ability to express coherent thought. For the record: I wouldn't even trust CHP to tell me anything useful about that particular software, never mind MVPs or MHPs. Or any other Muddled Vacuous Pratt, either.
On that link you posted MHP etc... the writer (Ken Blake) responds to a commenter asking what he should be doing, if not running a reg cleaner:
"But there are many things you can do in this regard that are
completely safe. For example, you can run Disk Cleanup and do all of
the choices there. No problem and it gets rid of some things you don't
need, thereby saving a little (usually very little) disk space.
Similarly, you can run CCleaner, which does a lot of the same things,
perhaps a little more thoroughly. CCleaner is safe to use, as long
as you don't use its registry cleaning functionality, which is not
Interestingly he also recommends Avast, amongst other things.
... still CC Cleaner managed to find it's way onto the system after only a day with the customer.
Getting 666 Threats detected please pay £20 and occasional BSD.
Kasperski is usually quite picky who it will let on your system so how come it did not detect the bad guys? It looks like I am going to have to wipe and start again.
... still CC Cleaner managed to find it's way onto the system after only a day with the customer.
But did the customer/end user know what Wise Care did?
I suspect that someone simply installed a cleanup tool they knew and understood; unfortunately, the version happened to have been compromised...
Kasperski is usually quite picky who it will let on your system so how come it did not detect the bad guys?
Yes, it would seem that questions need to be answered as to why the payload wasn't detected. Suspect that as it was a 'trusted' installer, the security scanner turned a blind eye, whereas some tools will (if set to the correct level of paranoid) scan every file installed and executed by an installer.
"Ondrej Vlcek, Avast's CTO, told The Register that there was "no indication that the second-stage payload activated" and hence no need to do a wipe and clean install as recommended by Cisco Talos."
Ohh, I have (currently) unactived mallware on my system, but this guy says it's fine so let's do nothing....
Well, I have a 64 bit version of windows. Yet somehow windows defender (yup, free, comes with windows) detected the malware and quarantined it (as well as the downloaded file). And detected and cleaned registry entries.
Yes, I use ccleaner because windows doesn't automatically clean your tmpdir and it ends up with tons of crap. not so impressed with the cookie/history cleaning and I treat the registry cleaning with a large pinch of salt (there are some programs that have been known to put entries in the registry that purport to be a file path, but the path doesn't exist, the program appears merely to be looking for the key), and to be honest I've hardly ever used it.
I wonder if in the "future" we're going to be using VMs instead of most of our anti-malware. At the end of the session, the software might offer to preserve any files you've asked to be downloaded. These files will have been malware-checked by anti-malware software running in the background (so reduced real-time bottlenecks). It's a bit like the way public computers boot to ROM (not literally, I'm just calling it that) with each new user. New software? Runs in a VM, too. It would not be computing as we know it. There might be hurdles in regard to EULAs and copy protection. But it might be safer than what we have. Just a suggestion. Let the experts weigh in!
Been many years since I used CCleaner, I did used to but IIRC it may or may not have been responsible for b0rking a couple of machines I was trying to clean up, certainly didn't help them, what I tend to use now for cleaning is a combination of malwarebytes, autoruns and treesize for a basic cleanup will fire up process explorer if I'm suspicious of anything....
Biting the hand that feeds IT © 1998–2019