Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

CCleaner Software Compromised

September 19, 2017

CCleaner is a popular consumer utility for cleaning up a Windows system. Unfortunately, CCleaner was compromised by hackers to distribute a malware laden version capable of capturing your data and possibly taking screen shots too. The attacker added malware to the 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. There will be a registry key added if you are infected with the bad version. According to Bleeping Computer, under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\Agomo, there will be two data values named MUID and TCID, which are used by the installed Floxif infection. Upgrading to the latest version of CCleaner will not remove the key.

You have to manually update CCleaner to version 5.34 in order to remove the malware. Avast said it already pushed an update to CCleaner Cloud users, and they should be fine. The clean version is CCleaner Cloud 1.07.3214.

This would be a good time to remind readers that CCleaner is licensed for personal use only. You are violating the license agreement if you use CCleaner on your work computer.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com