Security research group Talos Intelligence found malware hidden in PC performance tools product CCleaner by Piriform. In all honesty, I am a CCleaner affiliate and plan on still selling this software in the future. Hackers were able to hide malware inside CCleaner and obviously distribute it over the Internet.
This is a good time to remind you of always making sure you obtain software on the Internet from legitimate sources. CCleaner version 5.33 distributed by Avast Software became infected with malware. This malware infected version of CCleaner 5.33 was available for download between August fifteen two thousand seventeen and September twelve two thousand fifteen.
Avast Software just recently acquired Piriform Limited, the makers of CCleaner. In keeping with my transparancy, I am an Avast anti-virus affiliate as well. This version of CCleaner 5.33 and any installers on Piriform’s website have been removed.
An external hacker if you want to call them that, compromised CCleaners software distribution channel in order to inject their nefarious code also known as malware. If you are infected by this malware or if you think you are, then the solution is to roll back your system before August fifteen two thousand seventeen, reinstall your operating system, or remove CCleaner 5.33 with a anti-malware application. My computer systems are not affected by this because I use CCleaner portable.
PC performance tools CCleaner portable does NOT install any files, folders, registry entries on your computer, hence the name portable. I am not aware that CCleaner portable version 5.33 included malware. You can use Microsoft windows system restore to try to restore your computer back to before August fifteen two thousand fifteen.
According to Talos Intillegence some anti-virus software might also detect this malware and remove it. Although this legitimate software was distributed by legitimate sources, nothing is perfect in computing. These culprits were able to bypass signed digital certificates.
Also, this is a good time to remind you to always keep a backup copy of your important data. You can actually backup your entire operating system. Also, you can try using Microsoft windows system restore.
However, backing up your entire system is recommended over relying on system restore.
PC Performance Tools – CCleaner Had Malware Hidden in Software Video Transcript
00:00
Ultra video party boy as I adjust my
00:06
hair you you better have perfect error
00:09
error and otherwise the trolls are gonna
00:12
attack you for your hair okay
00:14
otro video patio STS or brown cone in it
00:19
computer calm
00:20
CCleaner ccleaner had malware hidden in
00:25
that software and I’m actually a
00:27
ccleaner affiliate and I am still
00:30
discussing this because that’s how I
00:32
roll so this research group talos
00:36
intelligence found what they did is they
00:39
ran some kind of a malware scan or some
00:43
kind of a system scan and they found an
00:45
alarm and it came from ccleaner what
00:49
they found was that external hackers
00:52
they also talked about a possible
00:53
conspiracy inside job I’m not making
00:55
this up you can check out my blog post
00:58
Dana compares comm where I linked
01:00
directly to Talos intelligence report
01:03
where they discussed the possibility of
01:06
somebody inside having access and giving
01:11
out access or somebody possibly
01:14
releasing the code because that they but
01:19
they just they didn’t claim it was proof
01:21
or that they knew for a fact but they
01:23
thought it may have been possible so
01:25
basically what happened was an external
01:28
source were able to inject malware into
01:33
ccleaner even though ccleaner is
01:36
legitimate it’s legitimate software a
01:38
vast acquired ccleaner i’m not sure when
01:42
that occurred sometime recently so a
01:45
vast has now taken over ccleaner and
01:48
somehow hackers or external source or
01:52
internal source maybe a disgruntled
01:55
employee i’m not saying those are facts
01:57
I’m just saying that that’s what
01:59
intelligent that’s what Talos
02:01
intelligence mentioned was the
02:03
possibility that perhaps an Insider
02:05
helped neither here nor there they were
02:09
able to bypass
02:13
the security the digital signature
02:16
certificate when when you go to download
02:19
because the these are all legitimate
02:21
sources a vast is legitimate CCleaner is
02:25
legitimate their servers are legitimate
02:27
but this is still a good time to lecture
02:29
you you should always try to make sure
02:33
that you obtain software from legitimate
02:35
sources although this isn’t what
02:37
happened but it’s a good time to lecture
02:39
still and it’s a good time to lecture
02:41
you about backing up your data backup
02:44
your data backup your data backup your
02:46
data always back up your data because
02:48
you just never know even on Windows 10
02:50
and I know for a fact that seat cleaner
02:54
is still productive to use on Windows 10
02:57
because when I remove programs off of
02:59
Windows 10 CCleaner finds the garbage
03:03
left behind in the registry in files and
03:06
folders so though so there are people on
03:08
the internet not to name names but there
03:10
are clowns on the internet saying well
03:12
you don’t need to run optimization tools
03:16
on Windows 10 because Windows 10 is
03:18
perfect wrong because I’ve ran ccleaner
03:21
on Windows 10 and it still finds garbage
03:24
when I remove programs okay to get back
03:26
to this to digress back to the malware
03:30
that was distributed via legitimate
03:32
means at ccleaner and now a vast it was
03:38
ccleaner version 5.3 3 that was infected
03:41
with malware they were able to hide
03:44
malware inside the software itself this
03:51
is different it’s not it’s not like they
03:53
took ccleaner and backwards engineered
03:56
it or reverse engineered it recompiled
03:58
it and then hid the malware and then you
04:01
found this version on an illegitimate
04:05
source no they were able to break in you
04:12
circumventing the digital signature
04:15
during the download process so it’s very
04:17
very nefarious but computers aren’t
04:20
perfect and they did not necessarily
04:23
have to hack into
04:25
the servers and then no they were able
04:27
to circumvent it kind of kind of like my
04:31
analogy would be wiretapping
04:34
you know how the United States
04:35
government military has been wiretapping
04:38
us Americans for a very long time and
04:40
they continue to wiretap us via the
04:42
National spy agency well nowadays they
04:47
don’t literally wiretap back in the day
04:49
I think that’s where that term came from
04:50
they literally had to tap into the wire
04:53
the phone the rj11 and then they would
04:57
split it off and then they would listen
04:59
to your phone conversation that now it’s
05:02
abstract and it’s software based that’s
05:05
my analogy is they were able to tap in
05:08
and then hide their malware and some
05:13
somehow they were able to inject that
05:15
code during the download process and
05:17
then when you downloaded it that malware
05:19
was hidden within ccleaner and then when
05:24
you install CCleaner your computer got
05:26
infected although you were still able to
05:28
use CCleaner so CCleaner 5.33
05:31
now that version has been removed from a
05:34
vast / ccleaner / piriform piriform
05:39
limited is the parent company that
05:40
created ccleaner a vast software SOR or
05:45
something like that they now bought
05:48
piriform that version
05:51
CCleaner 5.33 was removed from their
05:55
servers you can no longer download it
05:56
the infected version I’m assuming they
05:59
didn’t even replace it I don’t know if
06:01
they replaced the infected version all I
06:03
know from this report is they removed
06:05
the nefarious version of CCleaner 5.33
06:12
now CCleaner 5.33 that was available for
06:16
download between August 15th and
06:18
September 12 is the software in question
06:23
if you are not certain what you want to
06:28
do is there’s multiple ways to solve
06:32
this solution one is to perform a
06:35
Windows System Restore
06:37
the problem with System Restore
06:39
is if windows gets corrupt or viruses or
06:41
malware or just the file system starts
06:45
bloating I would recommend you run a
06:47
defrag even on Windows 10
06:49
I know I know Windows 10 sells you on
06:51
Windows 10 is a spy machine to Windows
06:54
tens privacy is disgusting there but you
07:00
got these clowns on the internet that
07:01
will defend Microsoft to the death
07:04
literally
07:05
or perhaps metaphorically
07:08
I don’t defend Microsoft window on
07:13
Windows 10 it can get corrupt and when
07:18
you go to perform a system restore all
07:21
well there’s no restore points or or you
07:25
pick a restore point and then System
07:28
Restore fucks up and it doesn’t work so
07:30
this is where it’s recommended to backup
07:32
your data you can backup your entire
07:34
hard drive I mean back in the day when I
07:37
worked at news digital systems which is
07:39
a subsidiary of DIRECTV after I worked
07:43
at the DIRECTV’s satellite uplink system
07:46
and it’s basically Castle Rock Colorado
07:51
they used to backup their pcs onto tape
07:55
they used I think they used in Norton or
07:58
Symantec or whatever it was but they
08:00
over the network but they used to backup
08:02
their pcs onto tape now you can do you
08:07
don’t have to do a full backup every day
08:09
but you could do a full backup once a
08:12
week or whatever and then you could also
08:14
do sequential backups which are you know
08:17
you know they don’t back up the entire
08:19
hard drive but they’ll backup your user
08:21
data because you know you might be
08:23
creating new data and then every night
08:26
it’ll back back up that segment so that
08:29
you know I’m saying but you can backup a
08:32
PC you can that’s recommended because
08:35
with micro crap micro slop you just
08:38
don’t know
08:38
Windows 10 is far from perfect I don’t
08:40
know where these clowns come from that
08:43
they do not criticize Windows 10 when
08:46
Windows 10 has major problems that their
08:49
security updates are butchering people’s
08:51
computers left and right
08:53
now another thing I forgot to include my
08:56
in my blog post is that this may have
08:58
possibly infected up to around 2.25
09:02
million users now a vast slash piriform
09:07
limited slash ccleaner claims that they
09:11
receive about five million downloads per
09:14
week so it could be that potentially
09:18
millions of people might have malware on
09:22
their computers that’s just a rough
09:24
estimate I’m not into the fear-mongering
09:26
but also I will you know
09:29
critique Microsoft so System Restore is
09:34
a possible solution but if it doesn’t
09:36
work you know that’s why but then you
09:39
can reinstall the operating system
09:42
that’s a that’s a quick way to get rid
09:45
of virus and malware problems is you
09:49
format the hard drive and you reinstall
09:51
the operating system but that’s not
09:53
gonna a lot of users will start
09:57
complaining the third option is to
10:00
always backup your data so that even if
10:04
Windows System Restore doesn’t work or
10:07
it kicks off but then it errors out and
10:10
then you’ve got to start fumbling around
10:12
with SFC scans or check – scans or there
10:16
could be bad sectors on your hard drive
10:18
it might not even be Windows 10 s fault
10:19
it could be a bad sectors on the hard
10:23
drive there’s no guarantees in life are
10:26
there well then why would you think
10:27
there are guarantees with Windows 10
10:29
there’s no guarantees in Windows 10 I’ve
10:33
had problems with doing those ten from
10:34
the very beginning so data backup oh
10:42
that the third solution well system
10:47
restore backup your data and then
10:50
recover your data and then antivirus
10:55
scan now this group
11:00
talos intelligence claims that some
11:03
antivirus software might not just my
11:06
some antivirus software according to
11:08
them has detected the malware from this
11:13
ccleaner the hidden malware in ccleaner
11:16
so you can check out I always link to
11:18
the source you can check out their blog
11:20
post which has way more technical
11:22
details that I’m discussing and they
11:26
recommend a couple of antivirus software
11:28
like am I don’t know am something I
11:32
don’t know if a vast well I’m also in a
11:35
vast affiliate I don’t know if a vast
11:37
antivirus will detect but you could try
11:39
I’m also an AVG affiliate so you could
11:42
try AVG Antivirus or whatever I don’t
11:44
know if Windows Defender well or what is
11:48
the other one Microsoft Security
11:50
Essentials you could try them you could
11:52
try some of the free ones or paid for
11:54
versions and see if it detects it if
11:57
you’re not quite certain but the version
12:00
was five point three three so you can go
12:03
into Windows control panel programs and
12:08
features on Windows 7 and Windows 10 and
12:10
then look for CCleaner 5.33 it just
12:15
removing it doesn’t cut it because the
12:17
malware is already infected your
12:21
computer because it was hidden inside
12:23
the software so when you went to install
12:25
CCleaner outcomes it’s like a Trojan
12:29
horse another analogy perhaps could be a
12:31
Trojan horse the malware was hidden
12:33
inside the Trojan horse and then you
12:36
allowed that’s hence that old Roman I
12:40
think it was could have been a real
12:42
conspiracy
12:43
you know the Trojan horse they somebody
12:46
gave the Trojan horse has a gift but
12:48
then and then once inside the castle and
12:52
then once inside the castle they opened
12:55
the Trojan horse and then out came the
12:57
people hidden in it and they were able
12:59
to infiltrate the castle or you know
13:01
whatever whatever whatever I reread that
13:04
story like once or twice so I I probably
13:07
didn’t get it verbatim but whatever
13:09
another analogy is a Trojan horse so out
13:12
comes the
13:13
we’re but once you installed CCleaner
13:16
5.33
13:17
if you just remove CCleaner 5.33 that’s
13:20
not gonna cut it because the malware has
13:23
already installed somewhere on your op
13:26
on your computer that that’s where and
13:30
when you read the piece when you read
13:33
the report from Tallis intelligence
13:34
guess what they even proved that some of
13:41
the malware properties was hidden in the
13:44
Windows 10 read discreet well that’s
13:47
where ccleaner comes in to play it’s
13:52
possible that even though ccleaner was
13:56
infiltrated but if you install CCleaner
14:00
5.34 it’s possible that it will help you
14:03
clean up the registry from the nefarious
14:05
malware it’s not going to remove them
14:08
our because that’s not what ccleaner is
14:10
for ccleaner is a pc optimization tool
14:13
and i’ve and i’ve ran it on Windows 10
14:15
and it finds garbage files and folders
14:20
and registry entries left behind from
14:22
software that I removed so that right
14:27
there tells you that CCleaner is still a
14:29
viable tool even on Windows 10 because
14:34
if Windows 10 was perfect like these
14:36
clowns on the internet want you to think
14:38
then how come there is garbage still
14:40
left behind
14:41
how come see cleaner still picks up crap
14:46
registry entries
14:51
and it’s possible that now I would
14:54
recommend malwarebytes but there are
14:57
others there’s malwarebytes combofix is
15:01
what I use for malware and
15:03
superantispyware those are the three I
15:06
recommend but you don’t have to use
15:07
those just whatever will remove the
15:10
malware but that is a a solution is to
15:14
uninstall CCleaner 5.33
15:16
but then you’re gonna have to go and you
15:18
know run a virus scan that might remove
15:21
the malware or anti-malware software
15:26
like seep like excuse me malwarebytes or
15:29
superantispyware or combofix what else
15:33
anything else I went over how many
15:35
potential victims over 2 million
15:38
possibly they compromised the cleaner
15:41
software distribution channel in order
15:44
to inject the code the malware what else
15:49
now if you do use System Restore as your
15:54
solution you want to roll it back before
15:56
August 15th August 15 2017 between
16:00
September 12 2007 teen is when this
16:04
occurred and that’s when the infected
16:08
ccleaner version was available for
16:11
download so you just want to make sure
16:12
that you pick a date before August 15th
16:14
to roll back windows or if you are
16:19
restoring your operating system from
16:21
backups make sure that you restore them
16:24
from backups before August 15th now
16:29
there’s nothing wrong with ccleaner 5.34
16:31
and then also let me make a point also
16:35
anything else
16:36
Oh my computer systems were not infected
16:39
not because I’m perfect although you got
16:42
these alleged computer experts that
16:45
defend Microsoft – the metaphorical
16:48
death and I don’t know why that and they
16:50
claimed that well no you don’t need you
16:53
know PC optimization tools you don’t
16:55
need to run registry optimizers wrong
17:01
because all you have to do is run a
17:03
ccleaner scan
17:04
and it put in it that proves it right
17:06
there that when you remove software on
17:09
Windows 10 a lot of these software
17:12
developers are sloppy they don’t remove
17:15
their trash
17:17
I’m not calling their software trash I’m
17:19
just speaking and metaphor or euphemism
17:24
now none of my computers are infected
17:28
not because I’m some kind of perfect God
17:30
or some kind of expert it’s because I
17:33
you see clean or portable and seek clean
17:35
or portable does not install any files
17:38
or folders or even registry entries on
17:41
to Windows operating system including
17:44
Windows 10 hence the word portable all
17:46
you do you can run it off a flash drive
17:49
or a DVD drive an optical drive or you
17:51
can run it off the network that’s what I
17:52
do I check once in a while for an update
17:55
and then I just kick it off my little
17:57
network server that is Windows Vista and
18:02
that’s it so I’m not I don’t need to
18:04
worry because I ditched the regular
18:07
version of ccleaner not that I think
18:09
there’s any even after this I’m gonna
18:10
continue to sell ccleaner as an
18:12
affiliate but hey I’m transparent I told
18:16
you I was a ccleaner affiliate and I’m
18:17
still talking about the fact that it has
18:18
malware nothing’s perfect Windows 10 is
18:21
not perfect
18:23
Microsoft is far from perfect their
18:25
developers are far from perfect why
18:28
would you think that just because it’s
18:30
Microsoft that they’re perfect they’re
18:33
like a utopian corporation
18:40
and then as a reminder just as a
18:43
reminder try to become aware and
18:46
conscious of where you’re getting the
18:48
software from but this is a different
18:50
case but it’s a good time to lecture you
18:51
anyways always become aware of where
18:54
you’re obtaining it software from the
18:56
internet there is legitimate software
18:59
that’s out on the internet that somebody
19:02
took and then reversed back doored
19:05
engineered it and then put their viruses
19:07
or spyware or their malware into it and
19:10
then you think you’re downloading a
19:11
legitimate copy of ccleaner or
19:14
malwarebytes or whatever combofix or
19:17
whatever it is and then all of a sudden
19:18
you notice your computer’s running you
19:20
know slower or there’s something not
19:21
right with it are you getting a bunch of
19:23
popups or whatever the case may be this
19:25
is a different type of injection this is
19:31
you know I’m saying this is like
19:33
either’s they were able to circumvent
19:34
the digital signature and then able and
19:37
to inject their code or as the publisher
19:40
of the intelligence report at TELUS
19:42
intelligence claimed that well maybe it
19:44
was like a you know an employee or I
19:47
don’t know I don’t know I’m not making
19:48
that shit up you can go out there and
19:50
verify that they didn’t say they didn’t
19:53
claim that they knew it was a conspiracy
19:55
an inside job but they said well
19:58
considering what they studied and you
20:01
know that’s a much more difficult
20:03
injection it’s a lot more difficult to
20:06
circumvent a digital signature and then
20:08
you know versus what I discussed earlier
20:12
where you take the code you hack it you
20:16
install your malware or spyware virus
20:19
inside and then you upload it to some
20:22
you know like to cows or something and
20:25
then somebody downloads it from you and
20:26
then no this was different
20:30
also it’s a good time to lecture you
20:32
about backing up your data because if
20:34
you a lot of this malware you know it
20:38
makes your computer run slow or pop-ups
20:40
or but the computer is still usable it’s
20:44
still productive it’s just not a hundred
20:46
percent However
20:48
with some of this malware all of a
20:50
sudden you know your System Restore
20:52
doesn’t work
20:53
or all of a sudden you know whatever so
20:59
instead of taking chances you can backup
21:01
your data that and then that that that’s
21:05
very productive because well maybe you
21:08
don’t care about what software programs
21:10
are loaded but you do care about your
21:12
data you just but you already have your
21:15
data backed up and then you can just go
21:17
ahead and reinstall the operating system
21:18
start from scratch do a clean install of
21:22
the OS or in modern times you can do a
21:26
factory recovery and it will load all of
21:28
the OEM software or you could back up
21:33
your entire hard drive I should make a
21:35
video about that my preferred tool is
21:38
free which is Clonezilla it’s a linux
21:40
utility see I’m not one of these clowns
21:42
that well just sticks to Microsoft now
21:45
no now I Linux I know how to use Linux I
21:50
know how to install Linux I’ve used Kali
21:52
Linux I’ve used Ubuntu I’ve used Susi
21:55
I’ve used fedora I’ve used Debian I’ve
21:59
even used Slackware although Debian and
22:01
slack where I mean that’s you know but
22:04
that’s another video digression I have
22:06
all just so used Mac’s but you can
22:09
backup your entire heart your your C
22:12
Drive you on Windows you can back it up
22:15
to tape or whatever you want because of
22:19
problems like this and then you can
22:21
restore and then you can use go Symantec
22:25
ghost I’m not a fan of that but back in
22:27
the day I used to use it a lot of
22:28
corporations use it there’s there’s
22:31
Clonezilla what else there’s all there’s
22:34
free ones to Clonezilla that’s not it’s
22:39
it’s I don’t want to talk about that but
22:42
my point is that there are free
22:44
solutions and there are paid for
22:45
solutions there is an ability that’s not
22:49
that difficult for you to backup your
22:51
entire hard drive and clone it
22:53
you can even clone your hard drive to a
22:55
network and save it as a file or you can
22:58
clone it to a DVD or you can clone it to
23:02
another hard drive and then store it
23:05
somewhere you could you could have three
23:06
copies
23:07
of your hard drive every your entire
23:09
hard drive you could back it up to DVD
23:12
you could back it up to a file and you
23:15
could clone it to another hard drive so
23:19
ccleaner I’m an affiliate of theirs I’m
23:22
still gonna sell their product and I’m
23:25
also an affiliate of a vast ccleaner had
23:32
malware hidden by culprits you know I’m
23:36
saying adios