• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Ccleaner malware & registry keys

Hello,

Regarding the ccleaner malware: I read that the malware will create registry keys in HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\Agomo.

In that post I also read these registry keys will not be removed by the upgrade to v5.34 of ccleaner.

Do you know if these registry keys will be removed by an uninstall of ccleaner within add/remove programs?

Reason for asking: I did not find the registry keys after I uninstalled ccleaner, but I want to be sure I wasn't infected before the uninstall process...

Thanks in advance!

SJW

Replies

Kudos1 Stats

Re: Ccleaner malware & registry keys

From what I've read on another forum if you don't have those registry keys then you're OK/not infected.

Virginia/Twilight Princess. Windows 10 Pro 64bit, iPhone X, iPad Pro 9.7".
Kudos0

Re: Ccleaner malware & registry keys

Hi, SJW. If you're concerned, although it's been said the installing version 5.34 overwrites the offending registry key, you can always uninstall and then do a clean install of the new version.

Windows 10 Home X 64 Norton Security Premium Current
Kudos0

Re: Ccleaner malware & registry keys

Hi F4E,

Thank you for the answer and suggestion.

However, I'm not concerned about the current status of the PC, it seems to be clean. My question is whether I can have been infected during the period before I uninstalled 5.33 and upgraded to 5.34.

Currently I don't see the mentioned registry keys within the registry. Can it be they have been removed by the uninstall of 5.33 or running 5.34? Or would they still be there if they were in the registry before the uninstall of 5.33 and before running 5.34?

In short, even if my PC is clean now, I would like to know if I have been infected the last few weeks before the upgrade to 5.34. So I'm trying to find a way to find out...

Thanks again!

SJW

Kudos2 Stats

Re: Ccleaner malware & registry keys

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: Ccleaner malware & registry keys

What version of the OS are you running 32bit or 64bit. It makes all the difference.

The Trojan in CCleaner 533 only affected the 32bit version of Windows. It was installed into the CCleaner.exe file and activated when run.

The 64bit OS used the CCleaner64.exe and this file was not infected.

Jim

Kudos0

Re: Ccleaner malware & registry keys

sjwestra:

In short, even if my PC is clean now, I would like to know if I have been infected the last few weeks before the upgrade to 5.34. So I'm trying to find a way to find out...

Floxif is the detection for a Trojan that was bundled with a hacked version of CCleaner. Downloads of the 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191 were modified by hackers who included a Trojan in the main CCleaner.exe executable. These malicious versions were available for download between between August 15 and September 12.

When these versions of CCleaner were executed on a 32-bit system, the Floxif malware would be executed and transmit various information back to a remote server.

https://www.bleepingcomputer.com/virus-removal/remove-floxif-ccleaner-trojan


Any substantiated reports of information transmitted back to a remote server.
Um, CCleaner transmits information.

Kudos0

Re: Ccleaner malware & registry keys

Windows 10 Home X 64 Norton Security Premium Current
Kudos0

Re: Ccleaner malware & registry keys

This thread is closed from further comment. Please visit the forum to start a new thread.