Was CCleaner64.exe really safe?

Hi,

I hope this forum is for generic security questions, not just for Norton products...

Now that we know a second stage loader checks the OS version (32-bit vs 64-bit), how sure can we be the second stage could only be initiated by the 32-bit of CCleaner.exe and not by the 64-bit version CCleaner64.exe?

Has this been confirmed by independent researchers or only by the vendor Avast?

Thanks in advance!

SJW

I tried the link with the 32 bit version...it wasn't working. I can give it a try later. Maybe the problem is from my side

sjwestra:

Thanks password_password,

I'm more or less convinced now ;-)

Can you explain in a few words what the Virus Total list exactly shows or proves?

Thanks again!

SJW

Doesn't really prove anything (like file bad / file good). All it shows is x number of antiviruses think this file is bad, x number think this other file is not bad (at the moment). Before this whole thing went public ALL antiviruses said that both files were not bad.

Thanks password_password,

I'm more or less convinced now ;-)

Can you explain in a few words what the Virus Total list exactly shows or proves?

Thanks again!

SJW

 

I hope this forum is for generic security questions, not just for Norton products...

Not even limited to Security questions but open to any computing news or problem not involving Norton Products. 

There was a second stage loader for, 64-bit OSes, the loader doesn't need to check anything, it's sent by the bad server. Since only 32-bit OSes checked in (with the bad server) and asked for the loader(except in some exceptionally rare situations) only the 32-bit loader was ever sent out.

Here is the scan for the:

64-bit version:
https://www.virustotal.com/en/file/70dd6da9d21c00ea759880aae779920675227cc19f54db514876de66552d088b/analysis/

32-bit version:
https://www.virustotal.com/en/file/6f7840c77f99049d788155c1351e1560b62b8ad18ad0e9adda8218b9f432f0a9/analysis/