[PSA] Your account might be at risk if you use CCleaner... — Guild Wars 2 Forums
Home

[PSA] Your account might be at risk if you use CCleaner...

DakotaCoty.5721DakotaCoty.5721 Member ✭✭✭
edited September 18, 2017 in Account & Technical Support

It's just been announced a few hours ago that CCleaner was hacked aprox. 1 month ago; anyone that has updated or installed CCleaner between then and today has been subject to malware. They said an initial 2.2million computers have been confirmed infected (mine included); they believe the total fallout will be around 20 million computers actively compromised from August - September.

You can download MalwareBytes to scan your files and get rid of it - this is what the file name looks like...
Evidence:
https://gyazo.com/c634184f8919feecdc9fe83b3c0fd5ea

Anyone that has played guild wars or made payments via login services, I'd suggest changing your passwords promptly. The techs that developed CCleaner haven't yet released what data has been stolen.

Change your passwords to anything you have logged into such as:

  • ArenaNet Support
  • Websites such as: Facebook, Twitter, Twitch, YouTube, YouTube Gaming, Google Docs, Bitly, Reddit etc...
  • Guild Wars 2 account & Forum account
  • PayPal / Internet Banking / Any financial application
  • Your login credentials for iCloud / your computer password / Hotmail etc...
  • Discord / Teamspeak / VOIP servers (especially if admin account)
  • Steam, other gaming products.

Cite:
https://www.engadget.com/2017/09/18/piriform-ccleaner-hacked-malware-downloads/
https://thenextweb.com/security/2017/09/18/ccleaner-hacked-malware-distribute/#.tnw_DLXRlJw0
https://www.cnet.com/how-to/ccleaner-was-hacked-heres-what-to-do-next/

Malwarebytes official link:
https://www.malwarebytes.com/

Comments

  • For those less inclined to click on links, here's some pertinent information:

    Specifically, computers running 32-bit Windows 10. If that applies to you, don't panic. The company believes that they were able to disarm the malware before any harm was done. The versions that were affected are CCleaner v5.33.6162 or CCleaner Cloud v1.07.3191 for 32-bit Windows PCs. The Android version for phones doesn't seem to be affected. If you've updated your software since September 12, you should be OK. This is when the new, uncorrupted version was released. Also, if you have the Cloud version, it should have automatically updated itself by now to the clean version.

  • I got the automatic download of 5.34 a day or two ago so there's that.

  • Razor.6392Razor.6392 Member ✭✭✭✭
    edited September 19, 2017

    Luckily I never update mine. Still using 5.28!

    Never said I'm the best, but I believe I'm better than you.

  • Blude.6812Blude.6812 Member ✭✭✭✭

    Overblown issue--very very very few use 32 bit. If you are running the 64bit--ignore the hyperbole. It was fixed . Check the ccleaner forums. The OP has overblown this. for example "the malware was apparently capable of harvesting various types of data from infected machines — specifically, Piriform says: the computer name, IP address, list of installed software, list of active software and list of network adapters (data it describes as “non-sensitive”).

  • Ashantara.8731Ashantara.8731 Member ✭✭✭✭
    edited September 19, 2017

    @Blude.6812 said:
    Overblown issue--very very very few use 32 bit. If you are running the 64bit--ignore the hyperbole.

    Also, Windows 10 per se is "malware" and you are using it at your own risk. B)

    Thank you, Inculpatus cedo, for providing the correct details so that people would stop panicking.

  • @Blude.6812 said:
    Overblown issue--very very very few use 32 bit. If you are running the 64bit--ignore the hyperbole. It was fixed . Check the ccleaner forums. The OP has overblown this. for example "the malware was apparently capable of harvesting various types of data from infected machines — specifically, Piriform says: the computer name, IP address, list of installed software, list of active software and list of network adapters (data it describes as “non-sensitive”).

    I have the 64 bit, only ever used the 64 bit, I linked the results of my scan - please don't make out like it's less than it is.

  • Perhaps, you should contact Piriform/Avast, and let them know your 64-bit OS was infected. Here's their official article; I'm sure there is contact information on the site. http://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

    Good luck.

  • Blude.6812Blude.6812 Member ✭✭✭✭

    @DakotaCoty.5721 said:

    @Blude.6812 said:
    Overblown issue--very very very few use 32 bit. If you are running the 64bit--ignore the hyperbole. It was fixed . Check the ccleaner forums. The OP has overblown this. for example "the malware was apparently capable of harvesting various types of data from infected machines — specifically, Piriform says: the computer name, IP address, list of installed software, list of active software and list of network adapters (data it describes as “non-sensitive”).

    I have the 64 bit, only ever used the 64 bit, I linked the results of my scan - please don't make out like it's less than it is.

    From all that has the been shown here https://forum.piriform.com/index.php?s=fa6202f3d552d3dd23904a95dd19111f&showtopic=48869
    64 bit is not affected. I would respecfully suggest that your "trojan.floxif file" came from some where else. I would suggest that your scan found the trojan in the older install file that you still had on your computer, not in you registry. Look at where malwares quarantined the file. It was where the file was located for me (in my download directory). I believe ccleaner has both 32 and 64 bit in the install file and chooses the appropriate one for your system.

  • The team at Piriform are pretty top notch on fixing problems before they become major issues. As for me, I never update CCleaner after installing it fresh because there really isn't a need to.

    However, if you want a good way to double check your system, Malwarebytes is great. Just clicks Scan > Custom Scan > mark RootKits and your drives you want checked and run. It can take a few hours, but it will find out if you are clean or not.

    Wolf Moonstar
    Dragon Council, Third Seat: Jade Sea Haven (Jade) Ehmry Bay
    Zen Phantom