Author Topic: CCleaner is actual malware  (Read 5513 times)

0 Members and 1 Guest are viewing this topic.

Offline The E

  • He's Ebeneezer Goode
  • 213
  • Nothing personal, just tech support.
    • Steam
    • Twitter
CCleaner is actual malware
https://boingboing.net/2017/09/18/ccleaner-popular-computer-cle.html

You know, I always harboured a bit of distrust against registry cleaners, driver optimizers and other such applications.
If I'm just aching this can't go on
I came from chasing dreams to feel alone
There must be changes, miss to feel strong
I really need lifе to touch me
--Evergrey, Where August Mourns

 

Offline Herra Tohtori

  • The Academic
  • 211
  • Bad command or file name
Re: CCleaner is actual malware
To clarify, CCleaner itself was compromised by hackers and then being used as a platform to deliver other payloads.

That said, this does work as a reminder that installing tools like registry cleaners, driver optimizers, driver cleaners, or anything that requires administrative access to your computer, is only ever as reliable as the people making it. If their security is compromised, your security will be as well.

With that in mind I think it's best to have as little programs of this type on your computer as possible. There's no real need for them anyway, Win7 and Win10 are nothing like older Windows operating systems in terms of registry bloat, and most drivers uninstall cleanly enough to not require any driver cleaning - and "optimization" of the drivers isn't actually a thing as far as I know.

The second reason why automated "optimization" tools should be discouraged is that they are something of a black box. They rarely tell you what exactly they do to "optimize" your computer, which can lead to problems developing at some point. If you really need to clean up things from registry, it's better to use a manual registry cleaner such as RegCleaner. And if some driver isn't working right, you're better off updating it manually than entrusting driver management to third party software. Actually, even entrusting driver management to Windows Updates is something I personally wouldn't do.
There are three things that last forever: Abort, Retry, Fail - and the greatest of these is Fail.

 
Re: CCleaner is actual malware
apparently the malware only worked on 32-bit systems which means that what we have here, gentlemen, is lols within lols
« Last Edit: September 18, 2017, 03:33:35 pm by Phantom Hoover »
The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell.

 

Offline CT27

  • 211
Re: CCleaner is actual malware
I've heard that since I use 64bit Windows and 64bit CCleaner, I should be safe (I also did a MSE and Malwarebytes scan and they came up clean).

I think that makes me okay in this instance.

 
Re: CCleaner is actual malware
Since the creators update, Windows 10 has it's own "automatically delete temporary files, automatically delete files in the bin if they have been around for a month". It's hidden under system>storage.

It's had this before but it wasn't automated then.

 

Offline Colonol Dekker

  • HLP is my mistress
  • Moderator
  • 213
  • Aken Tigh Dekker- you've probably heard me
    • My old squad sub-domain
Re: CCleaner is actual malware
I wonder if this affects the mobile app too.
Campaigns I've added my distinctiveness to-
- Blue Planet: Battle Captains
-Battle of Neptune
-Between the Ashes 2
-Blue planet: Age of Aquarius
-FOTG?
-Inferno R1
-Ribos: The aftermath / -Retreat from Deneb
-Sol: A History
-TBP EACW teaser
-Earth Brakiri war
-TBP Fortune Hunters (I think?)
-TBP Relic
-Trancsend (Possibly?)
-Uncharted Territory
-Vassagos Dirge
-War Machine
(Others lost to the mists of time and no discernible audit trail)

Your friendly Orestes tactical controller.

Secret bomb God.
That one time I got permabanned and got to read who was being bitxhy about me :p....
GO GO DEKKER RANGERSSSS!!!!!!!!!!!!!!!!!
President of the Scooby Doo Model Appreciation Society
The only good Zod is a dead Zod
NEWGROUNDS COMEDY GOLD, UPDATED DAILY
http://badges.steamprofile.com/profile/default/steam/76561198011784807.png

 

Offline jr2

  • The Mail Man
  • 212
  • It's prounounced jayartoo 0x6A7232
    • Steam
Re: CCleaner is actual malware
I wonder if this affects the mobile app too.

IIRC, wasn't it just one of their servers that was compromised?  So no, their app would use Google servers.

 

Offline The E

  • He's Ebeneezer Goode
  • 213
  • Nothing personal, just tech support.
    • Steam
    • Twitter
If I'm just aching this can't go on
I came from chasing dreams to feel alone
There must be changes, miss to feel strong
I really need lifе to touch me
--Evergrey, Where August Mourns

 

Offline jr2

  • The Mail Man
  • 212
  • It's prounounced jayartoo 0x6A7232
    • Steam
Re: CCleaner is actual malware
Darned space-pirates, it was.



Spoiler:
Cisco and security firm Kaspersky have both pointed out that the malware element in the tainted version of CCleaner shares some code with a sophisticated hacking group known as Group 72, or Axiom, which security firm Novetta named a Chinese government operation in 2015.

 

Offline Charismatic

  • also known as Ephili
  • 210
  • Pilot of the GTVA
    • EVO
Re: CCleaner is actual malware
I own CCleaner Pro and i trust it. Been using it for years.
:::PROUD VASUDAN RIGHTS SUPPORTER:::
M E M O R I A L :: http://www.hard-light.net/forums/index.php/topic,46987.msg957350.html#new

"IIRC Windows is not Microsoft."

"(CENSORED) Galatea send more than two (CENSORED) fighters to escort your (CENSORED) three mile long (CENSORED), STUPID (CENSORED).  (CENSORED) YOU, YOU (CENSORED)!!!"

 

Offline jr2

  • The Mail Man
  • 212
  • It's prounounced jayartoo 0x6A7232
    • Steam
Re: CCleaner is actual malware
I own CCleaner Pro and i trust it. Been using it for years.

The point wasn't that CCleaner is malware by the authors, but that the authors website that distributed it got hacked and infected the files being distributed.  However, the malware only worked on x86 (32-bit) Windows, so most people are probably safe. 

The reason so many companies got hit is that they're notorious cheapskates and were still running old 32-bit OSes because "why not, it still works".  I mean, the company I work for makes millions in profits per quarter at this plant, has locations worldwide, and is still running old Windows XP machines with P4 3.2GHz HT and 1GB RAM, with Windows XP, for some of their workstations (not talking mission-critical offline stuff, I mean data entry workstations).  Running full admin rights, logged on to a domain, at least they have Kaspersky AV.  All except like 3 workstations (out of maybe a dozen) are now Windows 7 at least, but I dunno if it's x64 or x86.  These are the knuckle heads that won't replace something ahead of time, either because "the line's too busy to shut down", or if it's not "it's not busy enough to justify the cost", and then pay a buttload of overtime to disgruntled employees who wanted their time off when the line breaks in the middle of a huge order and they have to make up for the down time.  And rather than cutting 2-500K for a replacement line, they'll but multiple 10K checks all year long to keep it limping along at half of normal production speed (when it's actually running).

There's running lean, and then there's sheer stupidity.  All they care about is next quarter's profits, which is what happens when you're owned by an investment firm that only cares about milking the place for a few years and then selling it on to the next investment firm.

 
Re: CCleaner is actual malware
You think the hackers can't compromise the downloads for the pro version? As far as we know they didn't, this time, but that's luck, not a basis for trust.
The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell.

 

Offline Charismatic

  • also known as Ephili
  • 210
  • Pilot of the GTVA
    • EVO
Re: CCleaner is actual malware
Not saying that. I just was saying I own and use CCleaner. Tho they got hacked twice sofar it is not a reoccurring problem. And as the articles said, only specific versions/builds were affected.
:::PROUD VASUDAN RIGHTS SUPPORTER:::
M E M O R I A L :: http://www.hard-light.net/forums/index.php/topic,46987.msg957350.html#new

"IIRC Windows is not Microsoft."

"(CENSORED) Galatea send more than two (CENSORED) fighters to escort your (CENSORED) three mile long (CENSORED), STUPID (CENSORED).  (CENSORED) YOU, YOU (CENSORED)!!!"

 

Offline technopredator

  • Does not compute
  • 27
  • Don't get mad, consequences are revenging you.
Re: CCleaner is actual malware
The title is wrong then, it's not actually malware, it was hijacked and made to also work as malware for a month recently only. I'm always suspicious of things I can't control but CCleaner as many other Registry cleaners have a backup option I recommend to use always and automatically every time a cleaning is executed to always roll back any action that resulted detrimental to the system. I think this is like anything in life, it should be used if it's convenient enough, and always evaluating its reach and consequences; from the backups and system performance you could see if it really useful, therefore necessary if want maximum performance, depends what you need/want; a radical yes or no, generally is not recommended for anything I think, except in situations proven adverse, like bloatware or malware piggybacked or damaging software like RegCure, that in Windows XP and previous Windows will eventually, sometimes at first run, damage your Registry permanently even after restoring a backup.
« Last Edit: October 06, 2017, 07:28:11 am by technopredator »

 

Offline The E

  • He's Ebeneezer Goode
  • 213
  • Nothing personal, just tech support.
    • Steam
    • Twitter
Re: CCleaner is actual malware
I disagree. CCleaner and other "make PC faster" programs are malware. In this particular instance, CCleaner was an actual malware vector; Even without that though, using them means trusting the manufacturers to know what they are doing (which, in the past, they've been shown to be fallible on). I am not going to do that, given that the benefits of these programs are almost certainly placebo-like.
If I'm just aching this can't go on
I came from chasing dreams to feel alone
There must be changes, miss to feel strong
I really need lifе to touch me
--Evergrey, Where August Mourns

 

Offline technopredator

  • Does not compute
  • 27
  • Don't get mad, consequences are revenging you.
Re: CCleaner is actual malware
Of course you disagree, you're not exactly open minded to other people's perspectives I have seen in the past, and your definition of malware is wrong according to most people defining it to begin with, fallible are all humans, therefore the need to improve Windows Registry structure, and of course would have bug and sometimes damaging code, but that's common to any software, what sets it apart is the intention and the general behavior and consequences, which are not coherent with malware definition. And it's not really placebo, it's a Registry level optimization, so it's not a general constant improvement, like overclocking, it depends on Registry dependency and usage, and it makes sense: less information in the Registry will cause less information to be searched or filter, therefore accelerating Registry usage performance, and so it shows
« Last Edit: October 06, 2017, 07:50:53 am by technopredator »

 

Offline The E

  • He's Ebeneezer Goode
  • 213
  • Nothing personal, just tech support.
    • Steam
    • Twitter
Re: CCleaner is actual malware
The only people I trust to know what they are doing with regards to optimizing the registry are Microsoft -- Who, in their official guidelines for Windows app development, make it very clear that the registry is an outdated and bad mechanism for storing program configuration data that should not be used.

Sure, we define malware usually as programs designed to inflict harm, which CCleaner isn't. But what CCleaner actually is is an attempt to exploit the cargo-cult level of understanding people who have used Windows have developed. It promises to make a PC faster by "cleaning up the registry", when the registry is never searched for information during regular usage (because you do not need to search the registry for anything: Every bit of information the programmer wants to look up is at a known location within the registry). So yes, it is a placebo: It does not make your PC faster during everyday usage. You're not going to free up appreciable amounts of processing power if your registry is less full.
If I'm just aching this can't go on
I came from chasing dreams to feel alone
There must be changes, miss to feel strong
I really need lifе to touch me
--Evergrey, Where August Mourns

 

Offline technopredator

  • Does not compute
  • 27
  • Don't get mad, consequences are revenging you.
Re: CCleaner is actual malware
Maybe today as computers become multi-thread/-core aware, not much processing power is perceivable by the average user, but on Windows XP times where CPUs had only 1 core and at best 2 threads, it was, you could and I have measured the boot time in seconds and the saving was a few of them, also general loading of programs, where they access the most the registry, and general usage of them and the PC in general, I was a PC tech on those times and still are and make at random times extensive use and measurements of some workloads on a user's PC before and after and there is a measurable difference maybe at technical level but there it is, also Windows uses the Registry to boot and access important system-related functioning, I recommend you activate a background Registry monitoring software so you realize how much it's really used, and yeah it's an archaic way to store application info but that's how Windows is structured, also you can deny access to  the registry to an application at install time and probably won't work well if at all, Winnows without the Registry or when it's damaged enough won't boot. Also the Registry is a string based access database, so an app searches in a hierarchical tree for the path it tries to access, so the number of strings a tree branch has affects CPU performance proportionally, until it's cached in RAM, at which point it'll be read and written on RAM for a later deferred disk write, you can observe this phenomenon in the cleaning software after a second scan to the Registry, this is the reason Disk Optimization software and even System Optimization software will defragment the Registry files so the slow HDD access be as little as possible. Denying this reality is simply intellectually dishonest, you will probably persist in your idea but that doesn't make it real.

How significant it is, you can test it with a cleaning app whore Registry Back up or with a Windows Restore Registry back up and then making the cleaning and see how much it improved, you can restore the Registry to its original state from the backup. The improvement is marginal mostly, unless is an old and poorly maintained Windows installation, but that's a subjective decision for the user to make. I personally would like the Registry would be used for Windows only, and all apps including all Microsoft apps have their own configuration files, but ironically Windows Registry is improved over time, so why Microsoft improves it so Windows and apps have a bigger functional dependency of it, make it more complex with longer strings with more sub-strings instead of less? is beyond my comprehension, specially when the Microsoft statement intention that you gave indicates eventually getting rid of it. Currently the Registry in recent Windows versions have gone passed the 100 MB mark and beyond, that's  also the RAM used to cache it and would be a lot less if apps and many Windows backward compatibility wasn't so faithfully carried on, I wonder if they check which parts need to be carried on for the next Windows version, anyway I have checked at random times app dependency on the Registry and it's vastly used, Registry monitoring software I have used reports thousands of accesses after windows and the apps I use are loaded, the Registry com from Windows 1.0 which was originally a Windows-only configuration system, then expanded to Windows apps and then to certain apps and then to all apps, so Microsoft recommendation come like FEMA aid: too little too late, but unlike hurricane disasters, Microsoft could still plot a course to limit the Registry  only to Windows, and keep it highly optimized, and apps can have some other mechanism to share configuration options if at all, and the need for registry cleaner is gone, as it is a small performance bottleneck
« Last Edit: October 06, 2017, 09:40:58 am by technopredator »

 

Offline The E

  • He's Ebeneezer Goode
  • 213
  • Nothing personal, just tech support.
    • Steam
    • Twitter
Re: CCleaner is actual malware
Maybe today as computers become multi-thread/-core aware, not much processing power is perceivable by the average user, but on Windows XP times where CPUs had only 1 core and at best 2 threads, it was, you could and I have measured the boot time in seconds and the saving was a few of them,

So? As you point out yourself, this was on XP. We do not use XP anymore, for the most part. That's what I meant by cargo-cult behaviour; just because something was a good idea 17 years ago doesn't mean that it's still a good idea today.

Quote
also general loading of programs, where they access the most the registry, and general usage of them and the PC in general, I was a PC tech on those times and still are and make at random times extensive use and measurements of some workloads on a user's PC before and after and there is a measurable difference maybe at technical level but there it is, also Windows uses the Registry to boot and access important system-related functioning, I recommend you activate a background Registry monitoring software so you realize how much it's really used, and yeah it's an archaic way to store application info but that's how Windows is structured, also you can deny access to  the registry to an application at install time and probably won't work well if at all, Winnows without the Registry or when it's damaged enough won't boot.

Which is why the registry is a deprecated way to store things. Sure, the registry is accessed a lot, but can you point to an actual statistic that shows improvements in access times? You see, the registry is self-optimizing to an extent; values that are often accessed are kept cached for quick access, and while it isn't as fast as straight RAM access (the only source I could find was Raymond Chen's article here) a simple read access shouldn't take that long. Even a full open-read-write-close cycle takes at most 100k cycles (presumably when updating a non-cached value), and more commonly only 15k to 20k. This isn't something that is worth optimizing when the tools that are doing the optimization have as large question marks for safety attached as CCleaner et al have.

Quote
Also the Registry is a string based access database, so an app searches in a hierarchical tree for the path it tries to access, so the number of strings a tree branch has affects CPU performance proportionally, until it's cached in RAM, at which point it'll be read and written on RAM for a later deferred disk write, you can observe this phenomenon in the cleaning software after a second scan to the Registry, this is the reason Disk Optimization software and even System Optimization software will defragment the Registry files so the slow HDD access be as little as possible. Denying this reality is simply intellectually dishonest, you will probably persist in your idea but that doesn't make it real

I am not denying that reality. I am saying that it doesn't matter. The vast majority of registry accesses you encounter will be made to values cached in RAM, and for the few that aren't, the registry isn't a performance consideration. In normal operation, it stores hundreds of thousands of values; removing a few hundred will not impact performance at all.

And as for defragmentation: It is bull****. Windows is better at managing disk fragmentation than any external program could ever hope to be, because it actually knows where and how files need to be stored on disk for best performance (and, of course, on modern systems with SSDs, fragmentation just isn't a thing anymore).

Further reading: https://www.howtogeek.com/162683/pc-cleaning-apps-are-a-scam-heres-why-and-how-to-speed-up-your-pc/
https://www.howtogeek.com/171633/why-using-a-registry-cleaner-wont-speed-up-your-pc-or-fix-crashes/
If I'm just aching this can't go on
I came from chasing dreams to feel alone
There must be changes, miss to feel strong
I really need lifе to touch me
--Evergrey, Where August Mourns

 

Offline technopredator

  • Does not compute
  • 27
  • Don't get mad, consequences are revenging you.
Re: CCleaner is actual malware
As I wrote on my second paragraph on my previous post, it's a marginal improvement, and left instructions how to do the testing. Don't have any stats as I the information I collected from my testing was only for me, nobody cared for it anyway. Probably you never took time to make any measurements or to make maintenance to hundreds of PCs over years for a living, well for you it doesn't matter, probably you're the average user/gamer and you're fine with your zero Registry maintenance  and mediocre Windows Defragmentation, and yeah you haven't measure the Registry usage and it's access, and you really don't care about it and yeah the gain is minimum but you shouldn't say at all since you haven't even made the testing, and is there, little but it does exist, so affirming it's not at all impacting performance is incorrect, and BTW performance on a PC is build like this, a piece at the time at some point. Yes I have read those articles, they have truths, half-truths and jumping to conclusions too, just like you're doing it here. Just do that 1 testing, install a Backgroound Registry Monitoring access app,just to count the accesses and the amount of data modified

As for the desfragmentation, Windows file defragmentation measured by PerfectDisk and other defrasggers analysis after the fact show file is mostly good, but the way it moves the files is inefficient and a few files are not defragmented properly or at all, like folders, and system files are never optimized, Perfect Disk solves all these problems with a normal defragmentation, except the system files, moves all folders to a single location, that are defragged on offline boot mode, for a privileged disk access, and prevent a lot of Windows simple and inefficient disk write, and has a background defragmentation, but if you want to accumulate small inefficiencies and say it doesn't matter OK, it's your time