,release information
In the beginning
CCleaner's developer Piriform has announced that it has distributed malware-infected files on its official server.
The issue was discovered on September 12, 2017, with 2.27 million users of the relevant version.
The malware is infected with the following 32-bit version:
There are two levels of backdoors.
- 32bit-CCleaner v5.33.6162
- 32bit-CCleaner Cloud v1.07.3191
The 64-bit version is not mentioned, so it seems that malware has not been mixed.
We will leave a note in another article about this matter, so please refer to the related article.
We were also isolated
CCleaner 5.33 installed on my Windows 7 32-bit has been disabled because Microsoft Security Essentials (MSE) detected malware.MSE is anti-malware software released by Microsoft for Windows 7 and can be used free of charge.
I have installed CCleaner 5.33 and MSE on my 64-bit Windows 7 but no malware has been detected.
As per Piriform's release, it seems that 32-bit CCleaners distributed prior to September 12, 2017, such as CCleaner version 5.33, contain malware.
Malware information
MSE version when malware is detected
MSE
Anti-Malware client version: 4.10.209.0Engine version: 1.1.14104.0
Definition of antivirus: 1.251.1401.0
Anti-spyware definition: 1.251.1401.0
Network inspection system engine version: 2.1.13804.0
Network inspection system definition version: 117.12.0.0
Item detected
CCleaner installed in Program Files was uninstalled by MSE and removed from the "Programs and Features" list.
Malware included with the CCleaner 5.33 installer has also been detected and quarantined.
MSE detection results
Detected items: Backdoor: Win32 / FloxifWarning level: Critical
Category: Backdoor
Description: This program provides remote access to the installed computer.
Recommended Action: Remove this software immediately.
Item: file: C:\temp\ccsetup533.exe
About Backdoor: Win32 / Floxif
If you have installed infected or trojanized version of CCleaner, it's likely you'll have this threat detected on your The Trojan is that backdoor trojan that is related to the machine.
Google translation
This threat is a backdoor Trojan that is related to a "Trojan Horse" version of a third party utility called "CCleaner". If you install an infected or Trojan version of CCleaner, this threat may be detected on your machine.
Windows Defender Security Intelligence
Afterword
It is the first time malware has been detected on your current computer.It is a malware that has a backdoor function, so it may have been used as a step.
Since CCleaner is convenient, it will continue to be used, but it is disappointing as a result of losing credibility.
MSE
Although MSE is limited to Windows 7, Windows 10 comes standard with the same category of anti-malware software, Windows Defender.Rootkit protection is only compatible with Windows Defender.
Functional Overview MSE / Windows Defender
- Real-time protection from spyware, viruses, malicious software such as rootkits
- Online system scan and cleanup
- Dynamic signature service
- Offline system scan and cleanup
- Better protection against rootkits and bootkits (Windows Defender only)
External link
Verification: Microsoft Security Essentials 4.10.209.0
このサイトを検索 | Search this site
![en[EVENT131] Metadata staging failed](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbs_msUKZLXTDaVteZjV5ArZ81T5bssP-FzmGA4DS0Z_dUZvgX9mWFkyF-3lHlicLk2TttAC5q2QunMSDeCYpYJAzk1Ghmj5KeZhDBCPGayeNyuq9C78mizcxzI84AvFw28Z258Tz5_HSO/w680/WinR300px.png)
![[EventId 131] メタデータステージングが失敗しました (DeviceSetupManager)](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiN6dqRB2WfXdfAKB10FDjdJ2p22frW5ahcNd07xf7-Dux9uDfiM1RGf7v6iO-QRooVfr3FsZNkpRKcO8Or0JcmQeJ5ud_ns3dfE7tQwoVZB2bsZbTKUaxVjG_CqSTho3hre6kT7T4mOBGz/w680/redyellow_317x.gif)
ブロトピ:今日のブログ更新
0 コメント