The backdoor in CCleaner was quarantined by MSE

SC2 2017-09-25

2021-08-30

Atom | RSS

このサイトを検索 | Search this site

,release information

The backdoor in CCleaner was quarantined by MSE

to japanese

In the beginning

CCleaner's developer Piriform has announced that it has distributed malware-infected files on its official server.

The issue was discovered on September 12, 2017, with 2.27 million users of the relevant version.

The malware is infected with the following 32-bit version:
There are two levels of backdoors.

32bit-CCleaner v5.33.6162
32bit-CCleaner Cloud v1.07.3191

The 64-bit version is not mentioned, so it seems that malware has not been mixed.

We will leave a note in another article about this matter, so please refer to the related article.

We were also isolated

CCleaner 5.33 installed on my Windows 7 32-bit has been disabled because Microsoft Security Essentials (MSE) detected malware.

MSE is anti-malware software released by Microsoft for Windows 7 and can be used free of charge.

I have installed CCleaner 5.33 and MSE on my 64-bit Windows 7 but no malware has been detected.

As per Piriform's release, it seems that 32-bit CCleaners distributed prior to September 12, 2017, such as CCleaner version 5.33, contain malware.

Malware information

MSE version when malware is detected

MSE

Anti-Malware client version: 4.10.209.0
Engine version: 1.1.14104.0
Definition of antivirus: 1.251.1401.0
Anti-spyware definition: 1.251.1401.0
Network inspection system engine version: 2.1.13804.0
Network inspection system definition version: 117.12.0.0

Item detected

CCleaner installed in Program Files was uninstalled by MSE and removed from the "Programs and Features" list.

Malware included with the CCleaner 5.33 installer has also been detected and quarantined.

MSE detection results

Detected items: Backdoor: Win32 / Floxif
Warning level: Critical
Category: Backdoor
Description: This program provides remote access to the installed computer.
Recommended Action: Remove this software immediately.
Item: file: C:\temp\ccsetup533.exe

About Backdoor: Win32 / Floxif

If you have installed infected or trojanized version of CCleaner, it's likely you'll have this threat detected on your The Trojan is that backdoor trojan that is related to the machine.

Google translation
This threat is a backdoor Trojan that is related to a "Trojan Horse" version of a third party utility called "CCleaner". If you install an infected or Trojan version of CCleaner, this threat may be detected on your machine.
Windows Defender Security Intelligence

Afterword

It is the first time malware has been detected on your current computer.

It is a malware that has a backdoor function, so it may have been used as a step.

Since CCleaner is convenient, it will continue to be used, but it is disappointing as a result of losing credibility.

MSE

Although MSE is limited to Windows 7, Windows 10 comes standard with the same category of anti-malware software, Windows Defender.

Rootkit protection is only compatible with Windows Defender.

Functional Overview MSE / Windows Defender