CCleaner Malware (2024)

Table of Contents
Understanding the Threat How to Get Rid of CCleaner Malware? Related articles: Related products: CCleaner Malware FAQs

CCleaner is a utility program designed to delete unwanted files from a computer. The software gets rid of temporary files that eat up disk space and invalid Windows registry keys. During the cleanup, malicious files buried in the system are also deleted. In January 2017, CNET gave the program a "Very Good" rating.

However, in September 2017, CCleaner malware was discovered. Hackers took the legitimate program and inserted malicious code that was designed to steal data from users. They turned a tool meant to scrub your computer clean of lurking malware into a serious threat to sensitive and personal information.

CCleaner Malware (1)

Understanding the Threat

The malware consisted of two Trojans, Trojan.Floxif and Trojan.Nyetya, inserted into the free versions of CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191. It's believed the hackers compromised CCleaner's build environment to insert the malware.

According to different reports, the malware is capable of collecting specific data from an infected computer system, including IP addresses and information on installed and active software, and sending it to a third-party server located in the United States.

See Also
Is CCleaner Safe? | CCleaner7 Best CCleaner Alternatives in 2024How to clean your Apple productsWhat is Uninstall?

CCleaner's parent company, Avast Piriform, found the malware on September 12, 2017, and immediately took steps to remediate the problem. Initially, the company believed it was confined to the above versions running on a 32-bit Windows systems and that downloading upgraded versions of the program would solve the problem. It's believed more than 2 million users were infected.

Unfortunately, the company soon discovered the malware infection was more severe than originally believed. A second stage payload was discovered by Cisco Talos. This payload targeted approximately 20 of the largest tech companies, including Google, Microsoft, Cisco, and Intel, and infected 40 computers.

According to Wired, "Cisco says it obtained a digital copy of the hackers' command-and-control server from an unnamed source involved in the CCleaner investigation. The server contained a database of every backdoored computer that had 'phoned home' to the hackers' machine between September 12 and 16".

Although there is no definitive evidence identifying the party responsible for the CCleaner malware, investigators discovered a link to a Chinese hacking group known as Axiom.

The CCleaner malware shares code with tools used by Axiom, and a time stamp on a compromised server matched a Chinese time zone; however, time stamps can be changed or modified, making it difficult to pinpoint origin.

See Also
DCX

Combined with the choice of tech targets, this raised concerns that CCleaner malware could be part of a state-sponsored attack. As of late 2017, the investigation into responsibility for the hack is ongoing.

How to Get Rid of CCleaner Malware?

When the CCleaner malware was first discovered, users were advised to upgrade to the newest version of the program based on the belief it was an isolated incident and later versions were safe. However, the discovery of the second stage payload complicated removal and protection.

Having a disaster recovery plan in place may be the only way to truly ensure your computer is free of the CCleaner malware. Investigators recommend restoring systems to backed-up versions dating before August 15, when the first infected tools were released.

The infected version of CCleaner should be uninstalled and antivirus scans initiated to ensure the system is clean. If you decide to reinstall CCleaner, it should be the most recent version available, or at least version 5.34 or higher.

CCleaner is known to be an excellent tool for eliminating malicious programs that hide deep in computer systems, but as the CCleaner malware incident proves, even the programs created to protect our computers from threats are not immune to hackers.

Kaspersky Internet Security received two AV-TEST awards for the best performance & protection for an internet security product in 2021. In all tests Kaspersky Internet Security showed outstanding performance and protection against cyberthreats.

Related articles:

Related products:

CCleaner Malware

Kaspersky

CCleaner malware is a malicious program disguised as legitimate software called CCleaner. Discovered in September 2017, CCleaner malware was designed by hackers to steal sensitive data from unsuspecting users.

CCleaner Malware (2)

CCleaner Malware (2024)

FAQs

Can CCleaner detect malware? ›

However, one thing CCleaner doesn't do is detect or remove viruses, spyware, or malware. Even if you're a cautious internet user, we always recommend having a modern antivirus program installed to protect against the risk of computer viruses and malicious software.

Tell Me More
Has CCleaner been hacked? ›

CCleaner hit by data breach that saw customer data stolen, blames MOVEit hack. Popular optimization tool CCleaner has confirmed its services have been hit by a data breach, seemingly caused by the MOVEit data theft fiasco.

View Details
Which version of CCleaner was infected? ›

The 5.3 version of CCleaner that got compromised produced two payloads of malware. The first spread installed spyware called Floxif on the computers. The spyware gathered the data of all running processes.

Show Me More
Is CCleaner actually useful? ›

Ultimately, the answer to whether CCleaner is worth it depends on your needs. The free version is a great tool to clean up unused files and settings but, personally, we wouldn't pay for this software.

Find Out More
How do I get rid of malware in CCleaner? ›

For Windows 10 users:
  1. Open the 'Start' menu.
  2. Click on 'Settings'
  3. Click 'System'
  4. Choose 'Apps and Features'
  5. Find 'CCleaner' in the list of programs.
  6. Click 'Uninstall' from the horizontal menu above the programs list.

Discover More
Can malware survive a clean install? ›

It completely depend on the trojan/virus that you have, but yes certain can put themselves into the recovery partition, and other can destroy the partition altogether. I suggest to do a clean install with a iso or media kit if you have one.

Tell Me More
When did CCleaner become malware? ›

CCleaner malware is a malicious program disguised as legitimate software called CCleaner. Discovered in September 2017, CCleaner malware was designed by hackers to steal sensitive data from unsuspecting users.

Show Me More
What is better than CCleaner? ›

Top 10 Alternatives to CCleaner Recently Reviewed By G2 Community
  • Treesize. (41)4.6 out of 5.
  • CleanMyPC. (18)4.6 out of 5.
  • Glary Utilities Pro. (12)4.1 out of 5.
  • Advanced System Optimizer. (11)4.8 out of 5.
  • WinZip System Utilities Suite. (35)3.7 out of 5.
  • Cleaner One Pro. (10)4.2 out of 5.
  • cleanmasterofficial. ...
  • WinUtilities Pro.

Read On
Does CCleaner corrupt files? ›

After a Custom Clean with CCleaner, some EXE files are corrupted. The files are still there, but the content has been overwritten with spaces. The sizes of the files seems to be the original file sizes of the specific exe file. It affects many major applications: Excel/Word, VLC Player, Defraggler, ...

Get More Info Here
What are the security issues with CCleaner? ›

It has been reported that a version of Piriform CCleaner.exe has been compromised/trojanized resulting in the installation of multi-stage backdoor capable of receiving instructions from threat actors on affected systems.

See More

What is the security threat in CCleaner? ›

The threat is a backdoor trojan that is related to the "trojanized" version of a third-party utility known as "CCleaner". If you have installed the infected or trojanized version of CCleaner, it's likely you'll have this threat detected on your machine. Find out ways that malware can get on your PC.

Show Me More
What is the security vulnerability of CCleaner? ›

In 2017, CCleaner was compromised with a backdoor-installing trojan horse. Attackers could have accessed millions of devices via the backdoor in the software. Researchers believe the primary targets of the attack were tech companies, such as Samsung, Sony, Asus, and others.

View Details
Is CCleaner free malware? ›

Is CCleaner malware or spyware? No, CCleaner's code doesn't include any malicious code, or digital monitoring of any kind. Privacy is a core element of our products, and we want to keep it that way.

Read On
Is disk Cleanup better than CCleaner? ›

CCleaner offers a more in-depth cleaning process that goes beyond what Disk Cleanup performs. It includes options for clearing browser caches, cookies, and histories, while Disk Cleanup focuses more on removing temporary files and system files that are no longer needed.

Discover More Details
Is Norton better than CCleaner? ›

Compare CCleaner and Norton Antivirus. based on preference data from user reviews. CCleaner rates 4.5/5 stars with 622 reviews. By contrast, Norton Antivirus rates 4.2/5 stars with 202 reviews.

View More
How do I find hidden malware on my computer? ›

Open your Windows Security settings. Select Virus & threat protection > Scan options. Select Microsoft Defender Antivirus (offline scan), and then select Scan now.

View More
How can you detect a malware in your computer? ›

How To Know if You Have Malware
  1. suddenly slows down, crashes, or displays repeated error messages.
  2. won't shut down or restart.
  3. won't let you remove software.
  4. serves up lots of pop-ups, inappropriate ads, or ads that interfere with page content.
  5. shows ads in places you typically wouldn't see them, like government websites.

Read The Full Story
Is there an app that can detect malware? ›

Malwarebytes brings the anti-malware, ad blocking, filtering, & web security features you need to stay safe. Your mobile cybersecurity just got an upgrade. Malwarebytes now includes premium VPN features keeping your connection private no matter where you are.

Continue Reading
What is the app that detects malware? ›

Malwarebytes is updated daily, so you can trust it to identify and remove new threats the minute they appear. The first time you install Malwarebytes Anti-Malware, you're given a 14-day trial of the premium edition, which includes preventative tools like real-time scanning and specific protection from ransomware.

Discover More
Top Articles
Sky Sports F1 Guide | Subscription, Prices & Options
What is Acute Radiation Syndrome|Causes|Symptoms|Treatment|Signs
Current money market account rates today - May 14, 2024
How to use the Chase Sapphire Preferred hotel credit
Latest Posts
Medicare Plans in Fawn Creek, KS for 2023
Ejemplo de currículum vitae administrativo en inglés: Guía completa
Article information

Author: Clemencia Bogisich Ret

Last Updated:

Views: 6206

Rating: 5 / 5 (60 voted)

Reviews: 91% of readers found this page helpful

Author information

Name: Clemencia Bogisich Ret

Birthday: 2001-07-17

Address: Suite 794 53887 Geri Spring, West Cristentown, KY 54855

Phone: +5934435460663

Job: Central Hospitality Director

Hobby: Yoga, Electronics, Rafting, Lockpicking, Inline skating, Puzzles, scrapbook

Introduction: My name is Clemencia Bogisich Ret, I am a super, outstanding, graceful, friendly, vast, comfortable, agreeable person who loves writing and wants to share my knowledge and understanding with you.