CCleaner: Know if your PC is infected

CCleaner: Know if your PC is infected

On Monday, the world was taken aback by the announcement that CCleaner, an extremely popular software used mostly to clean temporary and unwanted files on the PC, has been distributed for some time with malware. Somehow, a cybercriminal was able to inject malicious code into the application, something that has already been fixed in the new versions of the program.

However, what if you are one of those 2.27 million people, according to Avast, who were hit by the plague? In this case, it is good to know the procedures to be aware of with these tips below, originally  formulated  by Bleeping Computer.

Who was affected?

People who downloaded CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191 for 32-bit Windows. These versions were available for download between August 15 and September 12.

It is also important to note that only users with system administrator privilege were affected. Those who use accounts with lower privileges will have no problems.

I do not know if my version was one of those, or when I downloaded it. How do I know if I have been affected?

It is quite easy, and can be done by the Windows Registry Editor. If you do not know how, just hold the key with the Windows icon on the keyboard and press “R”. In this window, type “regedit” and press “OK”.

If the malware was present on your computer, it created an entry in the  HKEY_LOCAL_MACHINE \ SOFTWARE \ Piriform \ Agomo folder . In the case of an infected computer, there must be the values “MUID” and “TCID”, which are used by malware.

If you have not been infected, you should not find the “Agomo” folder.

How to remove?

It is also very simple, just install a safe version of CCleaner, with the number 5.34 onwards. Since the software does not have an automatic update system, it is necessary to download the new version from the Piriform website at  this link  (the download will start automatically).

Users of CCleaner Cloud should have already received the update to version 1.07.3214 automatically and things are already resolved.

That’s it?

Yes. The malware was built into the CCleaner executable. The update replaces the executable with another clean and secure one and replaces the entries in the Windows registry with others that are not harmful. The update does not remove the Agomo folder from the registry, but the content becomes harmless.

How have no antivirus noticed?

No one noticed before because malware was embedded in the CCleaner executable, a legitimate program with legitimate scripts.