How Bad was the CCleaner Hack? So bad that most security experts recommend that you completely remove and reinstall Windows if you had the afflicted CCleaner version installed
What is CCleaner?
CCLeaner is a free program that millions of people used to remove junky files from Windows computers with the goal of speeding them up and removing adware and cookies that monitor your behavior for commercial gain.
What went wrong with CCleaner?
The 32-bit installer of the v5.33 of CCleaner was maliciously modified to install a backdoor which not only sent information gathered on said computers, but also allowed for the receiving of additional malware payloads.
Upon further examination by security experts it was revealed that over 20 high profile domains were tagged within the malware for 2nd level payloads (cisco.com being one).
The mention of these major domain names within the malware code indicates a much larger target at hand along with more sophisticated players.
How can I tell if I have the CCLeaner virus?
First off, the backdoor created by CCleaner actually re-writes registry entries so the concern is that simply removing CCleaner will not close the hole.
But to tell if you did have an infected version of CCleaner, open up REGEDIT and look for a key located at HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\Agomo.
Within the key will be two values, one named MUID and other TCID, if you have them then you were infected by the Floxif infection
If this registry key is still there then the Floxif infection was and still may be, sending information to the hackers. This opening not only can send password information and company data but it may also have the ability to download and install other programs.
What should I do if I had the malicious CCleaner version Installed?
Removing the registry entry, uninstalling CCleaner, running AV scans and changing your passwords are all highly recommended but for those who want to be truly safe, the best course of action is to reinstall Windows from scratch.
As it goes without saying that this is not always feasible the above suggested actions should be completed as soon as possible.
This was, ‘How Bad was the CCleaner Hack… it’s Equifax Bad’
If you found this post informative, please check out our blog post on the Equifax hack
