Important: CCleaner Users

Nicola

Closed Account
Joined
Jan 22, 2013
Location
Malta
I know many online casinos recommend users install a program called 'CCleaner' to clear cookies which fix common issues when playing slots.

A recent version (5.33) contained malware (trojan) which sends information from your PC to a unknown server. While the developer says it was non-sensitive data that was leaked from user PCs, many forum threads I have read said username/passwords may have been breached too.

News story:

You do not have permission to view link Log in or register now.


Technical blog:
You do not have permission to view link Log in or register now.


You can easily find out if your PC has been infected by running 'regedit' and finding a key under LOCAL 'SOFTWARE\Piriform\Agomo'

To get rid of the malware, all you have to do is download the latest version of CCleaner which was released yesterday (20th)
 
I also don't always update to the latest version, but coincidentally updated to the latest version yesterday - which was the first time it said 'important update', so i browsed the web and was shocked that this proggie had a backdoor for a short period of time...On th other hand it's not that weird, as it's so widely used, that of course it's extremely interesting for people with bad intentions, to crack it and insert a backdoor...

Funny thing, is now that i read your post, i opened it again, and got another 'important update' which kind of annoyed me..
Actually thinking of stopping to use the program altogether now, even though it has been a loyal friend for years..:rolleyes:
 
Read this yesterday on Abovetopsecret.

Apparently only the 32 bit version and 32 bit users are affected.

So if you have the CCleaner (x64) 64 bit, then you'e fine.

Excerpt from ATS

"The 32 bit .exe of CCleaner (Version 5.33.6162) was infected with TR/RedCap.zioqa. (x64 is clean)" :thumbsup:

Always better to inspect your registry anyway to see if you find any suspicious foler names or registry entries.

Type Regedit into your search bar and run the Registry Editor. Go to HKEY_CURRENT_USER > SOFTWARE > PIRIFORM (You'll notice if there is any suspect folders here, only a folder CCLEANER should be here) > CCLEANER

Also check HKEY_LOCAL MACHINE > SOFTWARE > PIRIFORM (Again CCLEANER should be the only folder entry here) > CCLEANER

Registry entries in the CCLEANER folder from HKEY_LOCAL_MACHINE should list all the things you typically delete from your machine when using the software and that's it....this will be how you identify anything suspect.

But you are mainly looking for a folder entry under the Piriform folder. If there is another folder except a CCleaner folder, you are most likely affected. And again, if you are using x64 bit you are almost certain to be clean anyway, but always nice to be sure.

:thumbsup:

EDIT: As Nicola has pointed out, the folder will most likely be named AGOMO
 

Users who are viewing this thread

Click here for Red Cherry Casino

Meister Ratings

Back
Top