1. By continuing to use the site, you agree to the use of cookies .This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the cookie policy.Find out more.
    Dismiss Notice
  2. Follow Casinomeister on Facebook | Twitter | YouTube | Casinomeister.us US Residents Click here! |  Svenska Svenska | 
Dismiss Notice
REGISTER NOW!! Why? Because you can't do diddly squat without having been registered!

At the moment you have limited access to view most discussions: you can't make contact with thousands of fellow players, affiliates, casino reps, and all sorts of other riff-raff.

Registration is fast, simple and absolutely free so please, join Casinomeister here!

Important: CCleaner Users

Discussion in 'The Attic' started by Nicola, Sep 21, 2017.

    Sep 21, 2017
  1. Nicola

    Nicola Meister Member MM mm1 webmeister

    Casino Affiliate
    Marble Arch, London
    I know many online casinos recommend users install a program called 'CCleaner' to clear cookies which fix common issues when playing slots.

    A recent version (5.33) contained malware (trojan) which sends information from your PC to a unknown server. While the developer says it was non-sensitive data that was leaked from user PCs, many forum threads I have read said username/passwords may have been breached too.

    News story:

    You must register/login in order to see the link.

    Technical blog:
    You must register/login in order to see the link.

    You can easily find out if your PC has been infected by running 'regedit' and finding a key under LOCAL 'SOFTWARE\Piriform\Agomo'

    To get rid of the malware, all you have to do is download the latest version of CCleaner which was released yesterday (20th)
  2. Sep 21, 2017
  3. interlog

    interlog Senior Member MM webmeister

    Thanks for the heads up. Haven't updated CcCleaner for ages so wasn't affected.
  4. Sep 21, 2017
  5. incrediblestuff

    incrediblestuff SearchingForTheHolyGrail! CAG webmeister

    Currently: Self employed, Previously: Manager
    Mostly the Netherlands
    I also don't always update to the latest version, but coincidentally updated to the latest version yesterday - which was the first time it said 'important update', so i browsed the web and was shocked that this proggie had a backdoor for a short period of time...On th other hand it's not that weird, as it's so widely used, that of course it's extremely interesting for people with bad intentions, to crack it and insert a backdoor...

    Funny thing, is now that i read your post, i opened it again, and got another 'important update' which kind of annoyed me..
    Actually thinking of stopping to use the program altogether now, even though it has been a loyal friend for years..:rolleyes:
  6. Sep 21, 2017
  7. Chipkin9

    Chipkin9 I'm not a Senior

    Between Jobs
    Tyrone, Ireland
    Read this yesterday on Abovetopsecret.

    Apparently only the 32 bit version and 32 bit users are affected.

    So if you have the CCleaner (x64) 64 bit, then you'e fine.

    Excerpt from ATS

    "The 32 bit .exe of CCleaner (Version 5.33.6162) was infected with TR/RedCap.zioqa. (x64 is clean)" :thumbsup:

    Always better to inspect your registry anyway to see if you find any suspicious foler names or registry entries.

    Type Regedit into your search bar and run the Registry Editor. Go to HKEY_CURRENT_USER > SOFTWARE > PIRIFORM (You'll notice if there is any suspect folders here, only a folder CCLEANER should be here) > CCLEANER

    Also check HKEY_LOCAL MACHINE > SOFTWARE > PIRIFORM (Again CCLEANER should be the only folder entry here) > CCLEANER

    Registry entries in the CCLEANER folder from HKEY_LOCAL_MACHINE should list all the things you typically delete from your machine when using the software and that's it....this will be how you identify anything suspect.

    But you are mainly looking for a folder entry under the Piriform folder. If there is another folder except a CCleaner folder, you are most likely affected. And again, if you are using x64 bit you are almost certain to be clean anyway, but always nice to be sure.


    EDIT: As Nicola has pointed out, the folder will most likely be named AGOMO

Share This Page