Author Topic: CCleaner and installing avast with out permission...  (Read 60561 times)

0 Members and 1 Guest are viewing this topic.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31345
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: CCleaner and installing avast with out permission...
« Reply #60 on: September 19, 2017, 10:51:35 AM »
Things like this sure make it a lot easier to step away from avast and stop seeing them as a trusted company.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 65481
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: CCleaner and installing avast with out permission...
« Reply #61 on: September 19, 2017, 10:58:59 AM »
But Cisco (and others) made a good point, why hasn't the Symantec signing certificate been revoked?
I see that the newest (safe) release of CC Cleaner (534) is still using the same exact Symantec signing key as the version with the backdoor?
I've to agree, get rid of these lousy Symantec certs ASAP...!!
Win 8.1 [x64] - Avast PremSec 20.6.2416.B#1 [UI.537] - CC 5.68 - EEK - FF ESR 68.10 [NS/AOS/uBO/PB] - TB 68.10 - SB/CP/SL/DU.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline sloshnmosh1

  • Jr. Member
  • **
  • Posts: 37
Re: CCleaner and installing avast with out permission...
« Reply #62 on: September 19, 2017, 11:27:02 AM »
I see that someone had uploaded the CC Cleaner in question to VirusTotal back on August 22nd 2017 and 10 different AV engines flagged it as a Trojan back then.
**updated to read..**
Just to be clear, this was found under "compressed parents" below the actual CC Cleaner scan.
https://www.virustotal.com/#/file/135808f7953e83e663bc8318d4a05024d1a29d5965024f8738e67c28b1c2c4f8/detection
« Last Edit: September 19, 2017, 11:37:16 AM by sloshnmosh1 »

Offline sloshnmosh1

  • Jr. Member
  • **
  • Posts: 37
Re: CCleaner and installing avast with out permission...
« Reply #63 on: September 19, 2017, 11:44:02 AM »
I have contacted VirusTotal and filed a "bug report" regarding VPS updates.

Offline sloshnmosh1

  • Jr. Member
  • **
  • Posts: 37
Re: CCleaner and installing avast with out permission...
« Reply #64 on: September 19, 2017, 01:35:28 PM »
Quote
Things like this sure make it a lot easier to step away from avast and stop seeing them as a trusted company.

I ditched my subscription to a well known AV product several months ago even though I have a valid license till 2019 after I found a java based SSH client (JSch) hidden inside their mobile application and when I questioned them about it's function I was lied to.


Offline Lazes

  • Newbie
  • *
  • Posts: 3
Re: CCleaner and installing avast with out permission...
« Reply #65 on: September 19, 2017, 02:48:20 PM »
I Use Avast , and why Avast still don't delete the traces of ""Agomo"" in Registry Editor where is the only place where this infected file from  CCleaner v.5.33, have left traces ???  ....... Soo after update to v.5.34 CCleaner - beside we all know the Registry Editor is ""scary"" place to delete things - manually delete this ""Agomo"" from Registry Editor :

[/img][/img]
Open Your Mind, And See The True Colors.

Offline Charyb

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2298
Re: CCleaner and installing avast with out permission...
« Reply #66 on: September 19, 2017, 03:50:23 PM »
I'm disappointed with 3rd party extras. I use Windows disk optimizer, cleanup, image, backup, etc. and have had no problems here.
« Last Edit: September 19, 2017, 03:54:46 PM by Charyb »

Offline sloshnmosh1

  • Jr. Member
  • **
  • Posts: 37
Re: CCleaner and installing avast with out permission...
« Reply #67 on: September 20, 2017, 03:30:03 AM »
Quote
I Use Avast , and why Avast still don't delete the traces of ""Agomo"" in Registry Editor

Deleting that registry key does nothing but also causes no harm if you delete the entry as was already stated by an Avast representative.

Offline sloshnmosh1

  • Jr. Member
  • **
  • Posts: 37
Re: CCleaner and installing avast with out permission...
« Reply #68 on: September 20, 2017, 03:31:27 AM »
So I received an email response from VirusTotal regarding the "bug report" about Avast's detection engines on
VirusTotal's website not flagging the malicious CC Cleaner.
--------------------------------------
Sep 19, 2:13 AM PDT

Subject: Bug report
Email: **********@yahoo.com
Text:

I uploaded a "tainted" version of "CC Cleaner" to VirusTotal twice today,
and while most of the AV engines on
VirusTotal are flagging it as a Trojan I see that none of the Avast (that
owns CC Cleaner)AV products are flagging it.
Does VirusTotal's AV engines all have automatic updates for detection rules
in place?
https://www.virustotal.com/#/file/1a4a5123d7b2c534cb3e3168f7032cf9ebf38b9a2a97226d0fdb7933cf6030ff/detection
-------------------------------------
Karl Hiram   
Karl Hiramoto (VirusTotal)
Sep 19, 2:29 AM PDT

Yes,  we  check for updates every hour.      If you think avast is not behaving correctly please contact avast.     If avast

thinks there is a problem, they can contact us.

We are just aggregating the information produced.


Karl Hiramoto - VirusTotal - www.virustotal.com
---------------------
The Avast AV on VirusTotal is NOW flagging the tainted CC Cleaner but as of 01:17 AM 09/19/2017  when I captured this screenshot it still was not.
« Last Edit: September 20, 2017, 03:39:49 AM by sloshnmosh1 »

Offline Erroneus

  • Former recommender of Avast
  • Full Member
  • ***
  • Posts: 166
  • RIP Avast
    • Personal blog
Re: CCleaner and installing avast with out permission...
« Reply #69 on: September 21, 2017, 01:14:29 PM »
A new update: https://blog.avast.com/progress-on-ccleaner-investigation

The 2nd stage payload was executed, all though on a limited amount of machines (properly), but also on 64bit machines, if I understand the blog post correctly.
Homebuild machine - Intel I5 3570K@4,3 Ghz
Lenovo T460s
Windows 10 1709 Enterprise 64bit: Panda Pro

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 43710
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: CCleaner and installing avast with out permission...
« Reply #70 on: September 21, 2017, 03:57:18 PM »
A new update: https://blog.avast.com/progress-on-ccleaner-investigation

The 2nd stage payload was executed, all though on a limited amount of machines (properly), but also on 64bit machines, if I understand the blog post correctly.
According to Avast, it's not your system that determines your vulnerability but, the version of Ccleaner you installed.
If you installed the 64 bit version, you're safe. If you installed the 32 bit version of CCleaner, you're not and needed to update asap.
So, you could have installed a 32 bit version on your 64 bit system and had a problem.
Naturally, you could not have installed the 64 bit version on your 32 bit system.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.3.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31345
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: CCleaner and installing avast with out permission...
« Reply #71 on: September 21, 2017, 04:31:17 PM »
Playing the devil her... *evil grin*
avast was installed with permission.
Doing a.'express' install means you agree to install the application along with everything that is pre-checked.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 43710
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: CCleaner and installing avast with out permission...
« Reply #72 on: September 21, 2017, 04:38:31 PM »
Playing the devil her... *evil grin*
avast was installed with permission.
Doing a.'express' install means you agree to install the application along with everything that is pre-checked.
One of the reasons we all stress "Custom Install" - No Matter What You Install. :)
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.3.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline 1234ava

  • Full Member
  • ***
  • Posts: 161
Re: CCleaner and installing avast with out permission...
« Reply #73 on: September 21, 2017, 06:31:39 PM »
@Eddy
Quote
Doing a.'express' install means you agree to install the application along with everything that is pre-checked.

A number of antimalware scanners will flag as "PUP" any installer that hides pre-checked additional software installation behind an "Express" option.
Personally I know perfectly well I have to always choose the Custom installation, but average Joe will pick the Express installation and be tricked into installing something he did not really want.
When it happens with a small software company, they flag it as "malware" or like that. When it happens with the big dogs, they say it's OK. Hmm. Double standards?

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 43710
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: CCleaner and installing avast with out permission...
« Reply #74 on: September 21, 2017, 06:40:06 PM »
@Eddy
Quote
Doing a.'express' install means you agree to install the application along with everything that is pre-checked.

A number of antimalware scanners will flag as "PUP" any installer that hides pre-checked additional software installation behind an "Express" option.
Personally I know perfectly well I have to always choose the Custom installation, but average Joe will pick the Express installation and be tricked into installing something he did not really want.
When it happens with a small software company, they flag it as "malware" or like that. When it happens with the big dogs, they say it's OK. Hmm. Double standards?
If you insist on using the express install, at least first install Unchecky ( https://unchecky.com/ )
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.3.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq