Author Topic: CCleaner and installing avast with out permission...  (Read 60468 times)

0 Members and 1 Guest are viewing this topic.

Offline 1234ava

  • Full Member
  • ***
  • Posts: 161
Re: CCleaner and installing avast with out permission...
« Reply #75 on: September 21, 2017, 06:49:16 PM »
Like I said I never use the express install :)


Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 43695
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: CCleaner and installing avast with out permission...
« Reply #76 on: September 21, 2017, 06:54:34 PM »
Like I said I never use the express install :)
Neither do I but, it's still possible to overlook something. I know I have.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.3.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11000
  • No support PM's thanks
Re: CCleaner and installing avast with out permission...
« Reply #77 on: September 21, 2017, 07:13:04 PM »
A new update: https://blog.avast.com/progress-on-ccleaner-investigation

The 2nd stage payload was executed, all though on a limited amount of machines (properly), but also on 64bit machines, if I understand the blog post correctly.
According to Avast, it's not your system that determines your vulnerability but, the version of Ccleaner you installed.
If you installed the 64 bit version, you're safe. If you installed the 32 bit version of CCleaner, you're not and needed to update asap.
So, you could have installed a 32 bit version on your 64 bit system and had a problem.
Naturally, you could not have installed the 64 bit version on your 32 bit system.
32 bit and 64 bit installer is one in the same (like the Avast installer), you cant choose to download one or the other.

Offline Tanmoy

  • Newbie
  • *
  • Posts: 12
Re: CCleaner and installing avast with out permission...
« Reply #78 on: September 24, 2017, 10:01:41 AM »
Guys,

I just had a chance to read this thread and I'm a bit horrified as I think that there's quite some misconception about what actually went on.

First of all, the bottom line is: to the best of our knowledge, no harm was done to any CCleaner users as the threat was removed before it had a chance to fully activate.
This is really not about downplaying the issue. This is a statement based on a pretty thorough analysis, partially shared below and partially still embargoed because of the ongoing investigation.

Now, some facts:
- Avast acquired a company (Piriform) which was in the process of being hacked. We have good evidence that the attack started at least several weeks before the acquisition.
- Immediately after we first learned about something wrong with the CCleaner product (which was on September 12, i.e. 6 days ago) we started working on it and have been working on it around the clock since then.
- The #1 priority for us was to protect the CCleaner customers and minimize the actual customer impact of the incident.
- For that reason, we first focused on fully understanding the malicious code and disconnecting the bad actors from their ability to control the backdoor, i.e. taking down the CnC servers.
- The CnC server was taken down on September 15, three days after we first learned about the incident. Given how difficult these things tend to be, we consider this a very good result and I don't see how we could have done it any better. (By that time, the secondary CnC servers (the DGA domains) were already sinkholed as well, so that technically cut the attackers off their ability to control the backdoor).

At the same time, we wanted to understand whether the second stage payload could have already activated before the threat was discovered. Now, the good thing is that about 30% of CCleaner users also run Avast security software, which allowed us to analyze behavioral, traffic and file/registry data from those machines.  Based on this analysis, we can say with high confidence that to the best of our knowledge, the second stage payload never activated, i.e. the only malicious code present on customer machines was the one embedded in the ccleaner.exe binary itself. We also asked our colleagues from other security companies, but haven't heard anyone seeing anything suspicious either. And that's great news, as it means that despite the high sophistication of the attack, we managed to disarm the system before it was able to do any harm. To that end, we don't consider the advice to reformat and/or restore the affected machines to the pre-August 15 state to be based on facts (by similar logic, security companies are not usually advising customers to reformat their machines after a remote code execution vulnerability is identified on their computer, just because there was a hypothetical possibility that something might have gotten in).

BTW, I have to say I was quite disappointed by the approach taken by the Cisco Talos team who appears to be trying to use information about this incident to drive marketing activities and piggyback on the case to increase the visibility of their upcoming product. And, I should probably also say that it wasn't Cisco who first notified us about the problem. The threat was first discovered and reported to us by researchers in a security company called Morphisec (thank you!). The threat was real, but to the best of our knowledge, it was fortunately mitigated before it could do any harm.

We plan to be issuing more communication about this as we go. This is a very unfortunate incident and of course, it's in our highest interest to properly investigate the issue and make sure it never happens again. Unfortunately, as you can imagine, the security measures in small companies are usually not up to the standard and that's a big lesson for us in terms of what to look for in case of future acquisitions.

Thanks,
Vlk

Sir,
a few years back forum.avast.com was compromised, user email and other information was leaked, my email also leaked (my old id, I am not a new user, i am using avast since the year 2006, I am stopped using avast after window 10 released due to the compatibility issue) and now this incident. I think it is too bad for a security company.
now in India, facing unknown error(Is Avast still having issues with their update servers?) too frequently (once/twice a week)

Offline smday999

  • Newbie
  • *
  • Posts: 2
Re: CCleaner and installing avast with out permission...
« Reply #79 on: October 10, 2017, 04:38:36 PM »
The question remains, how did this malware get into the CCleaner distribution? And while I don't have any answer to that, conspiracy theorists everywhere must wonder about the timing of the launch of a new product from Avast, "Avast Cleanup Premium", on sale now at 50% off!!!

http://view.emails.avast.com/?qs=e2b051d7a1872e5a6b3f7243a048f8c0848f5ddd1a572446286662e0ae6ca318fe2ec005e55d3a4906268a928860ca45501577ded9a13c068540704a2a125c3e

Nevermind I already own CCleaner - I no longer trust it and uninstalled it. So I buy this new product? Not likely. This is lame.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 43695
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: CCleaner and installing avast with out permission...
« Reply #80 on: October 10, 2017, 04:51:46 PM »
The question remains, how did this malware get into the CCleaner distribution? And while I don't have any answer to that, conspiracy theorists everywhere must wonder about the timing of the launch of a new product from Avast, "Avast Cleanup Premium", on sale now at 50% off!!!

http://view.emails.avast.com/?qs=e2b051d7a1872e5a6b3f7243a048f8c0848f5ddd1a572446286662e0ae6ca318fe2ec005e55d3a4906268a928860ca45501577ded9a13c068540704a2a125c3e

Nevermind I already own CCleaner - I no longer trust it and uninstalled it. So I buy this new product? Not likely. This is lame.
Speculations are just that, speculations. Eventually the culprits will be caught.
The fact is that one has nothing to do with the other.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.3.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline moroni

  • Avast team
  • Poster
  • *
  • Posts: 634
Re: CCleaner and installing avast with out permission...
« Reply #81 on: October 10, 2017, 10:10:56 PM »
The question remains, how did this malware get into the CCleaner distribution? And while I don't have any answer to that, conspiracy theorists everywhere must wonder about the timing of the launch of a new product from Avast, "Avast Cleanup Premium", on sale now at 50% off!!!

http://view.emails.avast.com/?qs=e2b051d7a1872e5a6b3f7243a048f8c0848f5ddd1a572446286662e0ae6ca318fe2ec005e55d3a4906268a928860ca45501577ded9a13c068540704a2a125c3e

Nevermind I already own CCleaner - I no longer trust it and uninstalled it. So I buy this new product? Not likely. This is lame.

Hi smday999. That's something that is still under investigation. We have released some blog posts including all the information we have available and the steps we've taken after we learned about this attack, you can find them (in chronological order) at:
https://blog.avast.com/update-to-the-ccleaner-5.33.6162-security-incident
https://blog.avast.com/progress-on-ccleaner-investigation
https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident
https://blog.avast.com/additional-information-regarding-the-recent-ccleaner-apt-security-incident
What we can say for sure is that definitely the release of an illegally modified version of CCleaner was not by any means a marketing strategy to boost Avast Cleanup, and the release of a new version of the latter days after the affected CCleaner version was purely coincidental.
Although Piriform (the company behind CCleaner) was purchased by Avast in mid July, they continue working in CCleaner very independently from the development of the Avast-branded tools we already had in our catalogue. It would never be our intention to damage one brand from our family to help another one nor to use such sensitive incident for marketing purposes.

Offline jessssidav

  • Newbie
  • *
  • Posts: 1
Re: CCleaner and installing avast with out permission...
« Reply #82 on: November 18, 2017, 04:38:33 PM »
Here it is Nov 18, and avast still sneaking in on Ccleaner download. I did a custom install and didn't take my eyes off the screen cuz I know all about bundling. Not a thing about avast. Yet, there it is, installed on my computer. It didn't take long for avast to screw up a good thing. First, this sneak move and now there is a backdoor trojan on some of Ccleaner's downloads. Way to go avast. I don't use avast having tried it before. It slowed up my system but that wasn't the worst part. Trying to uninstalled it was near impossible. I resent having anything forced on me and refusing to get it's hooks out of me just sends a red flag that this type of app is not to be trusted. Now I will uninstall both Ccleaner and (God willing) avast and never use either again.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 43695
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: CCleaner and installing avast with out permission...
« Reply #83 on: November 18, 2017, 05:04:07 PM »
Here it is Nov 18, and avast still sneaking in on Ccleaner download. I did a custom install and didn't take my eyes off the screen cuz I know all about bundling. Not a thing about avast. Yet, there it is, installed on my computer. It didn't take long for avast to screw up a good thing. First, this sneak move and now there is a backdoor trojan on some of Ccleaner's downloads. Way to go avast. I don't use avast having tried it before. It slowed up my system but that wasn't the worst part. Trying to uninstalled it was near impossible. I resent having anything forced on me and refusing to get it's hooks out of me just sends a red flag that this type of app is not to be trusted. Now I will uninstall both Ccleaner and (God willing) avast and never use either again.
Currently being discussed on the developers channel. (It's also the weekend.)
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.3.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11000
  • No support PM's thanks
Re: CCleaner and installing avast with out permission...
« Reply #84 on: November 18, 2017, 05:15:15 PM »
The latest CCleaner installer does indeed offer a pre-ticked Avast install, I noticed it on the first screen during install and was able to deselect it, strangely enough the same installer I transferred between three Win10 systems of which two of them got the Avast pre-ticked offer and one got the Chrome offer ::)

Offline sloshnmosh1

  • Jr. Member
  • **
  • Posts: 37
Re: CCleaner and installing avast with out permission...
« Reply #85 on: December 13, 2017, 03:10:42 PM »
You have to wonder why all these "antivirus" companies are pushing so hard to get their warez onto your device.

I'm sure it's all because they are concerned about your safety and privacy.

Make sure you enable all the "security" features so you get the protection you need to keep some nasty "virus" from scanning all your files, bookmarks, MMS messages, media etc. and sending all that data off to some "cloud" somewhere.

Thank God we have antivirus companies that protect our data from being exfilterated!

...Oh wait :-[

Offline thomaswilliamcrabtree

  • Newbie
  • *
  • Posts: 1
Re: CCleaner and installing avast with out permission...
« Reply #86 on: December 31, 2017, 07:00:54 PM »
December 31 2017, last day of 2017 nearly 2018 AND IT'S STILL HAPPENING!!

I'm an engineer with 20 years of Microsoft software development and system installs, I quadruple checked for pre-checked and pre-ticked sneaky boxes during the install and absolutely nothing was ticked.... Yet when the install finished it asked me to restart my computer and guess what... AVAST WAS THERE!!!

This is a brand new clean Windows 10 X64 December 2017 RS3 installation obtained directly from Microsoft, CCleaner was the first thing I installed as a test, downloaded directly from the official CCleaner Piriform website. I even quadruple checked the domain and hash checked the download.

To add insult to injury your Avast forum tries to trick you into installing Avast on your Android phone when you sign up, to complain about this!!

http://i.imgur.com/YNg8nK4.png

This is two blatant violations of EU consumer law and statutory rights. I suggest you get it dealt with because companies and individuals are already busy reporting you to ICO's all over Europe.
« Last Edit: December 31, 2017, 07:02:29 PM by thomaswilliamcrabtree »

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 43695
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: CCleaner and installing avast with out permission...
« Reply #87 on: December 31, 2017, 07:17:36 PM »
Looking at the offer, it's not hard or select "no thank you".
I wouldn't call that misleading.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.3.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline slavi

  • Newbie
  • *
  • Posts: 1
Re: CCleaner and installing avast with out permission...
« Reply #88 on: January 18, 2018, 12:16:01 PM »
Sounds like someone is trying to start a rumor. I'm fully up to date on both Ccleaner and Avast.
Certainly didn't see any offer to install Avast when installing Cleaner. I also always use a custom install and there aren't any options to install Avast.
That is BS. I just saw Avast Icon on my taskbar and freak it out. I am very careful what I am putting on my PC. So the fact that Piriform got bought by a malware producing company just to shove in their unsuccessful products on people's PCs is infuriating beyond anything. Now I will have to scrap Piriform software which I really liked it.

Offline Patrick2

  • Poster
  • *
  • Posts: 490
Re: CCleaner and installing avast with out permission...
« Reply #89 on: January 18, 2018, 07:01:38 PM »
Been using Avast since 2006, if i had any PC with Ccleaner update that showed Avast in the install window there, i'd just uncheck it and go about my business, as i feel Avast provides the best protection for virus, malware, spyware, without slowing down the systems,   Currently installed on 2 Desktops, and Laptop, and happy to report no issues,  and yes all systems still use ccleaner

Only one it showed that on was Insider Preview system, all i did was uncheck the avast in the program, installed Ccleaner, and done

Nothing too big a deal i feel to get upset over
Windows 10 Pro 64bit 1909 18363.476, Intel I7 7700 Nvidia Geforce 1050 16gb DDR4, WD 250GBSSD, 1tb Storage, Avast Free 19.8.2393
HP Omen Laptop Intel I7 7700HQ, 8gb Of Ram Windows 10 Home x64 1909 18363.476 128GB SSD, 1tb Storage, Avast Free 19.8.2393