Author Topic: Had to jump through hoops to install latest update of CCleaner 563....  (Read 608 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31862
  • malware fighter
First MBAM extension in the browser started to moan about a threat - some htxps://obfuscator.10 etc.
Then Microsoft also intervened, do you really want to install? Had to insist...

VirusTotal results on the download: https://www.virustotal.com/gui/file/f2aba7dc1d4ab617d7b09b19e7a5b4f6b6e3f790981050d163f395002646b890/detection

All clean, why the alerts? I had the official download from inside the proggie.

Consider: https://www.virustotal.com/gui/file/f2aba7dc1d4ab617d7b09b19e7a5b4f6b6e3f790981050d163f395002646b890/community

Anyone on this? By the way also VoodooShield alerted on the installer file.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36238
Re: Had to jump through hoops to install latest update of CCleaner 563....
« Reply #1 on: October 16, 2019, 02:47:43 PM »
Quote
First MBAM extension in the browser started to moan about a threat - some htxps://obfuscator.10 etc.
I guess those who can answer is over at malwarebytes forum...


“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61537
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 19.9.2394.B1 - CC 5.63 - EEK - Firefox ESR 68.2 [NS/AOS/uBO] - Thunderbird 68.2.2 [EM] - ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2684
  • Volunteer
Re: Had to jump through hoops to install latest update of CCleaner 563....
« Reply #3 on: October 16, 2019, 02:57:45 PM »
Isn't CCleaner the program that got hijacked a few years back?

Quote
Dr Web has a tendency to false-positive our new releases for the first 24-72 hours after release.  They tend to respond quite promptly though to feedback from us and from their users about corrections though.

*Volunteer*.
Tier I SOC Analyst; Threat Hunter; Digital Forensics (no cert); HTB Competitor; Pentester (no cert).

4th Year BCS Student @ The University of New Brunswick.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31862
  • malware fighter
Re: Had to jump through hoops to install latest update of CCleaner 563....
« Reply #4 on: October 21, 2019, 01:00:49 PM »
I was not aware how actual this was, seen in the light of the Petya attack on CCleaner,
that avast had to nip in the bud on September 23rd last,
while the malcreant/attacker tried to compromise  a temp VPN account since May 14th last.

The malcode was Petya. This is a Russian word derived from Pinyin,
the system used to translate Mandarin-Chinese with the use of Latin.

So Voodooshield and MBAM still alerted Piriform's software.

Petya is malware that originated in the Russia-Ukraine opposition, that is why I got the obfoscator10 alert,
which later was seen to be a FP, checked the installer at VirusTotal, nothing came up.

So Avast has to sure watch their crown jewel software now,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61537
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 19.9.2394.B1 - CC 5.63 - EEK - Firefox ESR 68.2 [NS/AOS/uBO] - Thunderbird 68.2.2 [EM] - ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31862
  • malware fighter
Re: Had to jump through hoops to install latest update of CCleaner 563....
« Reply #6 on: October 22, 2019, 04:04:41 PM »
Hi Asyn,

The aftermath of the breach of NSA's Eternal Blue combined with Mimikatz password stealing researchware
led to  the infesting Agent.BTZ malware, the so-called Autorun worm.

Initially used by State Actors it formed an inspiration for cybercriminals:
https://www.f-secure.com/v-descs/worm_w32_agent_btz.shtml

Time to check C:\Windows\ sysWow64.cmd.exe via specific malware detecting command prompts.

Malware also abused by Turla-APT-group hijacking other APT's cyber-attacking-tools.
Read: https://www.baesystems.com/en/cybersecurity/feature/the-snake-campaign

It dangerous in this digital world of ours, folks, it really is.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!