I think I have been lucky because there are no signs that my PCs were affected, but yet I am still a bit concerned because of the uncertainties in this story.įor starters, it took a full month to find out about the malware distributed with CCleaner 5.33. Personally I'm still hoping to officially learn that on 圆4 systems the malware did not execute in any capacity at all. Too bad the video posted by Hazelnut does not answer this. If that 10 minute wait period is dependent on main CCleaner process being active, it would confirm the above. Talos states that the malware starts but delays/pauses its operation by ~10 minutes. The first stage was meant to be spray-and-pray, that is why I would consider the above as a flaw in the malware, limiting (possibly) its reach. It is how I've always been using it myself and 10 minute margin means it is more than doable. All one had to do was run and close CCleaner (without leaving in tray) within 10-minute window. If that is true, it is worh noticing that 32-bit system CCleaner users, who were using it on as-needed basis could have avoided complete malware execution aswell. Hello, do you know of any researchers other than Talos Group stating this? Certain researchers have discovered that the first payload did not begin until ccleaner.exe (32bit) had been open for roughly 10 minutes. I hope this cleared up those 3 questions.ģ. But, my mispeak was to use normal when no evidence points to any non-normal situation. ![]() I have seen this timing in action but am waiting on another piriform moderator to speak with me before posting it (s/he lives in the UK so I think it's still late there). no, just meant to look for and remove the files and registry suggested in the article.ģ. the "if you're 64bit" the you was directed at the previous poster. Under what "non-normal" circumstances would the malware have been activated? ThanksRobertġ. Can you please clarify what "normally" means in this context. You write " the malware normally does not have the time to activate between the time ccleaner.exe (32bit) hands off to ccleaner64.exe.". Are you now suggesting we follow this advice (because a lot of us are, indeed, very worried)? 3. The new evidence reinforces this, and the researchers suggest strongly that it may not be enough to simply update CCleaner to get rid of the malware". Are you suggesting people with 32-bit window shouldn't update to 5.35? 2, You write "If you are very worried you can follow the steps in the article you link to it says "Talos Group suggested to restore the computer system using a backup that was created prior to the infection. You write "If you have 64 bit Windows, make sure you update your ccleaner to the latest version (5.35 at the time of this post)". Thanks for these suggestions Nergal but they raise a couple more questions: 1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |