CCleaner Malware - What You Need to Know and How to Remove
By Renee | 04/Dec/2023
Around 2.27 million users of Piriform's popular CCleaner app have been advised to update the application—a result of sophisticated hacker-hidden malware. If you’re a user of CCleaner and do not have too many interests in the technical explanation of the incident, here’s plain and easy guide for how to find out if you’re affected and what you need to do for free malware protection next.
Who is affected?
Piriform has said it believes its servers were compromised for downloading between August 15 and September 12. If you downloaded CCleaner during this period, or have version v5.33.6162 CCleaner and v1.07.3191 CCleaner Cloud downloaded or updated on your computer, then you may be affected.
How can I tell if I was infected?
When an infected version of CCleaner was installed, it would have created a Windows Registry key located at HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\Agomo. Under this key will be two data values named MUID and TCID, which are used by the installed malware infection.
You can use Registry Editor (How to use registry editor) to navigate to the Agomo key and see if it exists. If it does, then your computer is infected with this malware.
The Malware attack CCleaner – How to Remove
According to Avast, the malware attempts to transmit information like computer names, IP addresses, installed software, active running software, network adapter information and more.
How to remove
Step 1 | Remove Agomo key
Use the built-in registry editor to remove Agomo key. (The guide is mentioned in the last paragraph) You need to know that upgrading to version 5.34 will not remove the Agomo key from the Windows registry.
Step 2 | Update CCleaner
Probably you want to uninstall CCleaner as soon as possible. Don’t hurry. Take advantage of it to remove the malware first. Updating CCleaner to v5.34 removes the old executable and the malware. CCleaner does not have an auto-update system, so users must download and install CCleaner 5.34 manually.
Step 3 | Change Password and Get Real-time Protection
It is suggested that victims stop using the infected computer temporarily and then change their passwords from a computer or cell phone that did not have infected version CCleaner installed on it. This is because it is not known if other malware was installed by the Floxif infection and is currently running that may steal passwords and other information.
After changing the passwords, go back to the infected machine and run antivirus to have security scan, like Windows Defender and Malwarebytes, whichever you have. Then you can use your computer again.
For those who want to be truly safe, the best course of action is to install Neptune SystemCare Ultimate. The Real-Time Protection can identify and stop malicious apps and processes, strengthening system security and online surfing safety.