Protecting Against Malicious Piriform CCleaner v5.33 Using Saner Solution



    CCleaner is a system cleanup tool by Piriform, which is now owned by Avast. A suspicious activity was identified on September 12th, 2017, where an unknown IP address receiving data from software found in version 5.33.6162 of CCleaner. Later it was found that the 5.33.6162 version of CCleaner was illegally modified before it was released to the public.

    The malicious code sent encrypted information about the infected machine to a C&C server that the hackers had set up. Among other things, the name of the computer, a list of installed programs and running processes, as well as the Mac addresses of the network adapters also received by the C&C.

    This alone is not too sensitive information. However, the infected file opened a backdoor, allowing the attackers to load additional malicious software, such as blackmail software or keyloggers.

    In this article, we will cover step by step procedure to protect against "CCleaner v5.33” using Saner Solution.


    Piriform - CCleaner v5.33 using Saner Solution

    For illustration, we have chosen"Windows 7” system.

    How to check if a systems are affected by "Piriform - CCleaner v5.33”?

    Step1: Click on "Queries” menu item that is on the left side pane.


    Step 2: After clicking on "Queries” A window appears as shown below. Click on "Create Query” on the top right corner.


    Step 3: Figure 3 shows how to create a query for finding "CCleaner v5.33" present in all systems across network of endpoints. Fill in the details as shown below and click on "Create.


    Step 4: The "Query CCleaner” is created as shown below. Click on "Run” to check the results.


    Step 5: After successfully running the query, result will be displayed as show below. It is confirmed that "CCleaner v5.33”
    is present in the following listed systems.


    How to remove "Piriform - CCleaner v5.33” using Saner solution?

    Step 1: Click on"Command And Control” section tab. A window appears as shown below. Click on "Create command” on the top right corner.


    Step 2: Click on "Software Deployment” to install or uninstall any software.


    Step 3: Select "Uninstall” from command, fill in "CCleaner” in Application Name* and choose silent option by
    filling ‘/s’ (without quote). Add Name and description. Click on "Create”.


    Step 4: We can see the rule is created. Saner will start to uninstall the specified application. Status will be scheduled
    once the rule gets created.


    Step 5: Click on refresh button near "status”. Below screenshot shows the status of the rule as "Completed”.


    Step 6: Click on refresh, Removing CCleaner is success, which can be seen in below screenshot.


    To download the full article, please open the below pdf attachment. 

    Was this article helpful?
    0 out of 0 found this helpful