Linked by Thom Holwerda on Tue 19th Sep 2017 09:58 UTC
Privacy, Security, Encryption

Talos recently observed a case where the download servers used by software vendor to distribute a legitimate software package were leveraged to deliver malware to unsuspecting victims. For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner. CCleaner boasted over 2 billion total downloads by November of 2016 with a growth rate of 5 million additional users per week. Given the potential damage that could be caused by a network of infected computers even a tiny fraction of this size we decided to move quickly. On September 13, 2017 Cisco Talos immediately notified Avast of our findings so that they could initiate appropriate response activities. The following sections will discuss the specific details regarding this attack.

Don't use registry cleaners. They serve no purpose.

Thread beginning with comment 648993
To read all comments associated with this story, please click here.
rcaudill
Member since:
2011-09-01

I completely disagree with this statement. I have been in this business for a long time and where I see the value of registry cleaners is if something isn't working as expected. A actual story that happened to me was that I had Office 2013 that would not work. It kept going through a loop where when Excel opened it would complain about missing setup files. It would then ask for a recovery "disk" (yes I said disk). I tried all recommended patches and fixes from MS and nothing worked. I then turned to CCleaner as I had a lot of bloat on my system anyways and sure enough the problem was gone after one CCleaner run. Now I think it is a small percentage of problems that would run into this but I do believe it has its place.

Reply Score: 7

rcaudill Member since:
2011-09-01

Let me follow this up by saying a reinstall and an uninstall and then install also did not fix the issue.

Reply Parent Score: 2

Kochise Member since:
2006-03-03

Yup, used to install our products using InstallShield that had the bad habit to leave traces/leaks all around the registry and hard disk, making further installations hazardous if not plain futile.

I had to program my own version of a registry cleaner to remove any hints of a previous installation to allow customers to reinstall our software. I then switched to InnoSetup and all problems were gone.

Hail to good guy Jordan Russell.

Reply Parent Score: 4

Bill Shooter of Bul Member since:
2006-07-14

I have been in this business for a long time

What buisness is that? The Computer using business? The sketchy utility business?


I then turned to CCleaner as I had a lot of bloat on my system anyways and sure enough the problem was gone after one CCleaner run.


Uhmm what kinda "bloat", the kind you know you never should have used in the first place? You know what happens when you start trusting shady 3rd party fixing programs? You get malware. So you either fix the problem the right way (TM) or you get malware.

Reply Parent Score: 3

rcaudill Member since:
2011-09-01

I love trolls like you. You come to attack someone. So let me tell you about myself, you minuscule little man. I have designed full fledged applications by myself for multiple organisations (including gov't orgs to help children) and have also been a lead developer for Syllable once. So when you attack someone you should really do your research.

And, when your company asks you to install software for business purposes (like Office or say a PDF reader, or different software to test validity of certs, or Wireshark, or Bash for Windows so you can use Windows while in a meeting where you must present MYSQL queries/bash commands to prove the validity of your programs and your presentation software does not work well with your remote desktop nor do you have time to setup something better cause you are too busy designing real software) and then you no longer need it, you get rid of it! Because if you don't, your company issued computer is slow and does not work as efficient as you need it to while you are compiling/interpreting QT4.8/QT5/NodeJS/PERL applications.

Reply Parent Score: 2

avgalen Member since:
2010-09-23

You are right. Registry cleaners do have its place as a really final last ditch effort to get really broken systems working again. In those situations it is worth to try it because the next best option would be a clean-wipe, which is what you SHOULD do in a business situation and which is what you will probably need to do in any other situation as well. Even if the registry cleaner fixes your 1 problem it might cause another one that you will not notice untill much later.

If you check the "bugfix history" of the regcleaner component of CCleaner you will see some major bugs have happened over time. This means that for most users of this component CCleaner will have caused more problems than it solved

The disk cleaning components of CCleaner are very good, but will mostly just remove caches that will slow down the programs you just cleaned up. This was useful a decade or 2 ago when diskspace was a limiting factor but now it is rather useless as well

CCleaner is probably the best program of it's sort. It is small, free, often updated, has a portable version, looks nice, etc.....but except for niche cases it is no longer needed

In Summary
Regcleaners will not make your system work better/faster, but they might fix your "unsolvable" problem when you are in a jam. They should not be used generally!
Diskcleaners make you feel better, but probably slow your programs down

For startup items, just press CTRL+Shift+ESC (taskmanager), find the Startup tab and disable everything you want. It even has a nice "Startup impact" column
For disk cleanup, just run "cleanmgr /sageset:0", check everything you want, run "cleanmgr /sagerun:0" after major changes on your system (like the now 6 monthly upgrades of Windows 10)
For registry cleanup: NOPE NOPE NOPE (In case of extreme emergencies there is an automatic registry backup at c:\Windows\System32\config\RegBack)

Reply Parent Score: 3

rcaudill Member since:
2011-09-01

You are right. Registry cleaners do have its place as a really final last ditch effort to get really broken systems working again. In those situations it is worth to try it because the next best option would be a clean-wipe, which is what you SHOULD do in a business situation and which is what you will probably need to do in any other situation as well. Even if the registry cleaner fixes your 1 problem it might cause another one that you will not notice untill much later.

If you check the "bugfix history" of the regcleaner component of CCleaner you will see some major bugs have happened over time. This means that for most users of this component CCleaner will have caused more problems than it solved

The disk cleaning components of CCleaner are very good, but will mostly just remove caches that will slow down the programs you just cleaned up. This was useful a decade or 2 ago when diskspace was a limiting factor but now it is rather useless as well

CCleaner is probably the best program of it's sort. It is small, free, often updated, has a portable version, looks nice, etc.....but except for niche cases it is no longer needed

In Summary
Regcleaners will not make your system work better/faster, but they might fix your "unsolvable" problem when you are in a jam. They should not be used generally!
Diskcleaners make you feel better, but probably slow your programs down

For startup items, just press CTRL+Shift+ESC (taskmanager), find the Startup tab and disable everything you want. It even has a nice "Startup impact" column
For disk cleanup, just run "cleanmgr /sageset:0", check everything you want, run "cleanmgr /sagerun:0" after major changes on your system (like the now 6 monthly upgrades of Windows 10)
For registry cleanup: NOPE NOPE NOPE (In case of extreme emergencies there is an automatic registry backup at c:\Windows\System32\config\RegBack)



I can't disagree with any of this. It definitely is preferred to clean wipe, when time permits. Unfortunately at my current job, where I have used Windows for the first time (outside of tech support roles), that does not happen; therefore I use CCleaner and tools of the such to get my computer working again. Do I think it is a great approach, no, but it is a method to keep on going.

Reply Parent Score: 2