CCLEANER HACKED!
Find out if your PC is at risk
What happened?
A recent version of the junk-removal tool Ccleaner, a favourite among Computeractive readers and staff, was hacked. Piriform, which makes the program, said that version 5.33 had been “illegally modified” to allow hackers to download the Floxif malware on to users’ PCS. This can steal information such as the computer’s name and what software is installed.
Released on 15 August, version 5.33 was available to download until 12 September, when Piriform detected “suspicious activity”. It’s thought that 2.27 million people installed it during this time, although only those running 32bit Windows PCS were at risk. The hack didn’t affect the Android version of Ccleaner.
In a blog ( www.snipca.com/25643) Piriform’s Paul Yung said that the server hosting the malware had been taken down, removing the immediate danger. He said there was no evidence hackers were able to use the malware. The hack came just a month after Piriform was bought by antivirus company Avast.
How can you stay safe?
First, check if you were infected by going to HKEY_LOCAL_MACHINE\ Software\piriform\agomo in the Windows registry and looking for MUID and TCID entries (see screenshot). If you see these, it means you downloaded Ccleaner 5.33 between 15 August and 12 September, and must update it immediately. The free version of the program doesn’t update automatically, so to do it yourself visit www.piriform.com/ccleaner and click the green Download button.
You can check which version of Ccleaner you have by opening the program and looking at the number at the top left. Anything numbered 5.34 and above is safe. The hack may have affected 32bit PCS only, but those with 64bit PCS should probably update too, just to be on the safe side.