Re: Trojan.Nyet Ya &Trojan Floxif.Trace

Hey is anyone going to help me with this. Yesterday i posted that i ran MBAM and it detected a Trojan NYET YA as mentioned in my first post. I then did what they(CC) recmmended and downloaded the latest version of 5.34.
Well i just ran MBAM and lo&behold it found two Trojans named Torjan Floxif.Trace in the registry and vale keys and it clearly shows that they are in HKLM\SOFTWARE\PIRIFORMCCleaner. I've just emailed Cleverbridge,who run the Piriform/AVAST group and told them what has just happened.This after doing what they suggested,upgrade to the 5.34 version.
Can someone please advise me what i should do? Should i uninstall CCleaner and reinstall? MBAM has quarantineed both Trojans,the one from yesterday and today's marvellous find.I rebooted and my PC is operating OK.
But i need feeedback here as to what route i should go.

 

Sorry, I have 64 bit on all my units. Hope someone else can test.

 

Corday,
But my point is that the CCleaner version they claim was/is infected ver 5.33; should be replaced with ver 5.4. This i did, only to run as i indicated above,MBAM to find out that this so-called unaffected ver 5.34, is in fact also a victim of malware Here is full description of what MBAM found>>>>

1.) Trojan.Floxif.Trace HKLM\SOFTWARE|PIRIFORM|AGOMO/TCID
2) Trojan Floxif.Trace in registry key HKLM/SOFTWARE\PIRIFORM\AGOMO


So am I the only one out there with this new problem?I don't even think they are aware of this secondary infection unless what MBAM found here were Traces(thus the word Trace is the infected files).Maybe it is something left over from previous version,i dunno. There were something like a billion downloads last year and this issue is all over Twitter and whatnot.
My question is are these Trojans NYetYa and the two Floxif ones, are they dangerous? They are quarantineed but should they be deleted? Or just keep them quarantineed? Should i just uninstall CCleaner as well?
I know i'm riding my luck still operating Win XP-32-bit,that i take responsibility for,but i have AVAST a/v and full premium version of MBAM installed.

Please get back to me with answers to the questions.
Thx again

 

D: CCsetup533 = the infected installer, HKLM\SOFTWARE\PIRIFORM(\CCleaner) = the Agomo key, indicative of infection and created by the trojan when the infected installer was run.

The installer has been quarantined, you've reinstalled CCleaner using the clean version of 5.34 (hopefully from Piriform, not some 3rd party file hoster), the updated MBAM scan has detected and removed the Agomo Registry key.

You should be safe, though there may be some inactive dregs remaining; the trojan was a failure from the get go, the C&C server never served up any of the malware that the instigator had planned, so in this instance, Ccleaner users were very lucky!

For the latest on the CCleaner compromise/infection from Avast: https://blog.avast.com/update-to-the-ccleaner-5.33.1612-security-incident

 

I did in fact install direct from their site.Again my point is the they (CCleaner ) claim that this newer version 5.34 is clean and uninfected,but MBAM found these newer Trojan class culprits,so something is obviously not right. I can't believe that after installing 5.34 that i amongst the millions using CCleaner is the only one with this new problem?

 

Hi,

Please follow the instructions here > NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

Follow the instructions carefully and if you have any problems running the scan, let the analyst know in your thread.

Post your logs as per the instructions in the Virus/Trojan/Spyware Help forum........not here.

Be advised that this part of the forum is usually very busy so some patience will be required but someone will be along to assist you when they can.

Good luck. :smile:

 

Re: Trojan.Nyet Ya and CCleaner

The Malware has already been removed successfully with MBAM.My question is simply to advise other users of CCleaner that there may still be an existing issue even with the newer version 5.34 that CCleaner claims is unaffected.

 

"... the updated MBAM scan has detected and removed the Agomo Registry key."

The earlier scan didn't find (maybe it wasn't part of the then current detections - this is a new infection... ) that Registry key, though it must have already been there. The later, updated, MBAM scan did detect and remove it.

The key wasn't installed by the 5.34 installer - that wasn't detected/was marked as clean on the latest scan, it only found the original key that it hadn't been programmed to detect yesterday.

 

OK so what are you saying then? I;m I ok then? I also ran AVAST A/V and it just found a virus; D:|System Volume Information\....|A4564495.exe Threat is Win 32:TlsHack-A{Trj} so Avast has put it in the Chest.
is this related to the CCleaner issue?

 

Its unlikely that MBAM or any single antivirus solution would clean your system properly.

Please see my advice above in post #6 .

 

Please see my last post.I'm confused because initially when i posted the problem i thought i was in the Virus amd Malware section where we are supposed to post issue like this.I didn't think i was posting my problem in the Main section.
So what do i do now that Avast detected this new virus?

 

Apologies for the confusion.

The Virus/Trojan/Spyware Help forum used to be called Virus/Trojan/Spyware Removal Help. I'm not sure why that changed but I was always under the impression that this forum was reserved for users posting their logs for malware removal assistance.

When I directed you to follow the instructions you said the malware had been removed so I moved your thread to General Computer Security.

If you're now saying that you have more detections and wish our analysts to help, you should run dds and post the results in a new thread in Virus/Trojan/Spyware Help as per the aforementioned instructions.

You should also include a link to this thread so the analyst can see what has been happening.

 

Ok, yes i ran AVAST av and it found a Win32:Tls Hack-A[Trj]
so i don't know if that is realted to the CCleaner issue.If a post this link>>>

http://www.techsupportforum.com/forums/f112/trojan-nyet-ya-and-ccleaner-1210873.html

when i post my virus issue will this link above make them aware of what is going on?

 

It will now. :smile:

 

Ok Deejay just posted new thread with link as you requested. But my fuerther question is
am I alone in the CCleaner universe, when after i do what they recommend and download the new version 5.34 and then MBAM discovers 2 new Trojans in that suposed "unaffected" version, no one else has this issue? I find that hard to believe,yet i haven't seen anything
on Twitter that even with this new version there are issues.

 

I haven't used Ccleaner for years, its too bloated now. I'll have a look around for you later, see if I can find anything but I only posted here to point you in the right direction.

I see your new thread.......but you still didn't post your log.

 

how do i get the log again? Do i run MBAM or Avast? Not sure.
Ok i see it in your post #6 i get it. ok thx deejay

 

Deejay
just to let you know i posted my log as a reply to myself.I gather tech sipport will figure that out.I also need to wait and be patient right?
thx again

 

CCleaner malware operators targeted tech firms including Cisco, Microsoft, Samsung | ZDNet

 

Corday.
I'm still waiting to have my problem fixed but yesterday when i used the 5.34 ver of CCleaner i received update or what appeared to be for another update,which i installed.But then i read you comments below on Twitter and read some of comments there,one on Zednet in which at end of article he said this nrewer version and i don't mean 5.34,but 5.35 was not authorized vast Avast. It's the one i downloaded.
So i ran scans but got nothing but decided to uninstalled CCleaner once and for all. So i guess i will wait to something more on this as well as i'm waiting tech support to help me.

 

The latest version is 5.35(etc.).

 

I encountered a computer wherein Windows Defender caught and quarantined the bug we're discussing.

 

Would you reinstall CCleaner at this time? I have uninstalled it,just to be on safe side. There must be other ways to clean out or speed up one's PC? Did i relly need it(free version) in the first place is the question?

 

No, you don't really need it. First clean with Windows Clean-up. About once a month from the same app, clean system files. Look at each one and decide your preferences. Already checked ones should be done.

 

Ok thx. hey Corday, Deejay told me to wait 72 hrs and then if no rersponse from tech support to write "bump please" in my message,well it is well past 72 hrs and still noone has gotten to me.What's going on?

What's link to Win Cleanup? I'm running Win XP remember.

 

Copied from MS:
You run Disk Cleanup in Windows XP by adhering to these steps:

From the Start button menu, choose All Programs→Accessories→System Tools→Disk Cleanup.
In the Disk Cleanup dialog box, click the More Options tab.
Click the Disk Cleanup tab.

Place check marks by all items you want to

remove. Click the OK button.