We like and use CCleaner even at our large corporate clients but over the years it has had some serious problems and today we particularly don’t like that it almost surreptitiously wants to run in the background, monitor our staff and chew up resources.
CCleaner for Windows Hacked to Spread Malware, Update Now
June 9, 2022CCleaner, the popular file clean-up and performance optimization utility for Windows, has been hacked to spread malware to users of the 32-bit version. The breach was discovered by security researchers at Cisco Talos Group. They found that the hackers could inject the malware into the app by accessing the download servers used by the antivirus provider Avast (the parent company that owns CCleaner). “For some time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner,” writes the Talos team.
Groovypost.com/news/ccleaner-for-windows-hacked-to-spread-malware-update-now/
What is OfferCore?
Today Microsoft Sentinel is flagging CCleaner for containing “OfferCore” and we see alerts like: ‘OfferCore’ unwanted software was blocked on one end – Host(XXXXX)
OfferCore is simply an add-on installer that usually makes ‘offers’ to the user installing software. Things like “Hey… would you like to also install our free ad-blocking software” are common and those add-ons can contain other nasty things.
PUP.Optional.OfferCore is Malwarebytes’ detection name for a small family of bundlers that are known to install adware and potentially unwanted programs (PUPs) along with legitimate applications on Windows systems.
Malwarebytes.com/blog/detections/pup-optional-offercore
As such we don’t think that OfferCore is a crisis unto itself, but it is another annoyance with CCleaner and one of our more security oriented clients has had enough. They want CCleaner removed from all their machines.
Script to Uninstall CCleaner
Of course you can uninstall CCleaner using Programs & Features GUI but administrators need something they can process on alot of machines at the same time.
CCleaner can be uninstalled using this simple cmd line script:
"C:\Program Files\CCleaner\uninst" /S
You could push this script out using PDQDeploy or SCCM or NinjaOne or even just through a larger command line script that connects to each machine on your network as an admin and runs the script.
CCleaner Command Line Switches
Here are a few cmdr line options that might help you manage CCleaner:
C:\Program Files\CCleaner\uninst" /SCCleaner Silent Uninstallccsetup.exe /Sinstalls CCleaner silently with default options.ccsetup.exe /D=[path]installs CCleaner into a different folder than the default folder.CCleaner.exe /AUTOrun CCleaner silently and automaticallyCCleaner.exe /CLEANERopens Health Check or Custom Clean depending on which you have set as default
0 Comments