Blog

Finding computers infected with the Floxif CCleaner malware

Posted in News on September 19 2017 by Lansweeper Team

It recently became clear that version 5.33 of the popular clean-up tool, CCleaner, was infected with the Malware dubbed "Floxif". Using Lansweeper you can scan your Windows computers to find out which computers are safe, are currently still infected or were infected. To diagnose this as accurately as possible we'll be scanning for multiple things. After following the steps below you can find out whether any scanned computer in your environment was affected:

In the web console go to Scanning\File & Registry Scanning
Click the Add File Scan button and enter the file path below

%programfiles(x86)%\CCleaner\CCleaner.exe
Click the Add Registry Scan button, select HKEY_LOCAL_MACHINE as rootkey enter SOFTWARE\Piriform\Agomo as regpath and MUID as valuename
Go to Assets\Windows and click the Rescan Assets button in the left-hand pane. This will rescan all items on your Windows computers, including Registry and File scans.
Go to Scanning\Scanning Queue and wait for your scans to finish.
Go to Reports\Create New Report to open the report builder.
Copy and paste the SQL query below into the bottom window.
Give your report a title and click Save & Run.

If you want to discuss this blog post you can do so in this forum topic.

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblAssets.Lastseen,
tblAssets.Lasttried,
Case
When CCleanerInfo.ValuenameFound = 'No key found' And
CCleanerInfo.[32-bit CCleaner Exe] = 'Not found' Then 'Not Infected'
When CCleanerInfo.ValuenameFound = 'No key found' And
CCleanerInfo.[CCleaner Version] Not Like '5.33%' Then 'Not Infected'
When CCleanerInfo.ValuenameFound = 'MUID value found' And
CCleanerInfo.[CCleaner Version] Not Like '5.33%' Then
'Infected registry key found'
When CCleanerInfo.ValuenameFound = 'No key found' And
CCleanerInfo.[CCleaner Version] Like '5.33%' Then
'Infected CCleaner found but no registry key'
When CCleanerInfo.ValuenameFound = 'MUID value found' And
CCleanerInfo.[CCleaner Version] Like '5.33%' Then
'Infected CCleaner and registry found' End As Status,
CCleanerInfo.Regkey,
CCleanerInfo.Valuename,
CCleanerInfo.ValuenameFound,
CCleanerInfo.[32-bit CCleaner Exe],
CCleanerInfo.[CCleaner Version],
CCleanerInfo.[CCleaner path]
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblComputersystem On tblAssets.AssetID = tblComputersystem.AssetID
Left Join (Select Top 1000000 tblAssets.AssetID,
Case
When CCleanerReg.Valuename Is Not Null And CCleanerReg.Valuename <>
'' Then 'MUID value found' Else 'No key found' End As ValuenameFound,
CCleanerReg.Regkey,
CCleanerReg.Valuename,
Case When CCleanerFile.Found = 1 Then 'Found' Else 'Not Found'
End As [32-bit CCleaner Exe],
Replace(Replace(CCleanerFile.FileVersion, ' ', ''), ',', '.') As
[CCleaner Version],
CCleanerFile.PatchSearched As [CCleaner path]
From tblAssets
Left Join (Select Top 1000000 tblRegistry.AssetID,
tblRegistry.Regkey,
tblRegistry.Valuename,
tblRegistry.Value,
tblRegistry.Lastchanged
From tblRegistry
Where tblRegistry.Regkey Like '%SOFTWARE\Piriform\Agomo' And
tblRegistry.Valuename = 'MUID') CCleanerReg On CCleanerReg.AssetID =
tblAssets.AssetID
Left Join (Select Top 1000000 tblFileVersions.AssetID,
tblFileVersions.FilePathfull As PatchSearched,
tblFileVersions.Found,
tblFileVersions.FileVersion,
tblFileVersions.CompanyName,
tblFileVersions.Filesize,
tblFileVersions.Lastchanged,
tblFileVersions.CreationDate,
tblFileVersions.LastAccessed,
tblFileVersions.LastModified
From tblFileVersions
Where tblFileVersions.FilePathfull Like '%CCleaner.exe') As CCleanerFile
On tblAssets.AssetID = CCleanerFile.AssetID) As CCleanerInfo
On tblAssets.AssetID = CCleanerInfo.AssetID
Where tblComputersystem.SystemType Not Like 'x64%'
Order By tblAssets.Domain,
tblAssets.AssetName

The Lansweeper SysAdmin Awards are here!

Posted in News on July 20 2017 by Lansweeper Team

Hi! My name is Bart and I'm the lead SysAdmin at Lansweeper.

I would like you to join me in celebrating the most epic day of the year: SysAdmin Day! As we’re on approaching of the official festivities on Friday the 28th of July, the Lansweeper team would like to honor the greatest SysAdmins by handing out our own prestigious awards. Besides eternal glory & respect, we'll give away three $500 AMAZON GIFT CARDS to the best entry in each category. Check out the Award Categories below and pick your favorite(s).

Sysadmin Award categories


Funniest Asset/User Relation	Most Unique Asset	Rarest Help Desk Ticket Type
'It's complicated'? 'Never, ever getting back together with that old laptop'? 'Recently divorced'? Make it Lansweeper official.	A space shuttle? A pool table? The company BBQ? A smart fridge? The lawn mower? The sky is the limit with this one!	'Is it plugged in?' or 'Try again when sober' are just a few examples of ticket types you don't want your users to see.
Enter here	Enter here	Enter here

The winners will be personally contacted & announced on SysAdmin Day, July 28th.

View our Terms & Conditions here.

Discover devices vulnerable to WannaCry

Posted in News on May 15 2017 by Lansweeper Team

Vulnerable to WannaCry?
Over the weekend, we've all heard about WannaCry, WannaCrypt, WCRY and a smattering of other names. The gist: it's a ransomware program targeting Windows operating systems by leveraging an SMB vulnerability. Microsoft issued critical security bulletin MS17-010 listing patches for the various affected operating systems. Lansweeper can tell you in a matter of seconds which devices are vulnerable and need to be patched. You can find a step-by-step guide on our forum.

Help out a friend
Do you know any colleagues that could use Lansweeper right about now, have them contact support@lansweeper.com. We'll help them out. No strings attached.

Lansweeper 6.0.0.48 Security Update

Posted in Updates on December 01 2016 by Lansweeper Team

Summary

By creating a custom crafted Windows service an attacker can cause a remote execution on the administrator's workstation.

Severity: Critical

Although there are no signs that this vulnerability is exploited in the wild, Lansweeper recommends installing this update as soon as possible.

Products Affected

Lansweeper 4.x, 5.x, 6.0.0.45 and earlier

Available Updates

Lansweeper 6.0.0.48, which can be downloaded from our download page

How To Update

Updating Lansweeper is easy, quick and completely free of charge. The latest installer can be found on our download page. A detailed step-by-step guide on how to update can be found in this knowledge base article.

Acknowledgements

Bartlomiej Pokrzywinski and Ewerson Guimaraes from Security Competence Center / Poland

Lansweeper 6.0 released, the Help Desk arrives!

Posted in News on April 12 2016 by Lansweeper Team

The new Lansweeper 6.0 is available for download. It’s no secret anymore that Lansweeper 6.0 comes with a functional Help Desk fully integrated with our mature IT asset management solution. Take the opportunity to get acquainted with the reorganized 6.0 menu and the various new functionalities this brand new version includes. Aside from the Help Desk feature, the new release includes a knowledge base as well as a calendar. You can now update to version 6.0 by using the installer available on the download page of our website.

Lansweeper 6.0 is available to all customers, just like any other update we release. The help desk section is licensed on a per agent basis, including one free agent license in all existing and newly purchased Lansweeper licenses. An unlimited number of users can open tickets, but you pay a fee per agent that responds to those tickets. Additional agent licenses can be purchased through our online store at $ 10 per agent per month. For additional information, please contact our Sales team.

A selection of included functionalities is listed below. More details of the included features, important help desk concepts, and terminology can be found here.

A fully functional help desk that integrates with Lansweeper.
A feature-rich ticketing system that allows people inside and outside of your company to send questions and request support. The ticketing part of the help desk includes, among others, the following features:
- Tickets can be created through the web console, via email, API and the import feature.
- Organization of tickets into ticket types.
- Prioritization of tickets through ticket priorities and follow-ups.
- Custom fields, optionally nested, to add extra information to tickets in an organized way.
- Ticket filters, tabs and notifications to easily organize tickets into various overviews.
- Ticket templates and outgoing email templates (auto reply).
- Ticket dispatching, automatic assignment and closing of tickets.
- SLAs to set company standards for the handling and resolution of tickets.
- Customization options like signatures, different ticket sorting methods, email alerts and more.
A knowledge base to share articles with your employees on a variety of topics.
A calendar to keep track of meetings, vacation days and more. Calendar events can be linked to tickets.
Optional customization of the look and feel of the help desk.
Flexible security settings that restrict web console access through a system of roles and permissions.

1 2 3 ...>>

Subscribe to our feed

Got a question?

	support@lansweeper.com
	sales@lansweeper.com
	+1 917 382 3697
	+44 203 695 7908
	+32 52 696 696