Notification

Icon
Error

CCleaner malware report (Floxif) - Discussion post for blog post

Posted: Tuesday, September 19, 2017 4:20:26 PM(UTC)
Bruce.B

Bruce.B

Member Administration Original PosterPosts: 533
2
Like
With the news regarding the Ccleaner vulnerability we've created a blog post to help you investigate whether any computers in your network are potentially infected with the CCleaner 5.33 Malware, Floxif. Click here to open the blog post. In the blog post you will find instructions on how to configure your Lansweeper environment to find which computers have been affected by the Ccleaner exploit.

This topic is for any questions or discussions related to the blog post and its contents.

Click here to go to the blog post
andri@bluelagoon.is
#1andri@bluelagoon.is Member Posts: 2  
posted: 9/29/2017 10:26:34 AM(UTC)
Does this vulnerability only affect 32bit OS architecture, will this not affect x64 OS systems that installed the 32bit Ccleaner 5.33
The "CCleaner malware report" does not scan the program files (x86) on x64 OS systems :/
Bruce.B
#2Bruce.B Member Administration Original PosterPosts: 533  
posted: 9/29/2017 12:00:50 PM(UTC)
From our testing, there is only one Ccleaner installer, and it installs the 32-bit version only on 32-bit systems. You're not presented with a choice during installation. With this being the case and it being reported that the vulnerability was limited to the 32-bit Ccleaner version, we're reporting specifically on this.
andri@bluelagoon.is
#3andri@bluelagoon.is Member Posts: 2  
posted: 9/29/2017 12:32:13 PM(UTC)
Yes but the report you are providing limits to searching x86 systems "Where tblComputersystem.SystemType Not Like 'x64%'"
but the 32bit version of CCleaner can be installed on x64 systems and the report does not show these systems that can potentially be infected
Bruce.B
#4Bruce.B Member Administration Original PosterPosts: 533  
posted: 9/30/2017 11:28:41 PM(UTC)
As far as I'm aware, the Ccleaner installer does not provide the option to install a x86 or x64 version. It installs the x86 version on x86 systems and the x64 version on x64 systems automatically when you run the installer. We did test this with the latest Ccleaner version, and not the infected version 5.33.

If you're certain that for version 5.33 you did have the choice to install the x86 version on x64 systems, you can remove the relevant where clause from the report.

Active Discussions

Lansweeper Lansweeper --> PowerBI
by  Hendrik.VE   Go to last post Go to first unread
Last post: Today at 12:13:59 PM(UTC)
Lansweeper Report 32 or 64bit software
by  Phofman  
Go to last post Go to first unread
Last post: Today at 11:06:17 AM(UTC)
Lansweeper Deployment issue with certain installer
by  Ruben1   Go to last post Go to first unread
Last post: Today at 10:36:38 AM(UTC)
Lansweeper Mail notification Windows Defender
by  MB@CC-IT  
Go to last post Go to first unread
Last post: Today at 8:00:59 AM(UTC)
Lansweeper Change Management - Voting and Tracking
by  hrhansen   Go to last post Go to first unread
Last post: Today at 7:46:23 AM(UTC)
Lansweeper Lansweeper email Support
by  Esben.D  
Go to last post Go to first unread
Last post: Yesterday at 5:58:17 PM(UTC)
Lansweeper Scanning Methods
by  CyberCitizen   Go to last post Go to first unread
Last post: Yesterday at 1:12:34 AM(UTC)
Lansweeper Asset Group Config
by  CyberCitizen  
Go to last post Go to first unread
Last post: Yesterday at 1:10:54 AM(UTC)