Notification

Icon
Error

Windows: computers vulnerable to Ccleaner exploit (Floxif) - Ccleaner vulnerability Ccleaner exploit CCleaner 5.33

Posted: Tuesday, September 19, 2017 4:54:31 PM(UTC)
Bruce.B

Bruce.B

Member Administration Original PosterPosts: 529
0
Like
Prior to running the report follow the instructions found in this blog post.

Code:
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblAssets.Lastseen,
tblAssets.Lasttried,
Case
When CCleanerInfo.ValuenameFound = 'No key found' And
CCleanerInfo.[32-bit CCleaner Exe] = 'Not found' Then 'Not Infected'
When CCleanerInfo.ValuenameFound = 'No key found' And
CCleanerInfo.[CCleaner Version] Not Like '5.33%' Then 'Not Infected'
When CCleanerInfo.ValuenameFound = 'MUID value found' And
CCleanerInfo.[CCleaner Version] Not Like '5.33%' Then
'Infected registry key found'
When CCleanerInfo.ValuenameFound = 'No key found' And
CCleanerInfo.[CCleaner Version] Like '5.33%' Then
'Infected CCleaner found but no registry key'
When CCleanerInfo.ValuenameFound = 'MUID value found' And
CCleanerInfo.[CCleaner Version] Like '5.33%' Then
'Infected CCleaner and registry found' End As Status,
CCleanerInfo.Regkey,
CCleanerInfo.Valuename,
CCleanerInfo.ValuenameFound,
CCleanerInfo.[32-bit CCleaner Exe],
CCleanerInfo.[CCleaner Version],
CCleanerInfo.[CCleaner path]
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblComputersystem On tblAssets.AssetID = tblComputersystem.AssetID
Left Join (Select Top 1000000 tblAssets.AssetID,
Case
When CCleanerReg.Valuename Is Not Null And CCleanerReg.Valuename <>
'' Then 'MUID value found' Else 'No key found' End As ValuenameFound,
CCleanerReg.Regkey,
CCleanerReg.Valuename,
Case When CCleanerFile.Found = 1 Then 'Found' Else 'Not Found'
End As [32-bit CCleaner Exe],
Replace(Replace(CCleanerFile.FileVersion, ' ', ''), ',', '.') As
[CCleaner Version],
CCleanerFile.PatchSearched As [CCleaner path]
From tblAssets
Left Join (Select Top 1000000 tblRegistry.AssetID,
tblRegistry.Regkey,
tblRegistry.Valuename,
tblRegistry.Value,
tblRegistry.Lastchanged
From tblRegistry
Where tblRegistry.Regkey Like '%SOFTWARE\Piriform\Agomo' And
tblRegistry.Valuename = 'MUID') CCleanerReg On CCleanerReg.AssetID =
tblAssets.AssetID
Left Join (Select Top 1000000 tblFileVersions.AssetID,
tblFileVersions.FilePathfull As PatchSearched,
tblFileVersions.Found,
tblFileVersions.FileVersion,
tblFileVersions.CompanyName,
tblFileVersions.Filesize,
tblFileVersions.Lastchanged,
tblFileVersions.CreationDate,
tblFileVersions.LastAccessed,
tblFileVersions.LastModified
From tblFileVersions
Where tblFileVersions.FilePathfull Like '%CCleaner.exe') As CCleanerFile
On tblAssets.AssetID = CCleanerFile.AssetID) As CCleanerInfo
On tblAssets.AssetID = CCleanerInfo.AssetID
Where tblComputersystem.SystemType Not Like 'x64%'
Order By tblAssets.Domain,
tblAssets.AssetName

Active Discussions

Lansweeper Clients missing specific Office feature
by  CyberCitizen   Go to last post Go to first unread
Last post: Today at 1:28:26 AM(UTC)
Report Center Windows 10 compliance (color-coded)
by  CyberCitizen  
Go to last post Go to first unread
Last post: Today at 1:15:07 AM(UTC)
Lansweeper User association report query
by  endyk   Go to last post Go to first unread
Last post: Yesterday at 9:47:25 PM(UTC)
Lansweeper Report for SSAS and SSIS
by  The Boss  
Go to last post Go to first unread
Last post: 6/25/2019 6:53:21 PM(UTC)
Lansweeper Firefox 67.0.3 zero-day vulnerability
by  Esben.D   Go to last post Go to first unread
Last post: 6/25/2019 3:34:44 PM(UTC)
Lansweeper PO Box Query
by  kmoc  
Go to last post Go to first unread
Last post: 6/25/2019 11:16:28 AM(UTC)
Lansweeper Computer Age Chart Report
by  CyberCitizen   Go to last post Go to first unread
Last post: 6/25/2019 8:40:47 AM(UTC)
Lansweeper Dell SupportAssist CVE-2019-12280
by  Esben.D  
Go to last post Go to first unread
Last post: 6/24/2019 9:15:20 AM(UTC)