Jump to content

Trojan.Floxif infection


Recommended Posts

Hello, earlier this week during a threat scan MB alerted me that it detected this trojan in CCleaner and it's installer. I've quarantined the files, but is that enough? Should I also delete them?

I'm also worried that my computer may not be totally clean, I've attached the FRST logs below.

I've read a lot about it before posting here, but different sites give different info. One says if you're using 64-bit and the registry key (I can't remember what it was exactly) is absent, then you're clean. Another site says it installs a fileless virus and corrupts files and that you need to restore your computer to an early point or reset to factory condition and change all passwords from another computer or phone.

I've only ever run the 64-bit version of CCleaner, but I understand the code was also in the installer. Was there a keylogger component to the virus that I need to change log ins? Is there anything else I need to look for?

Thank you.



Link to post
Share on other sites

Hi guest11 :)

Since you're running Windows 64-bit, you shouldn't have been affected by the malicious payload that was embedded in CCleaner v5.33. Though we can check if the Agomo key is present or not on your system to confirm.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Registry Search
Follow the instructions below to download and execute a Registry search on your system with FRST, and provide the log in your next reply.

  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • In the Search text area, copy and paste the following:
  • Once done, click on the Search Registry button and wait for FRST to finish the search
  • On completion, a log will open in Notepad. Copy and paste its content in your next reply

Link to post
Share on other sites

Thank you for your response.

I ran the scan and this is what came up:

================== Search Registry: "Agomo" ===========

====== End of Search ======


I did run the installer which was also labeled as infected. Is there any need to change log in passwords or router password? And is keeping the infected files in quarantine better, or should I just delete them? And finally, is using the add/remove program feature ok to remove the rest of the CCleaner files?

Sorry for all the questions, but this is the first time MB has caught something like this on my system, and I'm seeing different advice from different security experts, some saying if the key isn't there you're ok, some saying that you have to restore to an earlier date or even completely restore to factory condition.

Link to post
Share on other sites

As suspected, you weren't hit by the malicious payload embedded in the CCleaner v5.33 installer. There is no need to change your passwords, or your router password. Files placed in quarantine are harmless. You can delete them if you wish. And uninstalling CCleaner normally will do the job.

Link to post
Share on other sites

Hi, sorry about the delay.

No, the password changes were because of a hardware/software conflict that has been resolved. I was concerned since it happened after the installer was run and the bad version of CCleaner was on my computer it could have caused some sort of damage.

So you would say I could log in to accounts without changing passwords, online shopping, etc without worry?

Link to post
Share on other sites

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.