Does the current version Ccleaner have any MBAM issues?

[yardbird]

Removing the program from my pc's last month was the issue or bug I had with MBAM Premium
I did google: "Does the current version Ccleaner have malware in the program?" and, it appears
that it had its main servers hit a year ago... 
https://www.pcworld.com/article/3225407/security/ccleaner-downloads-infected-malware.html

Whats the status with Malwarebytes Premium & using CCleaner right now. ??

[nukecad]

CCleaner and Malwarebytes are running together fine now, there was an issue last month with CC and the Firefox Malwarebytes add on but that has been fixed.

CCleaner has had many problems in the past few months, mainly of their own making, a clash with Malwarebytes is not one of them.
(The latest CCleaner v5.46 has not had any major issues reported, and so far less minor issues than any version for a year).

The CCleaner installer hack last year was an odd one, thousands of users worldwide got the infected installer but it was a 3 stage attack targeted at 20 or so big tech firms, and only around four PC's got infected with the final payload. It seems to have been an attempt to steal industrial secrets.
It was still a big embarassment to Piriform that the thing got into their installer in the first place, even if ultimately it caused no damage for users.

The malware was in the installer, not in the CCleaner programme itself.
If you still have a copy of the problem installer, ccsetup533.exe, on you machine than any decent anti virus/anti malware should flag it and quarantine/remove it.
If you had run the infected  installer then there may still be a remnant in the registry that again should be found and quarantined/removed.

[yardbird]

thx. for the reply @nukecad  Well I had to open up my toolbox to find the culprit,  back around August 26th!  2018 -- everything pointed to CCleaner ?  On 3 different computers... Think I'l leave it out for a while... I know I had  version 5.46.?? of CCleaner & mbam blocked me to the Piriform website......   take care

Welcome to Windows

[nukecad]

CCleaner 5.46 was released on August 30th.

The previous version, 5.45, had a lot of issues (particularly with unwanted monitoring and privacy) and was withdrawn from release.
The release announcement for 5.45 was still on the website and wasn't removed until about the 26th, (but I'm not sure of that date).
I'm wondering if MB somehow flagged that one because of the withdrawal?

[yardbird]

Don't know mate!  but August 26th I caught something..... think I'll wait for the next version... "water under the bridge now" have a good day..... cheers!

[nukecad]

Just to note that there is now an issue that seems to be appearing with the latest version of CCleaner.

It is not with the new version in itself, but some users are reporting that older versions are being automatically updated to the latest version without giving the user any choice in the matter.
These users all say that they had automatic updating turned off.

It is suspected to be the 'emergency' updater that may be doing this, but it has not yet been confirmed or denied by Piriform/Avast.
If that is confirmed to be the cause then it will be the final nail in the coffin of CCleaner for many users.

The CCleaner emergency updater was introduced after last years installer hack and is only supposed to be used in "a worst-case scenario" - their words.
It is not meant to be used for minor bug fixes or to force general updates.
However it is a known fact that Avast use their 'emergency updater'  to force install relatively minor fixes to their AV's (they used it just last week), and the CCleaner one is based on that.

[yardbird]

Thanks for the update!  this is the 1st I've heard of the automatic update issue?  When I start CCleaner, I always get a small box inside CC. That says theres a new version, with an OK or Cancel.  Even if I have this box checked?  it warns me 1st.   but, if an 'emergency' updater' they might send it out like you said?  We can always find a way to contact them:  https://forum.piriform.com/staff/     business is business, so will we get an answer?  CCleaner 1-800-816-9004   - I don't know... Yesterday I just bought a year of CC Pro.  I'll see if I find that email they sent me...     

may want to un-check this box?  if it will do any good?          cheers !  

EDIT:  https://support.piriform.com/hc/en-us/requests/new

Edited September 11, 2018 by yardbird

[yardbird]

@nukecad  I had some shaky issues with software years ago here. beta testing ect... or a change of an AV program -- I sent an email off to Ccleaner support a few days ago.  I said: "Do I need these exclusions in: Options/Exclude tab?"  see pic.

Here's the reply I got today:

From: John Maier (Piriform Support)  Your request (#303291) has been updated

Sep 11, 09:10 EDT

Hi Ed

Thank you for your email. These would be recommend as they would keep CCleaner from affecting the files associated with your antivirus software (Windows Defender and Webroot) and antimalware software (Malwarebytes and SUPERAntiSpyware).

They are by no means required, of course - in fact, on the computer I'm writing to you from, CCleaner does not have any exceptions set at all.

However, this is still a reasonable precaution to take if you want to ensure that our software does not affect the security software, so it's up to you if you wish to keep the exclusions or not.

Please let me know if you have any other questions, I'll be happy to answer them for you!
Regards,

John Maier | CCleaner Support - Tucson, AZ

Product Docs: http://www.piriform.com/docs
Help Center: http://piriform.zendesk.com             First time I put exclusions in Ccleaner  this month, & I've used that program since appx: 2007 without exclusions.... My pc runs nice & quiet now.... So you be the judge & will take it 1 day at a time..... cheers !!!

[nukecad]

That's fine, anything you put in the excludes CCleaner will (should) leave alone and so not impede the function of that programme.

Whether you have the 'Inform me of updates' selected or not is up to you, it shouldn't update anything only tell you an update is available.
The option underneath that one 'Enable silent background updates' will auto-update to new versions if you have it selected.

From your screenshots you already have 5.46 so there is nothing to update to.
(Although a beta version of 5.47 is available on the CCleaner forum for manual download).

 

The unwanted update problem has had a lot more reports in the past 24 hours, still no response from Piriform.

CCleaner forum regulars still suspect the emergency updater is being used to do this; so if you want to keep running an older version-

Delete CCupdate.exe.
It can't be run (by a schedule or anything else) if it's not there. Deleteing it does not affect CCleaner itself.

A number of users have "C:\Program Files\CCleaner\CCupdate.exe" as an 'include' in CCleaner itself, so that running CCleaner will remove it for you.
I also have "C:\Windows\System32\Tasks\CCleaner Update"  as in include to get rid of that as well.

 

TBH I'm not realy using CCleaner at the moment, I'm writing my own cookie/junk cleaner for my own personal use.
(It's going well and is much faster than CC, but of course it's specifically for my machine).
As for Windows logfiles and temporary files I'm using Storage Sense on a daily schedule, it's Windows stuff let Windows clear it.
It looks like Storage Sense is only going to get better with the next Windows 10 upgrade due this/next month.

[nukecad]

3 hours ago Piriform have admitted that they have used the 'emergency' updater. to update users to v5.46 without asking consent.

https://forum.piriform.com/topic/52598-546-latest-version-unwanted-and-problems/?page=2&tab=comments#comment-299634

It's already got some reaction (mine included) and I expect a lot more to come.

[exile360]

I was going to say much more, but I'll refrain since this isn't the place.  I will just say that I am glad to be a user of the portable build (which they still make available here although I can find no way of reaching it publicly through the other pages on their site although it used to be accessible via a "builds" link that was once at the bottom of the download page for the standard installer along with the "slim" (no toolbar) version) as I've noticed it includes no additional executables (though I had an older version, prior to 5.45, but 5.46 doesn't have it either, at least for the portable build), and while it does attempt to access the web, I have blocked it with my firewall so that it can't communicate with their servers (assuming they weren't already blocked via any of my privacy tools).

I also just downloaded and launched 5.46.6652 and noticed the option to send telemetry was enabled by default, which I thought was explicitly a violation of GDPR, but perhaps that's only for the builds they actually still list on their site for download or perhaps the software somehow detects the location and configures the option accordingly (although I doubt that would give them immunity from claims from users running a VPN or similar tool in order to alter their apparent location, and since it's certainly possible for OS regional and language settings to be configured for non GDPR countries when the system resides in one I would hope that they aren't relying on some sort of automation to make that determination as that's just asking for trouble IMO).

[nukecad]

The 'builds' page is still available - https://www.ccleaner.com/ccleaner/builds

That page has-
The Standard installer, with a pre-ticked Avast 'offer' which will install Avast AV if you don't untick it.
The Slim installer, which does not contain the Avast 'offer' but is usually released a week or two after the Standard installer.
The Portable version, no installer at all it's just a zip file with the main programme components.

The emergency updater is contained in the installers of the first two.
Everytime you install one of those, or update to the latest version -

• It installs itself.
• It sets up a task to 'phone home' about 5 minutes after a boot and then twice a day to see if there is an 'emergency' update available.
• It also gives itself access through your firewall.

The issue is that they have been caught using it when there was not an emergency at all, just a wholely avoidable data protection error on their part.

If you don't like that idea then delete "C:\Program Files\CCleaner\CCupdate.exe"
If it's not there it can't phone home, scheduled or not, firewalled or not.

Seperate from the emergency updater are the issues of monitoring and their privacy setting.
That was what the big row about v5.45 was about, and why they had to pull it from release.
They still haven't got it right, although they are trumpeting that they have.

To comply with GDPR that privacy option should not be selected by default.

PS. Click on that 'Data Factsheet' link if you want a laugh about how to seem to give detailed information about what you are collecting, without actually giving such detailed information only generalities.

I've been telling them about their GDPR non-compliance for over a month now, but was told (by PM) to back off as being a large organisation they know best.
It was quite clear in that warning that they don't properly understand data protection, and especially not the new provisions in GDPR about 'Online Identifiers'.
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/what-is-personal-data/what-are-identifiers-and-related-factors/

Either that or they don't want to understand because it would curb their marketing activities?

[exile360]

They've gotta get something profitable out of their free products, right?  Of course they don't want to understand, plus they're late to the party for Big Data since they waited until after GDPR went into effect, so now it's too late and they're playing catch-up with all the other vendors (not to mention the big guys like Microsoft and Google, who know more about us than we know about ourselves).

I knew the builds page was still there, but I couldn't find any way to access it through their site without explicitly entering the URL into the address bar of my browser.  It used to be linked near the bottom of the download page for the standard version, but not any more.  Piriform started concealing it a while back, before the Avast buyout, then brought it back for a while, then got acquired by Avast and Avast removed it once more (not surprising considering everything).

I realize companies have to make money and I don't begrudge them that, however I do believe they're really pushing the boundaries of what's acceptable and ethical, or at the very least honorable to their users/customers.  Regardless of where their actions stand legally, I'm not a fan of these tactics at all and I think Piriform could have made different choices a long time ago to make themselves profitable without relying on such shady tactics.  They have a lot of good tools and technologies and I'm certain some modification and/or combination of those could have been transformed into at least one paid/freemium product people would be willing to buy for a reasonable price without all the bundleware and data harvesting.  The data recovery field alone has seen a huge re-emergence with the rise of ransomware and other destructive PC threats (not to mention all those old HDDs that many people still own which fail all the time that they haven't replaced with SSDs yet) and I know that if all these PUP vendors with their "system optimizers" and "registry cleaners" can turn a profit with their halfhearted efforts (yes, people actually pay for that stuff, even when it isn't telling them that they have tons of "critical issues" that need fixing) that Piriform could have done something with all of their tools to make something worth selling, especially since they already had a widespread reputation as a company people actually trusted who were known for making "legit"/"good" versions of the kinds of tools often found to be PUPs (i.e. non-scareware that actually works and doesn't try to frighten users into paying for it and doesn't install tons of unwanted toolbars and other bundleware junk on their systems), but that ship has sailed now and they're a lot closer to those PUP vendors than they ever were before, and it's just sad in my opinion.

Say what you will about Malwarebytes and the changes they've made to their products, licensing model etc., but to this day they still offer an effective, completely free malware removal tool with unlimited use to everyone, and in fact now provide more free functionality than ever with the addition of the default scheduled scan just because they know many people will forget to scan every once in a while to check for new threats on their systems and they want to do what they can to help those free users (and obviously remind them that they are still there with an effective product that the users might consider purchasing some day to unlock the additional Premium features, but they're not obnoxious about it at all).  Their integrity is still intact.  I'm not so sure about Piriform, and it's a real pity.

[nukecad]

At least the Avast malaise has not affected Recuva or Defraggler (yet). Or Speccy, but that has always had it's own problems.

TBH I've always been more than half convinced that Avast bought Prirform with the intention of closing down CCleaner in favour of their own 'newly stand-alone' cleanup application.

It's just the tactics that have taken many by surprise, this seemingly deliberate step-by-step alienating of the CCleaner userbase since Avast took over.
Of course if that was the intention then former CC users will be going nowhere near Avast now, so it's backfired on them.

[Firefox]

usually what happens when companies buy out others... the put their touch in the good working product and then they are no longer good products... Lets hope they clean this up

[nukecad]

3 hours ago, Firefox said:

usually what happens when companies buy out others... the put their touch in the good working product and then they are no longer good products... Lets hope they clean this up

I've been through it myself.

The company I worked for got 'Approved Design Contractor' status with one of the worlds largest nuclear sites (see my location) because we did things in accordane with the regulations.

One of the 'losers' bought us out - which was OK because they wanted to learn what we were doing right and apply it to their own procedures.

Then one of the bigger, multi-national, firms who had 'Approved supplier' status but not design status bought us both out and insisted the we did everything their way.

They no longer have the approved design status, I wonder if they even realise why.

[Firefox]

I can certainly relate to that story @nukecad