If you ever suspected your PC had a virus infection and you Googled the problem, chances are you came across CCleaner as a viable solution to fix the problem. It has quite the word-of-mouth online and is often cited as the solution to most problems that plague a PC. The app is easy to use which is why a lot of people use it but it has come to light that for one month now, CCleaner has been distributing malware on Windows. If you use the app, it’s possible you might be a victim of the CCleaner malware infection. Here’s what you can do about it.
Infected Versions Of CCleaner
According to the report, the following two versions of CCleaner contain malware;
- CCleaner 32-bit version 5.33.6162
- CCleaner cloud version 1.07.3191
Checking For Infection
While the 64-bit version of CCleaner hasn’t been named as one of the infected versions, people using it have discovered that their system has been infected. If you used one of the above two versions of the app, you are infected. There is one other way to check your system for the malware; through the Windows registry.
Open the Windows Registry, and go to;
If the Agomo key is in the registry, your system has been infected. This is the surest way to check for the infection.
Removing The Infection
If you have been infected, take the following steps to remove it.
Upgrade CCleaner 32-bit to version 5.34. Piriform is aware of the problem and has already fixed it in the form of an app update.
Delete the Agomo key from the Windows registry. This ought to do the trick but once you’ve removed the registry key, you should scan your system for malware.
If your scans show infection and is unable to remove it, you might need to reset the Windows registry. Unfortunately, the easiest and safest way to do this is to reinstall Windows. If you have Windows 10, you can simply reset Windows. Your apps will be removed as a result but you won’t lose your files. Make sure no infected files are on your system. If you have infected files and are unable to remove them, you will have to do a fresh install of Windows 10.
Another solution is to restore your system to point before August 2017. The infected version of the app wasn’t released at that time so a system image saved at that point will be free of the infection. Unfortunately, not many people regularly back up a full system image so this solution isn’t going to be viable for most infected systems.
Initial reports of the infection said it wasn’t very dangerous. The reason was that the malware was to be executed in multiple steps and this infection was only the first step. The second was never executed and so that minimizes the risk. That said, new details are still coming forward so check your system and take preemptive measures.