Piriform, the company behind the highly successful Windows cleaning software CCleaner, released version 5.35 of the application on September 20th, 2017.
The new version was signed with a brand new digital signature, the only change of the release.
The company's infrastructure was attacked successfully recently, and a modified signed version of CCleaner was distributed for a time using the official distribution channels.
According to information provided by Piriform and Avast, Piriform's parent company, the malware was contained only in the CCleaner program. The company states that the malware did not spread on its own, for instance to infect other files on the computer system, a computer network the device was connected to at the time, or even on the Internet.
The company released a malware-free version of CCleaner, version 5.34 on September 12th, 2017. The new version overwrites the old if installed on the system, which in turn would eliminate the malware by doing so according to the company.
Cautious users may want to restore a backup of the system that was created prior to the update of the software to version 5.34 on the system.
The free version of CCleaner does not support automatic updates which means that users who run the free version of the software need to download the latest version manually to update the build.
The new CCleaner 5.35 version comes with a new digital signature. This is different from version 5.34 which was shipped with the old digital signature which the compromised version of CCleaner did use as well.
You can verify that a new digital signature is used in the following way:
- Open the folder that the CCleaner executable files are located in.
- Right-click on ccleaner.exe or ccleaner64.exe, and select properties from the context menu.
- Switch to the digital signatures tab.
You should see September 20th, 2017 as the timestamp, and Piriform Ltd as the signer.
CCleaner users may download the portable version or the installer of CCleaner 5.35 from Piriform's Build page.
Please note that the connection comes up as "not secure" right now. This is caused by an image resource being loaded from a HTTP source instead of a HTTPS source.
Now You: Were you affected by this? What have you done so far?