[German]It seems that Piriform's CCleaner will be forced to be updates from old version 5.38 to version 5.46 – and the telemetry settings are switches on by default.
About the CCleaner and the trouble it caused, I've published a lot of articles here in the blog. Since security provider AVAST took over developer Piriform in 2017, the mishaps have been increasing.
The Telemetry thing and version 5.46
With the CCleaner version 5.45, Piriform had upgraded its telemetry data collection (see AVAST CCleaner 5.45 and Telemetry). After a big outcry among the users, Piriform decided to completely withdraw version 5.45 of the CCleaner at the beginning of August 2018.
After the complete revision the CCleaner version 5.46 was released at the end of August 2018. The users should be able to adjust if and what the CCleaner does. I had summarized my thoughts in the article CCleaner V 5.46 with improved data settings and assumed that (according to my blog posts) nobody actually lets the software on his systems anymore.
Automatic update to v5.46
This night, several e-mails arrived from German blog reader Georg S., who drew my attention to another ccleaner story. Georg S. wrote in his first mail:
just now I had to find out on 3 computers with Windows 7 Ultimate 64 bit that CCleaner Slim version 5.38 has been updated yesterday (2018-09-10) automatically to v5.46.
I had definitely deselected the option for automatic updates. If Avast did this systematically, then the data sniffing has reached a new peak.
In version 5.46 Slim (Settings –> Privacy) the function "Help improve CCleaner by sending anonymous usage" was activated. In the Control Panel (Programs and Functions), I have sorted the installed software updates by date. I discovered that CCleaner 5.46 has been installed.
Georg has send me the above screenshot from Control panel showing the installed update. In another mail the blog reader wrote:
also my Win 10 home tablet is affected by the "misery". I installed CCleaner v5.38 over v5.46 (works fine), made the usual settings and didn't have to delete an ominous "Avast-Pirifom" cookie, but on all Win 7 PCs.
I will now observe the behavior of CCleaner to possibly be able to reproduce the behavior.
So all 4 computers were/are affected!
Today I will restore the Win 7 images from September 1st and install yesterday's Windows and missing software updates.
Of course it's a very unpleasant behavior – of course I don't notice it, because I don't let this software on my systems. Later Georg S. added the following:
meanwhile I restored the image from 2018-09-01 on one of the affected Win 7-PCs and CCleaner was updated from 5.38 Slim to 5.46 again, although the option for automatic updates was deselected.
Again at 5.46 the data transfer is activated without any query. Thus the "silent" update is automatically activated by Avast – an absolute No Go.
I will reinstall the image and uninstall CCleaner 5.38 immediately!
I have used CCleaner to comfortably "clean up" the registry under a user interface, which is sometimes difficult to find under Win 7 itself.
Shortly after publishing the German edition of this blog post, I got confirmation from another blog reader, that it wasn't a single incident. So I don't need to add further comments to my article – it's now up to you, to judge, whether you trust CCleaner anymore. It's the old thing: If you are using snake oil, your hands get dirthy with that.
Addendum: CCleaner security issues
Due to the fact, that some CCleaner lovers are take my (German) blog post about that tool to personally, I let execute the portable version of CCleaner within my security test bed. This test bed shows, whether a program is vulnerable for DLL hijacking or other things. Here is a screenshot:
One DLL hijacking mine after the other went up during executing CCleaner (portable edition, the installable version has even more issues). The problem is that CCleaner can be hijacked by malware with very simple means. In order to uninstall something in Windows (always used as an argument why some users need the tool), CCleaner needs administrator rights. But then malware can piggyback via DLL hijacking to gain administrator privileges. Some background information about the security problems with DLL hijacking including information about the testbed can be found here.
CCleaner has been infected with malware
CCleaner comes mit AVAST PUP
AVAST CCleaner 5.45 and the telemetry thing
CCleaner 5.45 pulled and other peculiarities
CCleaner V 5.46 with improved data settings
Cookies helps to fund this blog: Cookie settings
I found the same issue on my home PC with 5.37 getting upgraded automatically to 5.46. I queried my RMM tool noticed the same thing across all of the client PCs I had installed 5.37 on. Basically, they upgraded without notice or permission. When I do install it I always have auto-update, system and active monitoring disabled. I've never had any CCleaner install auto-update to a newer version prior to this incident. I'll be running a script across all of the PCs to uninstall it since it can't really be trusted now.
Same thing happened to me, only I was auto-updated from 5.43. This is a total garbage move on Piriform's part. There's a big thread on their forums about this issue here:
People are outraged about it, as they should be. Even the moderators on their forum is outraged. I noticed someone posted that even if you reinstall an older version it is updated to 5.46 almost immediately with absolutely NO notification (totally silent) before you even get a chance to change any settings. What are these people thinking?
Aside from the usual one or two moron fanboys everyone is pretty upset about this.
Thx for addendum – I haven't found this thread during writing the blog post (maybe I used the wrong search words).
The owner of BleepingComputer has now posted a news article on this issue so word is definitely getting out.
find and delete the ccupdate.exe file in the\program files\ccleaner folder.
also delete the "CCleaner Update" task in Task Scheduler Library (taskschd.msc)
do BOTH of these things and CCleaner v5.37 or higher will not auto update w/out user input.
How many times I have blogged about 'ccleaner absurdities'? The malware incidendt. The PUP incident. The security night mare. The telemetry thing. The unwanted auto-update thing. Does it need more incidents to lose trust?
The better approach: Uninstall that ccleaner and there shall be no more auto update ;-).
But everybody has the right to ruin his systems in a best manner ;-).
I totally agree with this. At this point you have to be nuts to keep using CCleaner. The product behaves like a trojan these days.
Pingback: New CCleaner scandal: forced automatic updates - gHacks Tech News