I was doing my normal routine of scans when something really odd happened. I ran FindJunkFiles then came back to the desktop to find the CCleaner icon was gone. I checked the remove programs list and sure enough it was not on the list. It had been totally uninstalled.
This was not an accident on my part. I had run the CCleaner expander BK123 had found last night and found when you remove the rules and delete the program it completely guts the CCleaner settings and rules list. The left column is completely blank. I used Wise uninstaller in forced mode to remove what was left of CCleaner. Odd thing was whatever was going on would not let me download the latest version. Tried 3 different places to verify I was being blocked.
Fortunately I keep copies of software on my NAS box so I installed one of those. That put me back one version. But at least it was working.
I was getting just a little concerned so I ran ESET in Threat Scan mode. Sure enough it found 6 nasties from my stint with WinZip. Hold on, it gets better.
I used WinZip to open an Adruino .rar file. For all the trouble I was about to have, the .rar file was crap. There was nothing in it I could use. So it went bye, bye. I never extracted it, just peeked in to the hive. So I feel confident that whatever happened didn't come from that file.
Ok so force remove WinZip and jump forward a few days. I missed my routine Sunday so I got on to it today. Ran FJF and CCleaner bit the dust somehow. Comes the good part.
I ran ESET in Threat Scan mode and it found this:
Not sure if this is related but I'm sure this is not supposed to be there. I have a feeling the CCleaner expansion program has installed some sort of payload that gets vindictive when you remove it.
The threats from WinZip are nothing to be blown off. I'd be real careful with the latest version of WinZip. It installs all sort of crap as part of the software. It doesn't give you any options to not install all the junk. And boy howdy they have gone way out there from just a simple unzip tool. I'd find something else to use. And sorry BK123 little buddy, that program you found is very destructive.
I'm on the hunt to see if any of the last few days adventure has left any other little payloads. I'll let you know.
This was not an accident on my part. I had run the CCleaner expander BK123 had found last night and found when you remove the rules and delete the program it completely guts the CCleaner settings and rules list. The left column is completely blank. I used Wise uninstaller in forced mode to remove what was left of CCleaner. Odd thing was whatever was going on would not let me download the latest version. Tried 3 different places to verify I was being blocked.
Fortunately I keep copies of software on my NAS box so I installed one of those. That put me back one version. But at least it was working.
I was getting just a little concerned so I ran ESET in Threat Scan mode. Sure enough it found 6 nasties from my stint with WinZip. Hold on, it gets better.
I used WinZip to open an Adruino .rar file. For all the trouble I was about to have, the .rar file was crap. There was nothing in it I could use. So it went bye, bye. I never extracted it, just peeked in to the hive. So I feel confident that whatever happened didn't come from that file.
Ok so force remove WinZip and jump forward a few days. I missed my routine Sunday so I got on to it today. Ran FJF and CCleaner bit the dust somehow. Comes the good part.
I ran ESET in Threat Scan mode and it found this:
Not sure if this is related but I'm sure this is not supposed to be there. I have a feeling the CCleaner expansion program has installed some sort of payload that gets vindictive when you remove it.
The threats from WinZip are nothing to be blown off. I'd be real careful with the latest version of WinZip. It installs all sort of crap as part of the software. It doesn't give you any options to not install all the junk. And boy howdy they have gone way out there from just a simple unzip tool. I'd find something else to use. And sorry BK123 little buddy, that program you found is very destructive.
I'm on the hunt to see if any of the last few days adventure has left any other little payloads. I'll let you know.
Last edited:
