Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
PUA:Win32/CCleaner
#1
Summary

Certain installers for free and 14-day trial versions of CCleaner come with bundled applications, including applications that are not required by CCleaner or produced by the same publisher Piriform. While the bundled applications themselves are legitimate, bundling of software, especially products from other providers, can result in unexpected software activity that can negatively impact user experiences. To protect Windows users, Microsoft Defender Antivirus detects CCleaner installers that exhibit this behavior as potentially unwanted applications (PUA).


[Image: avjiYXe.png]

The installers detected as PUA include CCleaner installers that have been found bundling the following applications. Note that these are normal applications that are not detected by Microsoft Defender Antivirus.

Google Chrome
Google Toolbar
Avast Free Antivirus
AVG Antivirus Free

While the CCleaner installers do provide an option to opt out, some users can easily inadvertently install these bundled applications.


What to do now

With PUA protection turned on, Microsoft Defender Antivirus automatically identifies and blocks potentially unwanted applications detected based on Microsoft detection criteria. Updating your antimalware definitions and running a full scan can help remove specific components detected under that criteria.

Technical information

Threat behavior

These CCleaner installers can be downloaded from various locations including the Piriform website. They are designed to offer additional software bundled along with CCleaner. including Google Chrome, Google Toolbar, Avast Free Antivirus, and AVG Antivirus Free. While Avast is also from the publisher Piriform, the rest of these bundled software are not.

Avast Free Antivirus

This CCleaner installer uses a Nullsoft plugin to download a file named Microstub.exe from avast.com. When it is launched, it provides a preselected option to install Avast Free Antivirus.


If users choose to continue, the bundled antivirus product installs in the background. Existing antivirus software, including Microsoft Defender Antivirus, might be turned off or uninstalled during this process.

Google Chrome

Some installers for the free version of CCleaner, also based on Nullsoft, include an installer for Google Chrome with the file name PF-Chrome-2019.exe. After installing Google Chrome, the installer sets the bundled application as the default web browser. Some variants of the same installer also add the Google Toolbar to Chrome as an extension.


AVG Antivirus Free

Another CCcleaner installer provides a preselected option to install AVG Antivirus Free. Like the Avast Free Antivirus installation, continuing with this option can remove or turn off existing antivirus software.

Prevention

Exercise caution when installing software to avoid unwanted applications that might be bundled with the installer.

Symptoms

Installers identified as PUA display a user interface for installing CCleaner and opting in for bundled software. All analyzed samples allow users to opt out of installing bundled software.

SOURCE
Reply




Users browsing this thread: 1 Guest(s)