If you are like most IT Companies or MSPs, you use CCleaner to keep customer desktops optimized, however, you may have inadvertently infected your customer’s computers if you’ve recently downloaded CCleaner version 5.33 between August 15th and September 12th. Cisco has a detailed write up on what they discovered.
If you are running an MSP platform like Kaseya or Labtech, you can quickly narrow down which machines may be affected:
Since Kaseya audits every single executable on the agent machine, you can create a view and narrow down the results to the name of the executable along with the specific version number.
Labtech doesn’t audit every single executable on an agent machine, therefore you may need to do two different checks to be sure. The first check involves creating a Labtech search that targets the information in add/remove programs for version 5.33 for CCleaner.
The second method involves writing a script in powershell, batch file, or whatever scripting language you use to perform an exhaustive search of the computer’s hard drive for all instances of the CCleaner executable, pull the version number, and see if it matches the infected version number.
If you don’t happen to use an MSP tool like Kaseya or Labtech, then you’ll need to do whats necessary to check your customer systems. After you’ve put out this fire, call us to talk about how Kaseya or Labtech can become a real force multiplier in your IT business.
IT Companies and MSPs
Don’t forget to search throughout your own environment (desktops, servers, portable media, etc) to remove all copies of version 5.33, otherwise you may inadvertently infect your customer’s systems!