Infected CCleaner downloads from official servers

Avast posted a clarification explaining what happened and giving a timeline of the events. One point we should take note of is that the breach preceded the take-over of Piriform by Avast.

Users that are unsure whether they were affected by this and whether their data may have been sent to the C2 server can check for the presence of the following values under the registry key:


The values in question are:

These values are not created by any clean versions of CCleaner, just by the infected ones.

Malwarebytes will detect the presence of those values and flag them as Trojan.Floxif.Trace

The trojan itself reportedly only ran on Windows 32 bit systems, but the values above were created on 64 bit systems as well.

Read more here