A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows 7 » Windows 7 Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Hackers hid malware in CCleaner software



 
 
Thread Tools Rate Thread Display Modes
  #121  
Old October 21st 17, 02:46 AM posted to alt.comp.os.windows-10,alt.comp.freeware,alt.windows7.general
Shadow
external usenet poster
 
Posts: 1,638
Default Hackers hid malware in CCleaner software

On Fri, 20 Oct 2017 21:52:08 -0200, Shadow wrote:

On Fri, 20 Oct 2017 16:22:21 -0700, Mike S wrote:

On 10/20/2017 10:09 AM, Paul wrote:
Ken Blake wrote:
On Thu, 19 Oct 2017 23:08:45 -0700, Mike S wrote:

On 10/19/2017 12:11 PM, Ken Blake wrote:
On Tue, 19 Sep 2017 17:05:26 -0000 (UTC), Blake Snyder
wrote:

I have been using the CCleaner registry cleaner for so long that I
can't
even say how many years it has been. Probably since I first heard
about
Ccleaner, and never once have I see it be a problem that I could
attribute
to me cleaning the registry.
Four points:

1. As registry cleaners go, CCleaner's is perhaps the safest.

2. "Safest" doesn't mean it's completely safe. There is still a risk
in using it.

3. Let me point out that neither I nor anyone else who warns against
the use of registry cleaners has ever said that they always cause
problems. If they always caused problems, they would disappear from
the market almost immediately. Many people have used a registry
cleaner and never had a problem with it.

4. The problem with a registry cleaner is that it carries with it the
substantial *risk* of having a problem. And since there is no benefit
to using a registry cleaner, running that risk is a very bad bargain.
snip

#4, don't use any registry cleaner that doesn't allow you to undo
the changes you make.


Although I'm against using any registry cleaner, if you must use one,
I agree with your point.

However, note that if a registry cleaner's result is bad enough, you
won't be able to boot, and a backup you have won't be of much use.

If you backed up the actual registry files, you can put
them back "offline". Simply boot your installer CD/DVD to
Command Prompt, and "copy" them in.

Restore Points also contain copies of the registry files.
First you copy the "empty" registry files into the OS
offline. That gets the OS booting again. Then you use
rstrui to revert via a Restore Point, to a previous point
in time, with a full set of registry files. So in principle,
simply setting a Restore Point before doing something stupid,
is enough. But for the people who have damaged their
machines badly enough, that no Restore Point has ever
worked, it would be a bad idea to rely on this method alone.

If you're going to mess with the Registry, you should
at least have some idea how much work it is to "fix"
the mess later :-)

https://support.microsoft.com/en-ca/...indows-xp-from


** Paul


Very good points Paul. Linux Live CDs can also be used. e.g. (although
this backup wasn't made by ccleaner it demonstrates a gui approach.)
https://www.youtube.com/watch?v=VbN0eWR9HMs


ERUNT creates a complete backup of the registry, and you can
restore by simply executing the ERDNT.EXE in the backup folder it from
a DOS prompt. (DOSBOX in Linux or a bootable DOS USB made with
something like Rufus).
I've used it in the past to restore unbootable systems trashed
by bad M$ updates.
No idea if it works on Vista or worse...


Update:
It does run on XP, Vista and Win 7 and possibly Win 8
(author's notes). No mention of Win 10

Available he

https://www.bleepingcomputer.com/download/erunt/
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
Ads
  #122  
Old October 21st 17, 04:21 AM posted to alt.comp.os.windows-10,alt.comp.freeware,alt.windows7.general
J. P. Gilliver (John)[_4_]
external usenet poster
 
Posts: 2,679
Default Hackers hid malware in CCleaner software

In message , Shadow
writes:
[]
ERUNT creates a complete backup of the registry, and you can
restore by simply executing the ERDNT.EXE in the backup folder it from
a DOS prompt. (DOSBOX in Linux or a bootable DOS USB made with
something like Rufus).
I've used it in the past to restore unbootable systems trashed
by bad M$ updates.
No idea if it works on Vista or worse...
[]'s

Though you have to remember to use 8.3 filenames when running ERUNT, and
you have to have some way of getting to a "DOS prompt" that can handle
NTFS volumes, if your disc (well, partition) is formatted as that. (Last
time I used ERUNT I used a filename of the form YYYYMMDD, but it was
many years ago - I just image [using Macrium] the C: and hidden
partitions now.)
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

An Englishman, even if he is alone, forms an orderly queue of one.
(George Mikes in "How to be an Alien".)
  #123  
Old October 21st 17, 12:22 PM posted to alt.comp.os.windows-10,alt.comp.freeware,alt.windows7.general
Shadow
external usenet poster
 
Posts: 1,638
Default Hackers hid malware in CCleaner software

On Sat, 21 Oct 2017 04:21:19 +0100, "J. P. Gilliver (John)"
wrote:

In message , Shadow
writes:
[]
ERUNT creates a complete backup of the registry, and you can
restore by simply executing the ERDNT.EXE in the backup folder it from
a DOS prompt. (DOSBOX in Linux or a bootable DOS USB made with
something like Rufus).
I've used it in the past to restore unbootable systems trashed
by bad M$ updates.
No idea if it works on Vista or worse...
[]'s

Though you have to remember to use 8.3 filenames when running ERUNT, and
you have to have some way of getting to a "DOS prompt" that can handle
NTFS volumes, if your disc (well, partition) is formatted as that. (Last
time I used ERUNT I used a filename of the form YYYYMMDD, but it was
many years ago - I just image [using Macrium] the C: and hidden
partitions now.)


There's a frontend to ERUNT called (strangely enough) ERUNTgui

http://www.softpedia.com/get/PORTABL...ERUNTgui.shtml
http://www.majorgeeks.com/files/details/eruntgui.html (link to
download not working)

Which automatically names the folder to a DOS compatible
format. I mess around a lot with services and drivers in the registry.
I'd hate to have to do an image every time just in case I mess up.
Whatever works for you.
[]'s

--
Don't be evil - Google 2004
We have a new policy - Google 2012
  #124  
Old October 21st 17, 01:15 PM posted to alt.comp.os.windows-10,alt.comp.freeware,alt.windows7.general
J. P. Gilliver (John)[_4_]
external usenet poster
 
Posts: 2,679
Default Hackers hid malware in CCleaner software

In message , Shadow
writes:
On Sat, 21 Oct 2017 04:21:19 +0100, "J. P. Gilliver (John)"
wrote:

In message , Shadow
writes:
[]
ERUNT creates a complete backup of the registry, and you can
restore by simply executing the ERDNT.EXE in the backup folder it from
a DOS prompt. (DOSBOX in Linux or a bootable DOS USB made with
something like Rufus).
I've used it in the past to restore unbootable systems trashed
by bad M$ updates.
No idea if it works on Vista or worse...
[]'s

Though you have to remember to use 8.3 filenames when running ERUNT, and
you have to have some way of getting to a "DOS prompt" that can handle
NTFS volumes, if your disc (well, partition) is formatted as that. (Last
time I used ERUNT I used a filename of the form YYYYMMDD, but it was
many years ago - I just image [using Macrium] the C: and hidden
partitions now.)


There's a frontend to ERUNT called (strangely enough) ERUNTgui

http://www.softpedia.com/get/PORTABL...ERUNTgui.shtml
http://www.majorgeeks.com/files/details/eruntgui.html (link to
download not working)


[Hmm, a double suffix; ERU/ERD was originally a Microsoft product, on
one of the Windows 9x CDs. Then ERU for NT, now a gui for ERU for NT!]
It isn't the ERU part - I thought that was more or less gui anyway? -
it's the ERD part, i. e. what you run when you can't boot into a GUI -
that's important. (No point in a backup if you can't use it.) You're at
a DOS (or rather command) prompt anyway at that point.

Which automatically names the folder to a DOS compatible
format. I mess around a lot with services and drivers in the registry.
I'd hate to have to do an image every time just in case I mess up.
Whatever works for you.
[]'s

You are right, it's a lot quicker than imaging. For a change that you
are pretty sure will only affect the registry, it's a good choice.
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

A biochemist walks into a student bar and says to the barman: "I'd like a pint
of adenosine triphosphate, please." "Certainly," says the barman, "that'll be
ATP." (Quoted in) The Independent, 2013-7-13
  #125  
Old October 21st 17, 02:14 PM posted to alt.comp.os.windows-10,alt.comp.freeware,alt.windows7.general
Shadow
external usenet poster
 
Posts: 1,638
Default Hackers hid malware in CCleaner software

On Sat, 21 Oct 2017 13:15:27 +0100, "J. P. Gilliver (John)"
wrote:

In message , Shadow
writes:
On Sat, 21 Oct 2017 04:21:19 +0100, "J. P. Gilliver (John)"
wrote:

In message , Shadow
writes:
[]
ERUNT creates a complete backup of the registry, and you can
restore by simply executing the ERDNT.EXE in the backup folder it from
a DOS prompt. (DOSBOX in Linux or a bootable DOS USB made with
something like Rufus).
I've used it in the past to restore unbootable systems trashed
by bad M$ updates.
No idea if it works on Vista or worse...
[]'s
Though you have to remember to use 8.3 filenames when running ERUNT, and
you have to have some way of getting to a "DOS prompt" that can handle
NTFS volumes, if your disc (well, partition) is formatted as that. (Last
time I used ERUNT I used a filename of the form YYYYMMDD, but it was
many years ago - I just image [using Macrium] the C: and hidden
partitions now.)


There's a frontend to ERUNT called (strangely enough) ERUNTgui

http://www.softpedia.com/get/PORTABL...ERUNTgui.shtml
http://www.majorgeeks.com/files/details/eruntgui.html (link to
download not working)


[Hmm, a double suffix; ERU/ERD was originally a Microsoft product, on
one of the Windows 9x CDs. Then ERU for NT, now a gui for ERU for NT!]
It isn't the ERU part - I thought that was more or less gui anyway? -
it's the ERD part, i. e. what you run when you can't boot into a GUI -
that's important. (No point in a backup if you can't use it.) You're at
a DOS (or rather command) prompt anyway at that point.


ERUNTgui backs up to a folder of your choice. I name mine
YYYYMMDD (as in 20171021). It's in the options. That folder contains
the registry backup and ERUNT.EXE, and is entirely self contained, can
be accessed from a remote DOS boot.
[]'s

Which automatically names the folder to a DOS compatible
format. I mess around a lot with services and drivers in the registry.
I'd hate to have to do an image every time just in case I mess up.
Whatever works for you.
[]'s

You are right, it's a lot quicker than imaging. For a change that you
are pretty sure will only affect the registry, it's a good choice.

--
Don't be evil - Google 2004
We have a new policy - Google 2012
  #126  
Old October 21st 17, 04:09 PM posted to alt.comp.os.windows-10,alt.comp.freeware,alt.windows7.general
Ken Blake[_5_]
external usenet poster
 
Posts: 2,221
Default Hackers hid malware in CCleaner software

On Fri, 20 Oct 2017 23:46:31 -0200, Shadow wrote:


On Fri, 20 Oct 2017 21:52:08 -0200, Shadow wrote:




ERUNT creates a complete backup of the registry, and you can
restore by simply executing the ERDNT.EXE in the backup folder it from
a DOS prompt. (DOSBOX in Linux or a bootable DOS USB made with
something like Rufus).
I've used it in the past to restore unbootable systems trashed
by bad M$ updates.
No idea if it works on Vista or worse...


Update:
It does run on XP, Vista and Win 7 and possibly Win 8
(author's notes). No mention of Win 10



It does run on Windows 10.

  #127  
Old October 21st 17, 10:54 PM posted to alt.comp.os.windows-10,alt.comp.freeware,alt.windows7.general
David_B
external usenet poster
 
Posts: 92
Default Hackers hid malware in CCleaner software

On 21-Oct-17 12:22 PM, Shadow wrote:
I mess around a lot with services and drivers in the registry.


Why?
  #128  
Old October 22nd 17, 03:30 AM posted to alt.comp.os.windows-10,alt.comp.freeware,alt.windows7.general
Diesel
external usenet poster
 
Posts: 937
Default Hackers hid malware in CCleaner software

Ken Blake
Fri, 20 Oct 2017
15:39:07 GMT in alt.comp.freeware, wrote:

On Thu, 19 Oct 2017 23:08:45 -0700, Mike S
wrote:

On 10/19/2017 12:11 PM, Ken Blake wrote:
On Tue, 19 Sep 2017 17:05:26 -0000 (UTC), Blake Snyder
wrote:

I have been using the CCleaner registry cleaner for so long
that I

can't
even say how many years it has been. Probably since I first
heard

about
Ccleaner, and never once have I see it be a problem that I
could

attribute
to me cleaning the registry.

Four points:

1. As registry cleaners go, CCleaner's is perhaps the safest.

2. "Safest" doesn't mean it's completely safe. There is still a
risk in using it.

3. Let me point out that neither I nor anyone else who warns
against the use of registry cleaners has ever said that they
always cause problems. If they always caused problems, they
would disappear from the market almost immediately. Many people
have used a registry cleaner and never had a problem with it.

4. The problem with a registry cleaner is that it carries with
it the substantial *risk* of having a problem. And since there
is no benefit to using a registry cleaner, running that risk is
a very bad bargain.


snip

#4, don't use any registry cleaner that doesn't allow you to
undo the changes you make.



Although I'm against using any registry cleaner, if you must use
one, I agree with your point.

However, note that if a registry cleaner's result is bad enough,
you won't be able to boot, and a backup you have won't be of much
use.


Not true. ERUNT is your friend in the event you seriously ****up. If
you can boot recovery media, you can run the program that's sitting
with your backup registry and it'll copy the hive files right back to
their original locations. Reboot machine again, you're good to go.
All you need is access to console to initiate the recovery.


--
Now for a cheeky message from our sponsors:
Cats must need to use ALL the kitty litter to bury their poop.
  #129  
Old October 22nd 17, 03:32 AM posted to alt.comp.os.windows-10,alt.comp.freeware,alt.windows7.general
Diesel
external usenet poster
 
Posts: 937
Default Hackers hid malware in CCleaner software

Shadow
Fri, 20 Oct 2017 23:52:08 GMT in alt.comp.freeware, wrote:

On Fri, 20 Oct 2017 16:22:21 -0700, Mike S
wrote:

On 10/20/2017 10:09 AM, Paul wrote:
Ken Blake wrote:
On Thu, 19 Oct 2017 23:08:45 -0700, Mike S
wrote:

On 10/19/2017 12:11 PM, Ken Blake wrote:
On Tue, 19 Sep 2017 17:05:26 -0000 (UTC), Blake Snyder
wrote:

I have been using the CCleaner registry cleaner for so long
that I can't
even say how many years it has been. Probably since I first
heard about
Ccleaner, and never once have I see it be a problem that I
could attribute
to me cleaning the registry.
Four points:

1. As registry cleaners go, CCleaner's is perhaps the safest.

2. "Safest" doesn't mean it's completely safe. There is still
a risk in using it.

3. Let me point out that neither I nor anyone else who warns
against the use of registry cleaners has ever said that they
always cause problems. If they always caused problems, they
would disappear from the market almost immediately. Many
people have used a registry cleaner and never had a problem
with it.

4. The problem with a registry cleaner is that it carries
with it the substantial *risk* of having a problem. And since
there is no benefit to using a registry cleaner, running that
risk is a very bad bargain.
snip

#4, don't use any registry cleaner that doesn't allow you
to undo the changes you make.


Although I'm against using any registry cleaner, if you must
use one, I agree with your point.

However, note that if a registry cleaner's result is bad
enough, you won't be able to boot, and a backup you have won't
be of much use.

If you backed up the actual registry files, you can put
them back "offline". Simply boot your installer CD/DVD to
Command Prompt, and "copy" them in.

Restore Points also contain copies of the registry files.
First you copy the "empty" registry files into the OS
offline. That gets the OS booting again. Then you use
rstrui to revert via a Restore Point, to a previous point
in time, with a full set of registry files. So in principle,
simply setting a Restore Point before doing something stupid,
is enough. But for the people who have damaged their
machines badly enough, that no Restore Point has ever
worked, it would be a bad idea to rely on this method alone.

If you're going to mess with the Registry, you should
at least have some idea how much work it is to "fix"
the mess later :-)

https://support.microsoft.com/en-ca/...-to-recover-fr
om-a-corrupted-registry-that-prevents-windows-xp-from


** Paul


Very good points Paul. Linux Live CDs can also be used. e.g.
(although this backup wasn't made by ccleaner it demonstrates a
gui approach.) https://www.youtube.com/watch?v=VbN0eWR9HMs


ERUNT creates a complete backup of the registry, and you can
restore by simply executing the ERDNT.EXE in the backup folder it
from a DOS prompt. (DOSBOX in Linux or a bootable DOS USB made
with something like Rufus).
I've used it in the past to restore unbootable systems
trashed
by bad M$ updates.
No idea if it works on Vista or worse...
[]'s


It does. [g] It's only copying the registry hive files. YOu can do it
yourself by hand, and/or pluck them from system restore points too.


--
Now for a cheeky message from our sponsors:
Man who falls in blast furnace is certain to feel overwrought.
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 07:20 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.