Logo

Protestware, what it is, and why it is a bad thing

The author of the famous software library mode-ipc that gets over a million downloads per week found that it has some questionable code inside. The code itself behaves like this: if it finds out that your location is within Russia or Belarus it will try to replace the contents of all files on the computer with a heart emoji.

One important thing is that we here are not supporting the current Ukrainian situation and are against any type of violence or war but we also do not support this kind of behavior as well. If we look at this only from a technical perspective, we would then classify the mode-ipc library as malware and a harmful piece of code no matter the motivation behind it.

code block

So this so-called protestware is well basically malware, but not always, it will protest when certain conditions are met. The issue with this is that companies and users should not be placed under harm if they do not share the personal view of the code author. Imagine if, for example, I would publish code to delete all pictures from your computer if my code found out that you do not like metal music. I guess you not liking metal music and war in Ukraine are two very different things but the source is the same, unreliable code that invades your privacy in order to serve one purpose, punishment for disagreeing with my personal views and that should not be allowed.

Not all protestware are equal, some will not harm your computer on purpose, they will just annoy you with some messages like viruses did in their infancy stages, others might place some developer sanctions but no matter the outcome basic principle is the same, it does something without user consent and without informing the user that something like that might happen.

On the internet, many blog posts and discussions were open about this issue and its morality. Discussion is still active with different takes on the situation and how to prevent it. Our take on this matter is that professional developers should have standards and not submit to doing harm for the sake of personal views and feelings.

In the long run, this kind of behavior and practice can only harm developers involved in this kind of entanglement. Infected libraries will in time stop being used since people would not trust them and authors will have a stain on their name as impulsive or not trustworthy.

Do You Need Help with Your Device?

Our Team of Experts May Help
Troubleshoot.Tech Experts are There for You!
Replace damaged files
Restore performance
Free disk space
Remove Malware
Protects WEB browser
Remove Viruses
Stop PC freezing
GET HELP
Troubleshoot.Tech experts work with all versions of Microsoft Windows including Windows 11, with Android, Mac, and more.

Share this article:

You might also like

Upcoming Windows 11 features

22H2 update for Windows 11 will arrive later this year and although Microsoft is not releasing anything big there will be some interesting improvements and fixes. We take a look at some that caught our attention.

windows 11 new fetures full screen widgets

Phishing protection

One of the most interesting upcoming features is enhanced phishing protection. Microsoft Defender SmartScreen will be upgraded to alert users when they try to store passwords in plain text files and also if they accidentally type in a Microsoft account password on phishing sites.

"These enhancements will make Windows the world's first operating system with phishing safeguards built directly into the platform and shipped out of the box to help users stay productive and secure without having to learn to be their own IT department,"

Microsoft

File Explorer gets tabs, a modern sidebar, and contextual suggestions

Finally, Windows File explorer is getting tabs that will allow much easier management of folders and files inside it.

It is confirmed that Microsoft is also working on a new 'HOME' sidebar that should be modern in design and in features including OneDrive so you can find everything in one place.

Pinning of favorite files was also mentioned so you can easily pin favorites for quick access.

Full-screen widgets

Windows 11 has brought back widgets in a new way and from all the feedback users are loving them. Currently, you have a widget sidebar on the left part of the screen where you have your chosen store widgets but from the Microsoft teaser, we will have soon the option to have them in full screen.

If you are using a widget for reading news, blogs, etc. this feature will be very good since you will be able to use your whole screen for information and not just a part of it.

Suggested actions

Another new feature is 'suggested actions' which is going to be particularly useful in apps like Microsoft Teams. With this new feature, you can highlight a date in a Teams message and Windows will suggest actions.

For example, if you highlight a date, you'll see a recommendation to create an event in Microsoft Calendar for that day.

Read More
The executable program that ...
If you are trying to start a service using the Windows Services Manager but you got an error message stating, “The executable program that this service is configured to run in does not implement the service”, then you’ve come to the right place as this post will provide you instructions on how you can fix this error. Since almost all program requires service to run on your computer, if the service is not listed in the corresponding registry key, then you will most likely encounter this error on your Windows 10 computer. Here’s the entire content of the error message:
“Windows could not start the service on Local Computer. Error 1083: The executable program that this service is configured to run in does not implement the service.”
To fix this error, you have to add the service name in the respective host in the Registry Editor, and to do that, here are some steps you need to take on. Step 1: The first thing you have to do is to take note of the service name that’s given in the error message. For instance, you get the “Windows Management Service. Step 2: Next, you need to open the Services Manager by tapping the Win + R keys and typing “services.msc” in the Run dialog box, and then tapping Enter. Step 3: After opening the Services Manager, look for the Windows Management Service and once you see it, double click on it. This will open a new mini window. Step 4: From the newly opened window, copy the Service name and the Path to executable under the General tab. If the path to the executable is displayed as “C:/Windows/system32/svchost.exe -k netsvcs –p”, you need the “netsvcs” part only. Note that it can be different for different services and you need the part that comes after “-k”. Step 5: Now tap the Win + R keys again to open Run utility and type “Regedit” in the field and click OK to open the Registry Editor. Step 6: After that, navigate to the following registry path:
ComputerHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost
Step 7: From the given registry path, look for a key named “REG_MULTI_SZ” located on your right-hand side. This key is named after the “Path to executable” part. For instance, you should see “netsvcs”. Step 8: Double click on the REG_MULTI_SZ key and enter the Service name that you’ve copied earlier and then write it down at the end of the preset list. Step 9: Now save the changes you’ve made and try to open the program or run the service again.
Read More
A Quick Guide to Resolving the Runtime Error R6025

What is the Runtime Error R6025?

The runtime error R6025 can be quite annoying for PC users as it pops up randomly anytime. It is a type of runtime error but typically associated with C++ programming. The error is displayed in the following format:

‘Runtime Error! Program: C:…R6025-Pure Virtual Function Call’

Solution

Restoro box imageError Causes

The runtime error R6025 is triggered due to the following reasons:
  • Runtime components of Visual C++ libraries are missing
  • Microsoft.NET framework damaged
  • Registry corrupted with bad files and data overload
  • Virus and malware invasion

Further Information and Manual Repair

Try the solutions given below to repair the runtime error R6025 on your system:

Cause: Microsoft.NET framework damaged

Solution: If this is the underlying cause of the error, then it is advisable to reinstall and repair the Microsoft.NET framework on your PC. To reinstall this framework, go to the start menu, click control panel, programs and then click ‘Turn Windows features on or off’. Here you might be promoted for an administrator password. Insert the password to proceed. Now locate Microsoft.NET framework 3.5.1 and uncheck this box, press OK and then reboot your system. After that open ‘Turn Windows features on or off’ and check the Microsoft.NET framework 3.5.1 and then restart your PC. This will hopefully resolve the error.

Cause: Runtime components of Visual C++ libraries are missing

Solution: If runtime components of Visual C++ libraries are missing, then you will have to download and install these from different websites. This can be time-consuming and slightly complicated for you if you are not technically sound.

Cause: Malware Attack

Solution: If the runtime error R6025 is triggered due to a malware attack, then you will have to install and run a powerful antivirus on your PC. This will help detect and remove such malicious software affecting your system.

Cause: Registry Issues

Solution: If registry corruption is the underlying cause of the runtime error R6025 on your PC, then you need to clean up the registry and repair it. The best way to clean and repair the registry is to download Restoro. Restoro is an advanced PC repair tool integrated with powerful and highly functional utilities all in one. Utilities include a registry cleaner and a system optimizer. It has easy navigation, a user-friendly interface, and is compatible with all Windows versions. Users of all levels can operate it to resolve all kinds of PC errors including the runtime error R6025. The registry cleaner utility wipes out all the unnecessary, malicious, obsolete files and invalid entries overloading the RAM. It frees up the disk space, repairs the damaged files and the registry. Furthermore, Restoro also functions as a system optimizer. It detects system instability issues and resolves them while boosting the speed of your PC. To resolve the runtime Error R6025 on your system in seconds click here to download Restoro PC repair tool now!
Read More
Fix 0xC03A0005 error in Windows 10
When performing a Windows Backup to the NAS device (backup to a network share) that is running Samba, fails with an error message The backup failed, The version does not support this version of the file format (0xC03A0005). The problem occurs because of a conflict with the VHD file that is created by Windows Backup and is mounted during the process. There are three types of VHD files:
  1. Fixed,
  2. Expandable
  3. Differencing
If the VHD file is a sparse file that is not supported by the native VHD driver, the mounting will fail, and you will get this error. An example VHD file is one that keeps expanding depending on the backup size. The problem occurs only in the case of  File Level backup (file/folders in a volume) but not on the block level backup as the vhd file is never mounted. However, in the case of File Level Backup, the vhd is mounted, created by Windows Backup, which does not support the mounting of sparse files.

The solution is to use Strict Allocate: option in the smb.conf file

Login to SMB using SSH. Open the configuration file using the VI editor located at /etc/samba/smb.conf. If the option is not there, you can manually add strict allocate = yes which will make sure there are no sparse file that is created.
Read More
Fixing the Machine Check Exception Blue Screen Error in Windows 10
BSOD or Blue Screen of Death errors are one of the toughest issues you can encounter in Windows 10 as well as the hardest ones to resolve as they simply shut the system down or restart it abruptly and claims that it isn’t possible to boot Windows again. One of the difficult BSOD errors is the Machine Check Exception BSOD error. The reason why it is hard to fix is that in most cases, it occurs soon after Windows loads which gives users little to no time in resolving it. To make things worse, the system also freezes right before it displays the blue screen error and shuts the system down. Usually, the Machine Check Exception Stop error occurs due to the failure or overstressing of the hardware components. And in the case of almost all Blue Screen of Death errors, the issue usually has something to do with the drivers. So if you frequently see this BSOD error from time to time, now’s the time to act on it by following the solutions given in this post.

Option 1 – Update the Device drivers

  • Tap the Win + R keys to launch Run.
  • Type in devmgmt.msc into the box and tap Enter or click OK to open the Device Manager.
  • After that, a list of device drivers will be displayed. Look for the device driver you and then select either “Update driver” or “Uninstall device”. And if you find any “Unknown device”, you need to update it as well.
  • Select the “Search automatically for updated driver software” option and then follow the instructions to complete the process.
  • If you have chosen to uninstall the driver, follow the screen options to complete the process and then restart your PC.
  • Connect the device and Scan for hardware changes – you can see this option under Device Manager > Action.

Option 2 – Try running the Blue Screen Troubleshooter

The Blue Screen troubleshooter is a built-in tool in Windows 10 that can be found on the Settings Troubleshooters page. To use it, refer to these steps:
  • Tap the Win + I keys to open the Settings panel.
  • Then go to Update & Security > Troubleshoot.
  • From there, look for the option called “Blue Screen” on your right-hand side and then click the “Run the troubleshooter” button to run the Blue Screen Troubleshooter and then follow the next on-screen options. Note that you might have to boot your PC into Safe Mode.

Option 3 – Try running the System File Checker

System File Checker or SFC is a built-in command utility that helps in restoring corrupted files as well as missing files. It replaces bad and corrupted system files with good system files that might be causing the Machine Check Exception BSOD error. To run the SFC command, follow the steps given below.
  • Tap Win + R to launch Run.
  • Type in cmd in the field and tap Enter.
  • After opening Command Prompt, type in sfc /scannow
The command will start a system scan which will take a few whiles before it finishes. Once it’s done, you could get the following results:
  1. Windows Resource Protection did not find any integrity violations.
  2. Windows Resource Protection found corrupt files and successfully repaired them.
  3. Windows Resource Protection found corrupt files but was unable to fix some of them.

Option 4 – Run the Startup Repair

In the Blue Screen where the Machine Check Exception error is displayed, tap the F8 key to go to the Startup Settings where you can find Startup Repair and then run it. Note that this is a must-try option especially if you are unable to start your computer and if you can use your computer for a few moments.

Option 5 – Run the DISM tool

There are cases when the Machine Check Exception error is caused by the Windows System Image so you need to repair it using the DISM or Deployment Imaging and Servicing Management tool. The DISM tool is another command-line tool in the Windows operating system that could help users fix various corrupted system files. To use it, follow these steps:
  • Open the Command Prompt as admin.
  • Then type in this command: Dism /Online /CheckHealth
  • Do not close the window if the process takes a while as it will probably take a few minutes to finish.

Option 6 – Try resetting the BIOS

If you have made some modifications in the BIOS that might have caused this error, you have to revert those changes to resolve the issue. On the other hand, if you have made a couple of changes and you do not remember which is which, you might have to reset the BIOS.

Option 7 – Try resetting Windows 10

To fix this BSOD error, you can try resetting Windows 10. Doing so won’t get rid of any file in your system – instead of erasing all your media files and documents, this reset option resets all the system settings and files.
Read More
How to Fix (1058) ERROR_SERVICE_DISABLED Error in Windows 10
This post will guide you in fixing the (1058) ERROR_SERVICE_DISABLED error you can encounter when trying to launch various games. Usually, this error pops up during startup and prevents you from running the game. In fact, this error has become quite a headache for many users. Some of the games it affects are Smite, Paladins, Far Cry, and many more. In most cases, this error is caused by missing or corrupted game files. It could also be caused by the anti-cheat utility you might have installed along with your games. Whichever the cause is, you can try to check out the possible fixes given below to resolve the (1058) ERROR_SERVICE_DISABLED error.

Option 1 – Verify the Integrity of the Game files

This is the first option you can try no matter what kind of issues you are having with Steam games.
  • Double click on the game’s icon located on your Desktop and then go to the Library tab in the Steam window.
  • From there, look for GTA V from the list of games installed in your library.
  • Next, right-click on its entry and select Properties.
  • After that, navigate to the Local Files tab and click the “Verify Integrity of Game Files” button.
  • Now, wait for the tool to complete checking the game’s integrity. You should see that some of the files may have been downloaded.
  • Reopen the game and see if it now runs properly without crashing.

Option 2 – Apply some tweaks in the Service’s startup settings

As pointed out earlier, the error can also occur due to the anti-cheat tools that were installed alongside the game. These tools are usually used by games to check if you are running something which might give you an unfair advantage over other players. These anti-cheat tools include but are not limited to BattlEye, EasyAntiCheat, and PunkBuster. The error might occur if the service’s startup settings are not correctly configured which is why you can apply some tweaks in order to resolve the problem.
  • Tap the Win + R keys to open the Run dialog box.
  • Next, type “services.msc” in the field and hit Enter or click OK to open Services.
  • From the list of Services, look for any of the services mentioned above such as BattlEye, EasyAntiCheat Service, or PunkBuster Service. Then right-click on the service and select Properties from the context menu.
  • After that, check if the service is started by checking the Service status. If it is started, click on the Stop button to stop the service and if it is already stopped, leave it as it is, at least for now.
  • Next, make sure that the Startup type menu in the Service’s properties is set to Automatic before you go on.
  • Now confirm any dialog boxes that may appear as you set the Startup type and then click on the Start button located in the middle before you exit Properties.
Note: You might get the following error message when you click on the Start button:
“Windows could not start the service on Local Computer. Error 1079: The account specified for this service differs from the account specified for other services running in the same process.”
If you got the error message above, then here’s how you can fix it:
  • Tap the Win + R keys to open the Run dialog box.
  • Next, type “services.msc” in the field and hit Enter or click OK to open Services.
  • From the list of Services, look for any of the services mentioned above such as BattlEye, EasyAntiCheat Service, or PunkBuster Service. Then right-click on the service and select Properties from the context menu.
  • Now go to the Log On tab and click on the “Browse…” button.
  • After that, type in your account’s name under the “Enter the object name to select” box and click on Check Names then wait for the name to be recognized.
  • Then click OK once you’re done and type in the password in the Password field when you are prompted to do so. This should resolve the issue.

Option 3 – Try reinstalling the Anti-cheat program

If the first two options did not work out, you can try reinstalling the anti-cheat program.
  • Open Steam from your Desktop or by searching for it in the Start menu.
  • After opening the Steam client, go to the Library tab in the Steam window and then look for the Rust entry from the list.
  • Next, right-click on the game’s icon in the library and select Properties.
  • Now go to the Local Files tab under Properties and click the Browse Local Files button.
  • From there, look for BattlEye, EasyAntiCheat, or PunkBuster folder depending on the game, and then double click on it to open the folder.
  • Then right-click on EasyAntiCheat_setup.exe or the BattlEye installed file in the folder or PunkBuster and select the Run as administrator option.
  • Exit the Steam client by clicking Steam > Exit from the menu located at the top.
Read More
How to Fix Jp2klib.dll Error Code

Jp2klib.dll Error - What is it?

Jp2klib.dll is a type of Dynamic Link Library. This file is developed by Adobe Systems Inc and associated with CS2 (Creative Suite 2 Premium). Like all DLL files, this file also contains small programs that support programs developed by Adobe Systems on your PC. The function of Jp2klib.dll is to load and run programs. Jp2klib.dll error occurs when it fails to do so. It occurs during program startup. Jp2klib.dll error is displayed in several different formats depending on the cause of the error. Here are some common error messages that you may come across:
  • "JP2KLib.dll not found."
  • "Cannot find C:\WindowsSystem32\JP2KLib.dll."
  • "Cannot start Creative Suite 2 Premium. A required component is missing: JP2KLib.dll. Please install Creative Suite 2 Premium again."
  • "Cannot register JP2KLib.dll."
  • "The file JP2KLib.dll is missing."
  • "This application failed to start because JP2KLib.dll was not found. Re-installing the application may fix this problem."
  • JP2KLib.dll Access Violation."

Solution

Restoro box imageError Causes

There are several causes for the Jp2klib.dll error code pop-up. These include:
  • Hardware failure
  • Jp2klib.dll file not properly registered
  • Viral infection
  • Deleted, missing, or corrupted Jp2klib.dll file
  • Registry problems
  • Another program overwrote the Jp2klib.dll file
The good news is that this is not a fatal error code like the blue screen of death errors. However, it is still advisable to resolve it right away to avoid inconvenience.  This error may limit your ability to access your desired program.

Further Information and Manual Repair

Follow these methods to resolve Jp2klib.dll error code on your PC in a few minutes without any professional assistance or technical know-how:

Method 1 - Re-register the Jp2klib.dll file

Sometimes Jp2klib.dll error may occur if the DLL file is not registered properly. In such a situation "JP2KLib.dll not registered" error message will pop on your computer screen. To resolve, all you need to do is register this file. Follow these steps to register the Jp2klib.dll file on your PC:
  1. Go to the start menu, type the command in the search box. Don’t press enter yet.
  2. First, hold CTRL-SHIFT and then press it. This action will prompt a permission dialog box. Click yes to proceed.
  3. You will be asked to enter a command, here simply type regsvr32 /u JP2KLib.dll and then press enter.
  4. This will first unregister the previous Jp2klib.dll file. Now type regsvr32 /i JP2KLib.dll and press enter to re-register the same file.
  5. After this, close the command window and reboot your PC to activate changes.

Method 2 - Check the Recycle Bin and Restore the Jp2klib.dll file

If you come across this error message "JP2KLib.dll not found”, this indicates a missing Jp2klib.dll file. This usually happens if you recently uninstalled a program on your system which was also supported by the Jp2klib.dll file due to which the file was also deleted. But don’t worry! Check your recycle bin to retrieve the accidentally deleted file on your system. If you find it restore, but if you don’t then simply download it from a reliable DLL website.

Method 3 - Scan for Viruses

Install and run an antivirus to detect viruses. Viruses are malicious programs that damage and corrupt DLL files like the Jp2klib.dll file. Scan for all viruses on your PC and remove them to fix the problem.

Method 4 - Repair the Registry

If you don’t clean the registry often it becomes accumulated with obsolete files like bad and broken entries, cookies, and junk files. These files corrupt the registry and damage system and DLL files also stored in the same location. It then leads to such error message pop-ups. To resolve, download Restoro. This is an advanced PC Fixer deployed with a registry cleaner. It is easy to use and in just a few clicks can repair the Jp2klib.dll error on your PC. The registry cleaner scans and removes all obsolete files. It cleans the registry and repairs the damaged system and DLL files. Click here to download Total System Care and fix the Jp2klib.dll error.
Read More
Windows installation stuck on Set up a Pin
After you fresh install Windows 10 on your computer, it allows you to set up a PIN just before you can start using it. However, a number of users reported that the Windows 10 installation gets stuck on the “Set up a Pin” phase. If you are one of the users who experience the same thing, then read on as this post will walk you through fixing the problem. As users start to use their newly installed Windows 10 computer, they reported that the screen is still stuck even after they enter the correct PIN twice and there is no way for them to go forward or backward. Note that this is a part of the account setup and that your computer must stay connected to your internet connection before you finalize everything. And even though the PIN works when the computer is offline, the account setup still needs an internet connection, at least for a fresh installation. The solution for this kind of issue is quite easy and there won’t be any problem even if your computer shuts down or restarts since the installation is already complete and all that’s left is the account setup. To fix this problem, follow the steps given below. Step 1: The first thing you have to do is to turn off your internet connection or disable all connectivity from your computer. Note: If you are using either an Ethernet cable or a Wi-Fi switch to connect to the internet, you have to disable or remove them. But if you don’t have any options, just completely turn off your internet connection. Step 2: The next thing you have to do is to force your computer to shut down and then restart your computer. The setup process will eventually pick up exactly where it left off. The only difference is that there is no connection to the internet and your screen will no longer be stuck on the PIN setup screen so you now have the option to skip it and wait until you’re logged in for the first time. Step 3: Once you’re done, you can then you can choose to Setup Pin later on and turn your internet connection back on or connect your computer with an internet connection.
Read More
How to Fix Error 0x80073712 in Windows
There are times when system files get corrupted and if the Windows Update process finds the system’s integrity questionable, chances are, the update, upgrade or the installation may fail and you will only be getting an error code 0x80073712 instead of completing the process. The error code 0x80073712 indicates that a file needed by the Windows setup or the Windows Update is most likely missing or damaged. To resolve the problem, here are some suggestions you can try.

Option 1 – Try running the DISM Tool

Running the DISM Tool helps in repairing the Windows System Image as well as the Windows Component Store in Windows 10. Using this built-in tool, you have various options such as the “/ScanHealth”, “/CheckHealth”, and “/RestoreHealth”.
  • Open the Command Prompt as admin.
  • Then type in this command: exe /Online /Cleanup-image /Restorehealth
  • Do not close the window if the process takes a while as it will probably take a few minutes to finish.
After you run this tool, a log file is created at C:WindowsLogsCBSCBS.log. On the other hand, if the Windows Update client is already broken, you will be prompted to use a running Windows installation as the repair source or use a Windows side-by-side folder from a network share, as the source of the files. Although the chances of this happening are less, if it turns out to be the case, you need to run an advanced command in the DISM tool to repair a broken Windows Update. Just repeat the process above but use the following command instead:
DISM.exe /Online /Cleanup-Image /RestoreHealth /Source:C:RepairSourceWindows /LimitAccess

Option 2 – Try running the System File Checker

System File Checker or SFC is a built-in command utility that helps in restoring corrupted files as well as missing files. It replaces bad and corrupted system files with good system files that might be causing the error 0x80073712. To run the SFC command, follow the steps given below.
  • Tap Win + R to launch Run.
  • Type in cmd in the field and tap Enter.
  • After opening Command Prompt, type in sfc /scannow
The command will start a system scan which will take a few whiles before it finishes. Once it’s done, you could get the following results:
  1. Windows Resource Protection did not find any integrity violations.
  2. Windows Resource Protection found corrupt files and successfully repaired them.
  3. Windows Resource Protection found corrupt files but was unable to fix some of them.

Option 3 – Try running the Chkdsk utility

You can also try running the Chkdsk utility to resolve the Windows Update error 0x80073712. If your hard drive has issues with integrity, the update will really fail as the system will think that it’s not healthy and that’s where the Chkdsk utility comes in. The Chkdsk utility repairs hard drive errors that might be causing the problem.
  • Open Command Prompt with admin privileges.
  • After opening Command Prompt, execute the commands listed below, and don’t forget to hit Enter right after you type in each one of them and if you have installed Windows to some different directory, you must replace “C” with the name of the drive you’ve installed Windows with.
  • chkdsk C: /r /x
  • chkdsk C: /f
Note: The Chkdsk function might take a while before it finishes its operations so you need to be patient and wait until the entire process is completed.

Option 4 – Try running the Windows Update Troubleshooter

Running the built-in Windows Update troubleshooter could also help you resolve the Windows Update error 0x80073712. To run it, go to Settings and then select Troubleshoot from the options. From there, click on Windows Update and then click the “Run the troubleshooter” button.

Option 5 – Try running Microsoft’s online troubleshooter

You also have the option to run Microsoft’s online troubleshooter which could help you fix Windows Update errors.
Read More
Malware in Popular CCleaner

On September 18th, 2017, Cisco’s Talos announced that CCleaner, a popular utility with billions of worldwide users, had been compromised by hackers, and was used to unwittingly distribute hidden malware in its installer. Later in the day, Piriform, the publisher of CCleaner, confirmed the problem.

Undetected by all but 1 major antivirus including CCleaner’s own parent company, this occurred for over a month and impacted over 2.7 million users. Users of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows are affected. These downloads were live on CCleaner’s official site from August 15th to September 12th, 2017. Anyone who downloaded the program during this time could be affected. The company claims that while the hackers set up the backdoor and many users were impacted, that the perpetrators have been arrested and that the malware never successfully performed its full task and compromised user’s PCs or sent out their data; in the wake of recent security breaches such as Equifax, users are understandably worried. Given the severity of the threat of hacking and data theft, users should take action immediately if they have CCleaner.

Technical Details of CCleaner Malware Injection

First reported by Talos, the malware, which was hidden in the CCleaner installer without the publisher noticing (despite them being owned by Avast, a massive Anti-virus company), modified a core program DLL file to evade detection, and creates several registry keys. Not only were these files not flagged by any major Anti-Virus, but they were also even digitally signed by Piriform via their Symantec certificate, meaning your PC and security program would likely whitelist and trust the malicious installer. The malware gathers personal information on a user’s PC, including IP address and running programs, and sends it to a remote server. In our testing, the program sent data to IP 216.126.225.148.

Restore Your PC (If Possible)

As of the publication of this article, there have been no assurances given that updating or even uninstalling CCleaner will remove the malware is installed. The only action thus far has been shutting down the remote server where user data was being sent has been shut down by authorities. For this reason, it is best to remove the underlying malware separately, as its presence represents a serious security threat. Unfortunately, as this could have been installed as far back as August 15th, 2017, your System Restore points may not go back that far, or even if they do, restoring to such an outdated point may cause unintended problems with other programs you use and potentially lost files and data. Manually backing up files and doing a full format or clean Windows installation would likely be successful in fully removing the malware, but is extremely time-consuming and can be difficult for many PC users. Unfortunately, this makes a PC Restore or format an unattainable option for many.

Update CCleaner to the Latest Version

While CCleaner has told users to update to the latest version of the program. Prior to doing so, we recommend fully uninstall CCleaner, ensuring you check its program files folders and registry keys, manually deleting any remnants, and then re-downloading the latest version from the official site and reinstalling clean.
Read More
1 2 3 171
Logo
Copyright © 2023, ErrorTools. All Rights Reserved
Trademark: Microsoft Windows logos are registered trademarks of Microsoft. Disclaimer: ErrorTools.com is not affiliated with Microsoft, nor claims direct affiliation.
The information on this page is provided for information purposes only.
DMCA.com Protection Status