• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Edge browser issue/ possible Ccleaner infection?

Status
Not open for further replies.

fullinfusion

Vanguard Beta Tester
Joined
Jan 11, 2008
Messages
9,909 (1.60/day)
On Friday I was on my system installing a new piece of hardware.

As always I check some of my programs for any updates. I just seen on the homepage about CCleaner and how they were hacked and I believe I installed that version.

I know before I installed CCleaner Microsoft had some updates for my system and I installed them.

I also installed A non public beta for my graphics card and when I opened up Edge the home screen looked weird. I had an extra search button and my frequently used links were cut off in half. I remove the beta driver did a restart and still have the same problem.

I then looked in my ADD remove programs thinking CCleaner snuck an extra search bar on my system.
And it came back clean.

So I'm not sure if it was the Microsoft update or if I've been infected with that CCleaner that we just found out about today. Take a look at the photo and tell me what you guys think. Where did that extra web search bar under the main search bar come from?

 
Last edited:

Mindweaver

Moderato®™
Staff member
Joined
Apr 16, 2009
Messages
8,301 (1.45/day)
Location
Charleston, SC
System Name Tower of Power / Delliverance
Processor i7 14700K / i9-14900K
Motherboard ASUS ROG Strix Z690-A Gaming WiFi D4 / Z690
Cooling CM MasterLiquid ML360 Mirror ARGB Close-Loop AIO / Air
Memory CORSAIR Vengeance LPX 32GB (2 x 16GB) DDR4 3600 / DDR5 2x 16gb
Video Card(s) ASUS TUF Gaming GeForce RTX 4070 Ti / GeForce RTX 4080
Storage 4x Samsung 980 Pro 1TB M.2, 2x Crucial 1TB SSD / NVM3 PC801 SK hynix 1TB
Display(s) Samsung 32" Odyssy G5 Gaming 144hz 1440p, 2x LG HDR 32" 60hz 4k / 2x LG HDR 32" 60hz 4k
Case Phantek "400A" / Dell XPS 8960
Audio Device(s) Realtek ALC4080 / Sound Blaster X1
Power Supply Corsair RM Series RM750 / 750w
Mouse Razer Deathadder V3 Hyperspeed Wireless / Glorious Gaming Model O 2 Wireless
Keyboard Glorious GMMK with box-white switches / Keychron K6 pro with blue swithes
VR HMD Quest 3 (512gb) + Rift S + HTC Vive + DK1
Software Windows 11 Pro x64 / Windows 11 Pro x64
Benchmark Scores Yes
Joined
Feb 2, 2015
Messages
2,707 (0.75/day)
Location
On The Highway To Hell \m/
I'm not a regular Edge user. But from what I can tell it's just a displacement of the normal search/address bar when opening a new tab. It goes away if you click on the place where the search/address bar would normally be.

Never mind. See post below.
 
Last edited:

fullinfusion

Vanguard Beta Tester
Joined
Jan 11, 2008
Messages
9,909 (1.60/day)
Thanks for the advice I really do appreciate it. I'm not at home at the moment but once I get home this week I'll definitely run those programs that you suggested and hopefully that fixes the problem.
 
Joined
Feb 2, 2015
Messages
2,707 (0.75/day)
Location
On The Highway To Hell \m/
Strike my previous post. I misunderstood what you were saying. Now I get it. You're talking about the web search bar below the one I was referring to. I have no clue what's up with that. They(as in MS) added something similar to IE recently(showed up in W10 with latest CU and W7 with a recent update I believe). I can get rid of it in IE by right clicking on the ribbon(I think that's what they call it?) at the top(where the address bar is) and unchecking "Show tabs on a separate row".

IE Search bar.PNG

No IE search bar.PNG
 
Last edited:

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
42,632 (6.68/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
For now id remove all piriform software
 

Ahhzz

Super Moderator
Staff member
Joined
Feb 27, 2008
Messages
9,005 (1.47/day)
System Name OrangeHaze / Silence
Processor i7-13700KF / i5-10400 /
Motherboard ROG STRIX Z690-E / MSI Z490 A-Pro Motherboard
Cooling Corsair H75 / TT ToughAir 510
Memory 64Gb GSkill Trident Z5 / 32GB Team Dark Za 3600
Video Card(s) Palit GeForce RTX 2070 / Sapphire R9 290 Vapor-X 4Gb
Storage Hynix Plat P41 2Tb\Samsung MZVL21 1Tb / Samsung 980 Pro 1Tb
Display(s) 22" Dell Wide/24" Asus
Case Lian Li PC-101 ATX custom mod / Antec Lanboy Air Black & Blue
Audio Device(s) SB Audigy 7.1
Power Supply Corsair Enthusiast TX750
Mouse Logitech G502 Lightspeed Wireless / Logitech G502 Proteus Spectrum
Keyboard K68 RGB — CHERRY® MX Red
Software Win10 Pro \ RIP:Win 7 Ult 64 bit
From posts it infected 32bit not 64 but I'll check the registry to be sure. I only use it for add/remove W10 crap apps that don't show up in Windows add/remove
stepped here to point exactly this out. 32-bit only. If something is going on with your PC, and you're on a 64-bit OS, it has nothing to do with the CC hack.
 
Joined
Jul 19, 2006
Messages
43,609 (6.48/day)
Processor AMD Ryzen 7 7800X3D
Motherboard ASUS TUF x670e-Plus Wifi
Cooling EK AIO 360. Phantek T30 fans.
Memory 32GB G.Skill 6000Mhz
Video Card(s) Asus RTX 4090
Storage WD/Samsung m.2's
Display(s) LG C2 Evo OLED 42"
Case Lian Li PC 011 Dynamic Evo
Audio Device(s) Topping E70 DAC, SMSL SP200 Amp, Adam Audio T5V's, Hifiman Sundara's.
Power Supply FSP Hydro Ti PRO 1000W
Mouse Razer Basilisk V3 Pro
Keyboard Epomaker 84 key
Software Windows 11 Pro
You could just use AdBlock for now and block that element. It might even tell you where it's located.
 

Mindweaver

Moderato®™
Staff member
Joined
Apr 16, 2009
Messages
8,301 (1.45/day)
Location
Charleston, SC
System Name Tower of Power / Delliverance
Processor i7 14700K / i9-14900K
Motherboard ASUS ROG Strix Z690-A Gaming WiFi D4 / Z690
Cooling CM MasterLiquid ML360 Mirror ARGB Close-Loop AIO / Air
Memory CORSAIR Vengeance LPX 32GB (2 x 16GB) DDR4 3600 / DDR5 2x 16gb
Video Card(s) ASUS TUF Gaming GeForce RTX 4070 Ti / GeForce RTX 4080
Storage 4x Samsung 980 Pro 1TB M.2, 2x Crucial 1TB SSD / NVM3 PC801 SK hynix 1TB
Display(s) Samsung 32" Odyssy G5 Gaming 144hz 1440p, 2x LG HDR 32" 60hz 4k / 2x LG HDR 32" 60hz 4k
Case Phantek "400A" / Dell XPS 8960
Audio Device(s) Realtek ALC4080 / Sound Blaster X1
Power Supply Corsair RM Series RM750 / 750w
Mouse Razer Deathadder V3 Hyperspeed Wireless / Glorious Gaming Model O 2 Wireless
Keyboard Glorious GMMK with box-white switches / Keychron K6 pro with blue swithes
VR HMD Quest 3 (512gb) + Rift S + HTC Vive + DK1
Software Windows 11 Pro x64 / Windows 11 Pro x64
Benchmark Scores Yes
You could just use AdBlock for now and block that element. It might even tell you where it's located.
That and Ghostery, and NoScript are good as well.
 

95Viper

Super Moderator
Staff member
Joined
Oct 12, 2008
Messages
13,053 (2.21/day)

fullinfusion

Vanguard Beta Tester
Joined
Jan 11, 2008
Messages
9,909 (1.60/day)
Well found out I got the Ccleaner infection.. I ran windows defender and it picked it up, but looking in the reg I never seen was I was suppose to see if it was infected..
Weird
 
Joined
Oct 2, 2004
Messages
13,791 (1.87/day)
The answer is, NO. Because you're running 64bit Windows. Only 32bit CCleaner was affected. Also, it was only the binary which was modified. The compromised installer didn't install anything else and the payload wasn't yet active. Meaning, if you removed affected CCleaner, there couldn't be anything left. Also, the situation with CCleaner included a trojan backdoor in the binary, not some adware that rams search bars into browsers...
 

fullinfusion

Vanguard Beta Tester
Joined
Jan 11, 2008
Messages
9,909 (1.60/day)
The answer is, NO. Because you're running 64bit Windows. Only 32bit CCleaner was affected. Also, it was only the binary which was modified. The compromised installer didn't install anything else and the payload wasn't yet active. Meaning, if you removed affected CCleaner, there couldn't be anything left. Also, the situation with CCleaner included a trojan backdoor in the binary, not some adware that rams search bars into browsers...
Format and changed my pass keys on a different device so I can relax now.

Thanks for the advise and help guys :toast:
 
Status
Not open for further replies.
Top