Also known as: CCleaner bundler
Category: Malware
Type: Bundler, potentially unwanted application (PUP), browser hijacker, adware
Platform: Primarily Windows
Variants: Legitimate PUP bundlers and compromised versions
Damage potential: Exposure of sensitive information, installation of malware or additional software without the user’s knowledge, browser hijacking, reduced system performance
Overview
SWhile Piriform is a legitimate utility software provider, some versions of its software, especially those with bundled extras, have been flagged by antivirus programs. The Piriform bundler first gained public attention after the 2017 CCleaner supply-chain attack. In this incident, hackers compromised CCleaner version v5.33.6162 by embedding a trojanized version distributed through official channels. The trojan targeted high-profile organizations, allowing attackers to steal sensitive information and deploy additional malware.
In addition to these more severe threats, some legitimate versions of Piriform software may come bundled with potentially unwanted programs (PUPs). These PUPs may include browser toolbars or adware, often installed unintentionally if users skip over options during installation. While PUPs are less harmful than malware, they can still cause unwanted changes to browser settings, invade privacy, and slow down system performance.
Possible symptoms
The main sign that your device may be affected by Piriform's bundled software or PUPs is the unexpected appearance of Piriform programs (such as CCleaner, Defraggler, or Speccy) or other unknown applications you haven’t installed. Other symptoms to watch for:
- Slow computer performance or frequent freezing and crashing.
- Added or modified files you didn’t install.
- Changes to desktop settings (for example, a new wallpaper or different icons).
- Reduced storage space from unwanted programs or files.
- Frequent pop-up ads or banners while browsing.
- Redirected search results to unwanted sites.
- Modified browser settings (for example, a different homepage or default search engine).
Sources of the infection
Your device may become infected with Piriform's bundled software or PUPs from:
- Legitimate software from official sources that has been compromised (for example, the 2017 CCleaner attack).
- Third-party download sites that offer bundled installers from unreliable sources.
- Drive-by downloads from compromised websites that automatically download malware when visited.
- Software updates that automatically install infected versions of Piriform software.
- Fake installer packages distributed via phishing emails or rogue advertisements that mimic original software but contain malware.
- Adware injections during installation, where bundled software includes optional adware that users may install unknowingly by skipping prompts.
- Peer-to-peer file sharing platforms, where cracked or pirated Piriform software often comes with modified or infected installers.
Protection
Protecting your device from unwanted programs and bundled software requires careful cybersecurity practices. Here are some tips to help you stay safe:
- Be careful when installing software to avoid downloading unwanted programs.
- Choose custom installation options to uncheck any extra software you don’t need.
- Only download software from reliable, well-reviewed sources to avoid risks.
- Avoid visiting suspicious or unverified websites that may host harmful files.
- Use tools like NordVPN’s Threat Protection Pro™, which functions as a malware blocker that scans your downloads for malware and blocks harmful files before you download them.
Piriform bundler removal
You can remove the Piriform bundler PUPs from your computer using a reputable and up-to-date antivirus program:
- Run a full system scan with trusted antivirus software.
- Follow the antivirus software’s instructions to remove the detected files.
- Uninstall any suspicious programs through your system’s control panel or settings.
- Reset your browser settings if they have been modified.
- Delete temporary files to ensure no remnants of the bundler remain.
