http://blog.talosintelligence.com/20...s-malware.html
http://www.piriform.com/news/blog/20...-windows-users
My cold-hearted advise if you are affected: system
reinstall. A system that got compromised, must still be considered to be compromised after any "cleanings", "repairs", or whatever. The only way to deal with a bug and be certain, is to nuke the whole system from orbit.
Note that Talos (first link) disagrees with Piri (second link) on the ammount of damage done. Talos says it potentially could be an immense number of users, Piri says the threat was tackled before it could do damage. Of cpourse, Piri has its own reputation to protect here, Talos is a neutral third party.
I believe I understood it like this: a completely infested version of CCleaner was spread via a manipulated servers of theirs, and so the malware must have reached millions and millionsn of users, see the link for affected version and date. The malware scanned the infested systems, extracted data and downloaded additional malware, which was probbaöly the intended "warhead" to detonate. But if Piri is right, then this malware never got activated, they switched off the rogue server fast. Which means that affected people have downloaded-for-sure, but non-activated malware on their machines now. Their systems probably got scanned and data was extracted. The additonal downloaded malware, the warhead, is still there.
Well, believing is not knowing. So expect the worst.
Nuke it. From orbit.
P.S. Note that the critical version of CCleaner was distributed for almost a full month. Thats damn many systems affected.