Foolish IT Computer Repair Software - PC Tech Utilities - Malware Prevention Mon, 19 Feb 2018 16:00:17 -0500 en-US hourly 1 42914034 CryptoPrevent v9.0.0.0 Released Wed, 17 Jan 2018 18:49:41 +0000 v9.0.0.0 (January 17th, 2017)

    • User Interface Updated-adds additional explanation on features and functionality as well as streamlines options
    • Maintenance options have been added which are powered by d7x technology (manually running maintenance is available under the Free and Premium versions, scheduling automated maintenance is a premium feature only)
    • FolderWatch HoneyPot and the Quick Access tray are now available for usage under the free license; this makes all the protections CryptoPrevent provides free for personal usages
    • Program Filter has been updated to work with additional file execution situations
    • Corrected an issue where subscriptions keys may show as expired or invalid prior to subscription running out
    • Updates have been completely re-written for performance and lower bandwidth usage
    • Update feature has been added where CryptoPrevent will automatically apply any critical updates when opened (applies to the Free and Premium versions)
    • Several performance improvements for CryptoPrevent and the Monitor service
    • Several bug fixes for CryptoPrevent and the Monitor service

We STILL have several more improvements already in development and testing, so there should be additional updates in the coming days.
You can subscribe to this category of our blog to stay current on any new additions or changes!

Resolved: Recent download failures from website links and buttons Thu, 28 Dec 2017 16:43:03 +0000 We have now corrected recent download failure issues from our end.  We apologize for the trouble, and thank you for your understanding!

ISSUE: Download failures resulting in errors such as “HTTP 500”, “ERR_INVALID_RESPONSE”, and “This site can’t be reached”.

SCOPE: Affected all downloads using encrypted download links (ending in “/?enc_dl_action=process&file=” with some additional random characters) which are served from various product pages on our website, or received in various auto-response emails from our website.

STATUS: Resolved.

NOTES: The link you were previously given or redirected to may or may not be expired or functional at this time.  If this is the case, you can visit the website again to receive a new working link. Since this issue affected a number of downloads linked to from our website, we’ve included below a few product page links, should you need to get back quickly.

Product Pages and Link References:




Free Software (product links page)

Free Tech Tools (product links page)

Small Projects (product links page)

dSupportSuite Purchase Center (for dSupportSuite; requires account login)

dMZ Additional Downloads (for d7II and d7x; requires dMZ account login)


d7II to d7x update error corrected, please accept my personal apology for any disruption in usage! Wed, 01 Nov 2017 02:35:25 +0000 Please accept that I deeply regret any inconveniences you and others have experienced due to the upgrade failures.

A corrupted archive file (containing the final part of the update to the current d7x “FastTrack” release) was replaced on our servers this morning (around 12 hours ago) which resolved the issue in our testing (using the same copies of d7II on the same systems that consistently reproduced the behavior.)

To be clear, the issue resolved today on October 31st, 2017 at around 7AM or 8AM Eastern time zone (3-4AM UTC) is regarding the extraction failure occurring during the update from d7II to d7x, and leaving a d7II.exe file in the directory that may have the version 3.6.87 but that is reduced in size (about 1.2MB instead of the 6.9MB as would be a d7II v3.6.86 or actual newer v3.6.87 executable) and that smaller d7II.exe (an “update stub”) would give the same extraction failures consistently upon any subsequent relaunch.  This issue is now resolved in what is now extensive testing throughout today.  Relaunching the same d7II.exe file (around a 1.2MB file) should now (as of the time specified above) complete the update as expected, and run the newly extracted d7x executable.


During the failure, you may have noticed a few other files that were left in the d7II directory, one of which was d7II.exe.d7II_Exe_0 (or similar.)  Renaming the file to leave the first part of the filename “d7II.exe” (you can also think of as removing the temporary file extension) would leave you the previous v3.6.86 d7II.exe file, ready for full usage, as normal and expected.  Unfortunately, we must now regret that without instructions suddenly appearing in the d7II directory, this would not have been obvious to most users, and we realize a tech that is onsite, or out “in the field” might not have a second flash drive or a copy/backup/any other accessible means to recover and use d7II at that time.

While it didn’t help this time, currently d7x contains several update fail-safe mechanisms not in d7II, as well as new update prompts/information and textual instructions that can be delivered and saved in the d7x exe’s directory in plain text files prior to the update process, should something crazy ever occur again despite the fail-safe routines.  Unfortunately, the d7x capable of newer fail-safe behaviors is the very thing failing to extract from the corrupted download in this case (how embarrassing, but it does demonstrate the need for the new d7x code!)


Also, I feel like it is equally important to take this opportunity and make clear that the new d7x is a “FastTrack” build, and not all functionality may function as expected (although there should be few if any issues beyond “Offline” functionality and the minor issues in current documentation.)  Please always read about any current issues in the d7x manual.  FastTrack builds are like the “Pre-Release” updates in d7II, or think of the “Release Candidates” in similar Windows terminology of the recent past.)  For d7x, the FastTrack builds are intended to give techs a working copy of new d7x code to use and to provide us with feedback on any features or changes.

Once standard in d7II as “Pre-Release” updates, d7II no longer detects the cutting edge update type, which was disabled in the final releases before the d7II code freeze on new features during d7x Platform code development.  As a result, the early release of d7x was only possible via the mainstream d7II update.  Those who were not long-term subscribers of d7II or who may have updated without reading the information on our d7II -> d7x update announcement (linked to via the lower status bar of d7II) may not be aware of the meaning behind the “FastTrack” status reflected in d7x’s top title bar.


Please accept my personal apologies for any troubles incurred as a result of the recent update failure.  Also, please be aware of the d7x related links below, for your benefit now and in the future, and be sure to submit feedback on the product as your time permits, so we can ensure that d7x is the app you want and need it to be, and that we don’t miss anything as we strive to exceed your expectations!

Product Links:
d7x Release Information:
d7x Manual/Current Info:
d7x Videos (Playlist):
d7x Product Page:

d7x is officially updating for all d7II subscribers… Tue, 24 Oct 2017 14:10:32 +0000 d7II subscribers will notice their copy of d7II v3.6.86 (or earlier) now promotes that an update exists to v3.6.87 (there is no actual code change for this specific .exe version; the version number is incremented to silence d7II update notifications if used after this d7x release.)

d7x Release Information


[Some information may be outdated]  Please see the d7x Manual for ALL current product information and downloads.  

d7x is the name given to the successor of d7II, our current generation PC technician productivity software.  Initial incarnations of d7x combine the underlying d7x Platform code (developed separately from d7II itself) with the d7II interfaces and much of the specific functionality, to bring product updates to d7II subscribers as soon as possible (until a fully unique d7x release is achieved) while simultaneously moving towards that goal.  Therefore, an active d7II subscription is required for any testing or usage.  In fact, to have an active d7II subscription means you are a d7x subscriber, even if your billing plan doesn’t to change reflect the new name.

d7x is currently designed to sit beside d7II in the same folder, and maintains backwards compatibility with d7II configurations and active d7II session data (temporary files and settings specific to d7II and the current repair process) so a job can be finished with d7II if necessary.  Even if d7x stopped working during an auto mode, d7II should pick up where d7x left off.

We’re excited to once again invite any d7x (d7II) subscribers to actively participate in the feedback process for current development.  We hope to continue d7x in the d7 tradition where techs contribute insightful and experienced ideas for current needs, inspiring the program features that have made the d7 and d7II great from day one!  Contribute your ideas anytime by contacting us directly or via our official support portal where you will also find message forums capable of housing your discussions on feature requests and updates for all of our software!

What's Different

d7x Platform code controls the underlying operation of d7II specific functionality (from error handling/debug systems to interfacing with the OS, file system, registry, internet operations, and more…)

d7x interfaces with the OS using new APIs that allow newer OS features and replace older concepts and tools, while preserving Unicode characters with an aim to cover the different needs of those in non-English speaking countries and with localized versions of Windows.

d7x advances client/server communications adding full SSL and verifying server security certificates on connection, for secure update communications to safeguard against attacks.  These capabilities will be extended to the “dCloud” communications when accounts can be migrated/converted, and to Self-Hosted FTP options, as well as adding new HTTPS communication abilities for Self-Hosted options.

d7x also interfaces with itself using high accuracy and error correcting routines in certain input data verification code, and includes vastly improved error handling and debug systems that automatically track quite a bit of internal data flow without extra coding.

The initially availability of “d7IIx” (named to reflect a hybrid product) earlier this year began with d7x “Platform” code, built from the ground up with new considerations in design and new fundamental basic lower-level functionality, and integrated the d7II user interface and other code designed for specific purposes and functionality (e.g. specific Windows repair processes, the entire custom apps system, etc.)  Then, much of the d7II code was unmodified, although certain things reflected improvement right away (such as Windows 10 recognition.)  Now, d7II code and specific functionality is being replaced entirely in areas like config/definitions storage operations and remote deployment options, and more is to come.

The d7x Platform code is designed not only for innovations not possible with d7II code, but also to provide a more flexible platform to be used for rapid development (and updating) of multiple application projects going forward (including our other existing technician oriented apps such as KillEmAll, dUninstaller, and dSupportSuite to name a few, as well as other new apps on the horizon.)  In fact, d7x Platform code powers the CryptoPrevent v8.x “Program Filter” module, an invisible component enabling features based on the real-time hash signature and logic-based filtering of executable files at run-time.

Specific Examples of Code Integration

To get a better idea of how the d7II code fits in, below are a few examples which illustrate the relationship between new d7x Platform code [represented by (d7x) below] which performs the unseen “grunt work” vs. the ported d7II code [represented by (d7II) below] which still handles the interface and specific/customized functionality.

Current Example #1:  Run a custom app from the user interface (d7II), read user config (d7II), determine applicable operating environment/OS version (d7x), file exist/date stamp checking to determine if we should download a new fresh copy (d7x), download the file (d7x), extract file (d7x), find/verify extracted files (d7x), determine/initiate config customizations to app (d7II), perform file/registry operations related to app customizations (d7x), launch executable (d7x), wait for it to complete (d7x) in order to perform any cleanup/post actions like log gathering, etc. (d7II) before continuing with auto mode if in progress (d7II).

Current Example #2:  Launch a Windows repair function from the user interface (d7II), read user config if applicable (d7II), determine targeted repair methodologies for the specific circumstances based on the above (d7II), determine operating conditions/perform system checks/download reqs if applicable (d7x), actually perform targeted repairs via any number of file system/registry operations (d7x), report success/failure/subsequent actions determined (d7II).

Now that the d7x Platform code has been integrated fully with the last builds going by the “d7IIx” title, much of the existing d7II specific code (as mentioned above) is being replaced, and fast.  The current d7x v0.0.0.88 update brought an entirely new Config Mgmt Portal (older dCloud/Self-Hosted FTP functionality) and introduces the d7x Remote Deployment Tool (aka d7xRDT, the ‘SFX Mini‘ replacement) both of which are all new d7x specific/d7x Platform code (d7x-only) and together replace ALL client/server communications regarding config/definition files, as well as update tracking functionality.

Current Development Focus

Our first and foremost priority is to document/fix any remaining issues with functionality that worked correctly in the last release version of d7II.

New Feature Suggestions:  At this time we are open to new feature suggestions, and large ideas are welcome; please visit our support portal to start a community post, but we ask that you understand the consideration is in future implementation, and we may not address all requests.

For the near future:  major sections of d7x Platform code are already established (in the binary) and waiting to be integrated into existing d7II code replacements.  The new d7x Platform code focuses on advanced, tested, stable, and reusable code to allow for rapid development towards reconstructing many of d7II’s best attributes into a more powerful and more user friendly tool.

Focusing on stability in the integration of d7II specific interfaces and functionality, workflow and data formats must be re-designed before we can drop d7II operational compatibility, and we plan to drop d7II operational compatibility before we move on to newer possibilities and new features.

User Interface:  There is no foreseeable ETA on a complete user interface “change” at this time.  In valuing function over form, for the most part your familiar interface will change gradually when it isn’t optional, and optional when it isn’t gradual or “under the hood” and does not maintain a familiar d7II form.  Currently there may be few UI elements that reflect interface changes conceived for d7x, however there is a lot of re-usable code ready for interface changes or more simple enhancements.

Those hoping for few major “graphical” changes (if any) may delight in seeing the new KillEmAll’s background, which forces a consistent appearance of mostly the same traditional Windows app background color across all versions of Windows, while adding only a slight gradient effect from top to bottom using a bitmap that resizes nicely.  It’s worth noting that this bitmap could be replaced as a new brand-able property.

Compatibility issues must also be considered as we apply new interface concepts, not just in maintaining d7II compatibility during the early stages, but also to allow the optional usage of the current d7II interface as a new UI develops, because a large amount of specific d7II functionality is tightly integrated into the existing user interface.  In order to replace the d7II user interface that code must be updated heavily or entirely rewritten to work with new d7x code, and to simultaneously continue to work as expected with the existing d7II interface.

In other words, d7x is a ground up replacement, and basically the UI is more or less a major part of the very final stages in a full d7x release, but we’re not quite there yet.

d7x Release Timeline

October 2017:  d7x has been rolled out to d7II subscribers!

d7x initial rollout; d7II subscribers will notice their copy of d7II v3.6.86 (or earlier) promotes an update to v3.6.87 (there is no actual code change for this specific .exe version; the version number is incremented to silence d7II update notifications if used after this d7x release.)

  • Download d7II.exe for use as a backup (if missing) using the d7x “Main” menu > “Check for Updates” option.  (This should be done automatically when updating from d7II.exe)
  • NOTE:  Offline tab functionality is NOT fully functional in this d7x release.  Please continue to use d7II.exe for all Offline related functionality (including usage from a ‘Tech Bench’ PC and/or WinPE based boot disk.)


September 2017:  The latest d7x TestBuild replaced the d7IIx Alpha versions, which could be tested with confidence in a production environment (provided you kept d7II with you as a backup.)

March 2017:  d7IIx was released to early adopting d7II subscribers for assistance in testing.

Earlier:  d7II specific code was merged with a mostly completed d7x Platform based code project (being ready to adopt specific d7II functionality) under the name “d7IIx Alpha” for a time.

Where to Download / What to Expect

(Current availability) d7x has been released to all d7II subscribers through the standard in-app update system.  If you are not yet prompted to update, visit the Main menu (top left) > Check for Updates from within d7II.

Alternately, you can get blank-config product downloads from the d7x Manual, or pre-configured product downloads from dMZ Additional Downloads page (requires your “uid-” dMZ login.)  Both require supplying either your d7II/d7x registration information and account credentials, or the Reg.Settings.dat file from a d7II\Config directory containing a registered/working copy of d7II.

After the d7x update, d7II.exe can still be used on the same PC, and within the same session.  This is intended as a fail-safe option, in the event of any unexpected d7x crash or functional failure.

In order to facilitate the d7II fail-safe functionality, d7II is the “dominate” app, and will assume any active d7x session data yet replace the original path/.exe file in the registry with itself for future use.

Additionally, d7x will not start if an active d7II process is found, or if d7II is launched first without using End Session (except when d7x is launched during the update process.)  In order to switch back to using d7x on that system, you must use the End Session functionality in d7II, or modify/delete the appropriate d7II session data.

Detail:  d7x determines the location of the d7II path/.exe from values found in the “HKLM\Software\Foolish IT\d7II\Session\Paths” key.  If the .exe file exists, it will launch that .exe (passing any command line arguments that were received by this d7x process instance) then terminate itself as the d7II process starts up using the rest of the d7II session data created by d7x for backwards compatibility.

d7x-d7II session behavior may be phased out or triggered by user prompt as features are added to d7x which become necessary for the desired behavior, yet have no backwards compatible equivalent for d7II, causing incomplete (and possibly unknown) behavior with d7II.

Please see the d7x Manual for ALL current product information and downloads.  


d7x FAQ  

Q: I have d7II. Will I need to purchase a new or upgraded license?
A:  NO!  New name, new logo, same license/subscription!  ALL existing licensed copies of d7II will automatically update to d7IIx/d7x at their respective release dates, while incurring no additional charges of any type, at any time.  The d7IIx and d7x upgrades are naturally a part of your existing d7II license, including “lifetime” licenses.  Basically, if you have a licensed and working copy of d7II, you are included!

In fact, to have an active d7II subscription means you are now considered a d7x subscriber, and will be referred to as such in future documentation and emails.  Note that some billing related emails may not reflect the new name, nor will Paypal accounts/emails when used for recurring subscription payments.

Q: I have d7II. Will I need to reconfigure it after the update?
A:  Only a little, but we’re aiming to deliver a ‘painless’ experience!  Some configuration may be necessary for new or updated functionality, however d7x will upgrade anything relevant from an existing d7II configuration to the new d7x format automatically.  If necessary, you will be prompted during conversion with a central interface to aggregate the changes and assist you in making any decisions about any new settings which may be necessary.

Change may be required:

All copies of a “d7II SFX Mini” used in remote deployment will continue to download only the last versions of d7II.  If configured, d7II could automatically update to d7x with every usage adding considerable time to the initial startup from the SFX Mini, as well as allowing for potential complications (currently the d7II-d7x update process involves 5-7 separate downloads through an updater stub, and would occur after the SFX Mini downloads all d7II components that will be disregarded by d7x.)

  • To continue using d7II and the SFX Mini, you should ensure any d7II config(s) used with your SFX Mini have disabled automatic updating of the d7II application from the Config > Behavior tab, in the lower right column.  Save and upload any config back to the cloud (or your self-hosted FTP) if the d7II automatic update option was enabled for session or app startup.
  • For a d7x replacement to the SFX Mini, (which will download d7x instead of d7II) you must create and use the newer d7xRDT (Remote Deployment Tool) – details are in the d7x Manual.
Q: Will there be a price change?
A:  YES for NEW subscriptions (this includes REACTIVATED d7II accounts!)  [not yet implemented]  As d7x becomes available there will be pricing adjustment of some measure, but for new subscriptions only.  A new “subscription” refers to the subscription billing agreement/payment schedule, NOT the d7II owner account, therefore ALL previously cancelled/invalidated/lapsed d7II subscriptions have already lost the originally associated pricing rate, and any former subscriber who wishes resubscribe must do so under the current pricing rates available to new subscribers.

A:  NO for currently active d7II accounts!  Customer loyalty deserves reward, so ALL existing d7II accounts which remain active are eligible for d7x based upgrades with NO change in your existing pricing terms.  Actively billed subscription plans will continue to be charged at the previously agreed upon rate (as determined when you committed to that payment plan through our 3rd party payment processor) provided that your subscription is maintained without a lapse in payment or service.

* Please note that d7II is licensed at per-technician rates (single tech, 2-5 techs, 6-10, 11-15, etc.) and therefore to increase technician usage at any time would require a new/upgraded license, which does constitute a new subscription plan that may be charged at the current rates.  Additionally, any d7II account cancellation (prompted either by customer request, or due to a lapse in payment/subscription without a timely customer response to rectify the missed payment and reinstate service) will require a new subscription to be charged at the current rate for the product during that time.

Q: Will there be a free edition, trial period, or a one-time purchase option?
A:  We are considering a limited free edition possibly with full version trial capabilities, as well as a one-time purchase option for certain modular areas of d7x functionality.  These are low priority considerations and entirely dependent on finding a good functional balance in separation of features, with respect to what we have (or have not) planned for future functionality in the ever-evolving full edition.
Q: What does the 'x' stand for, 10 or something?

A:  NO!  To be honest, some of us believe the usage of the letter ‘X’ in pop culture is a bit annoying, so our ‘x’ actually gets its inspiration from a common convention in programming (and math formulas) to use ‘x’ as the primary variable name.  In programming a variable can be substituted with a real value in repetitious code blocks, with ‘x’ often used as the numerical index in For…Next loop statements e.g. For x = 0 to Ubound(SomeArray)…  ‘x’ is also the most recognized way to refer to multiple or unknown specific software versions, like referring to a range of revisions at once, e.g. v4.x instead of v4.0 and v4.1 and v4.2, etc.

Either way you look at it, d7x represents a variable:  it is ever-evolving and improving to suit the expanding needs of PC repair technicians everywhere!


CryptoPrevent v8.0.4.3 Released Thu, 05 Oct 2017 14:43:47 +0000 v8.0.4.3 (October 5th, 2017)

  • Performance increases for save/load of Bulk/White-Label configurations
  • Performance increases in the application of Bulk/White-Label settings at time of install
  • Performance increases on application startup
  • Several other minor performance improvements
  • Corrected issue where blacklist command line option may have whitelisted in some cases
  • Bulk registration data is now handled entirely via HTTPS (Note registration data was always encrypted prior to being sent, this mainly eliminated a fallback v7 Bulk communication method)
  • Several other minor bug fixes
  • New FolderWatch/HoneyPot options (see more here)
  • HoneyPot Detection Message shows details about detected event and file detected
  • HoneyPot Detection Message gives the option to go back into windows explorer (instead of just shutdown or reboot)
  • Subscription Information shown in a tab in the interface
  • Debug submission available under subscription tab (so this is a premium only option to email support with debug info attached)
  • Additional HoneyPot Detections for new ransomware variants
  • Management Console ready (A management console is in the works and being up to date with this version should prepare the clients for this ability on its release)

We STILL have several more improvements already in development and testing, so there should be additional updates in the coming days.
You can subscribe to this category of our blog to stay current on any new additions or changes!

d7x (Alpha) September Update (Updated) Fri, 22 Sep 2017 22:07:10 +0000 d7x v0.0.0.90 just released adds Windows 10 to custom app platform/OS restriction settings.  If not configured, behavior should not change.  Backwards compatibility note:  This is the only area in d7x configurations where d7II may (and likely will) erase the setting entirely when used to edit the same custom app configuration.

Although we’re not looking to add new features in d7x Alpha at the moment until we have tested everything, had good feedback from testers, and are confident in bringing this to the d7II “Pre-Release” stage, there are *minor* improvements we’d like to make along the way.

This is a great example of what these look like.  So if you have any suggestions that will add some real use to d7x right now, let us know.  While we can’t guarantee anything no matter how small at the moment, we would like to see what the current ideas are shaping up to look like as we begin to wrap up some things and proceed to new areas in d7II code replacement.

See this post if you missed it, and/or need any links:

d7x (Alpha) September Update for d7II subscribers – Latest update includes a NEW d7x Remote Deployment Tool (d7II SFX Mini), a NEW Config Mgmt Portal, and more for testing!

This latest d7x Alpha “TestBuild” replaces the “d7IIx Alpha” versions opened to all d7II subscribers in March.   We believe this release can be tested with confidence in a production environment, provided you keep d7II with you as a backup.  d7x Alpha is designed to sit beside d7II in the same folder, and maintains backwards compatibility with […]


d7x (Alpha) September Update for d7II subscribers – Latest update includes a NEW d7x Remote Deployment Tool (d7II SFX Mini), a NEW Config Mgmt Portal, and more for testing! Thu, 21 Sep 2017 19:15:58 +0000 This latest d7x Alpha “TestBuild” replaces the “d7IIx Alpha” versions opened to all d7II subscribers in March.  

We believe this release can be tested with confidence in a production environment, provided you keep d7II with you as a backup.  d7x Alpha is designed to sit beside d7II in the same folder, and maintains backwards compatibility with d7II configurations and active d7II session data (temporary files and settings specific to d7II and the current repair process) so a job can be finished with d7II if necessary.  Even if d7x stopped working during an auto mode, d7II should pick up where d7x left off.

The next release stage will bring the d7x “FastTrack” builds to the d7II “Pre-Release” update system, and later as a full next-version release through the standard automatic update system.

Please see the d7x Manual to download and learn more about what’s new with this release, including the d7x Remote Deployment Tool (aka d7xRDT) the “SFX Mini” replacement, and new Config Mgmt Portal replacing the dCloud/Self-Hosted FTP functionality.

Also, this d7x Alpha Youtube playlist was created for early demo and how-to content, and currently contains a new video on the d7x Bug Submission Interface, but 2 more videos with new content are already awaiting edit.  (Be sure to subscribe to our channel for update notifications!)

Tuesday’s Foolish Tech Show also has a rough/impromptu and fairly long overview of some new functionality, which we go over after the whole CCleaner fiasco.

Learn about the d7x “Alpha” series and the overall product direction here.  Only d7x subscribers (meaning current d7II subscribers with active subscriptions) may test d7x Alpha.


CCleaner (Piriform) Malicious Code Breach! d7x/d7II/dSupportSuite Users Take Notice! Wed, 20 Sep 2017 14:51:01 +0000 Sept 26th, 2017 Update:  Yesterday this appeared on Bleeping Computer:

Avast Publishes Full List of Companies Affected by CCleaner Second-Stage Malware

Bleeping also put out a nice article from the 22nd, containing a nice summary if you’re just catching up on the news (because of course more has emerged since our last update, and we shouldn’t just assume you read it elsewhere):  

Info on CCleaner Infections Lost Due To Malware Server Running Out of Disk Space

Sept 21st, 2017 Update:  These articles also came out yesterday, unfolding some plot twists to this story.  If you get your news here, you could do better!  

It seems a new backdoor was discovered and … you just need to read these:

CCleaner Command and Control Causes Concern

CCleaner Malware Infects Big Tech Companies With Second Backdoor

Original post is below, but be aware some details may no longer be accurate as the story unfolds.

This came out two days ago on the CCleaner blog:  Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users.

It seems that CCleaner has had malicious code bundled into their 32bit binaries (along with their “Cloud” version) and the tampering occurred prior to distribution.  The infected binaries were provided for download from their official site/update servers and distributed legitimately for about a month, silently infecting users to send data back to the ethers.  It also occurred completely under the nose of their new parent company Avast, the anti-virus software maker who acquired Piriform (the makers of CCleaner) as recently as July.  In fact, yesterday Avast released their own blog post about it, Update to the CCleaner 5.33.6162 Security Incident.

For the consumers who’ve used any of their products, you need to know this, but I’ve got ZERO advice for what you do with that information (other than maybe call a tech if you aren’t tech oriented, because you have software on your PC that is sending bits of your data elsewhere.)  On second thought, I’m told that Malwarebytes says their software removes/fixes it, and I see they have a blog post here:  [Updated] Infected CCleaner downloads from official servers (they have the free/trial/paid user-level “scanner” software which I’m sure all editions take care of the issue quite effectively.)

With prevention, the damage is done and over for the most part unless you’re still running the infected CCleaner, but that person isn’t reading this article…  By next update at least all of our CryptoPrevent users who haven’t noticed or heard should have detection sigs for the affected binaries, and Folder Watch can quarantine or the Program Filtering can pick it up on execution as well.  In fact from a few days ago when ClamAV was the only anti-virus engine to detect it ( today it lists 41/64 engines detecting it, and that’s just how it goes in this industry.  If you have the infection but you have any sort of security software, you won’t have the infection for long.

Finally the elephant in the room is trust.

I’m sure that the CCleaner developer could’ve been as shocked as anyone else to learn about the incident, but I just don’t know.  As for Avast, if checking CCleaner (and their other software) binaries with their own security staff, or even just a little software scan with their product, was not part of their decision to acquire Piriform/CCleaner, then I’d be very surprised (and maybe I should be…)

Regardless, if you use CCleaner or Piriform products, I don’t think that this is any reason to stop using them, or the parent company’s Avast’s products.  We should all now agree that malicious activity can breach even the most trustworthy, and we should also agree that when the incident is over it isn’t always a “trust” issue at all, maybe it’s more rare than we’d normally admit, but we just got burned.  So far that’s all anyone knows here, but the thing is it wasn’t just CCleaner users, but the people at Piriform got burned too, meaning whoever punches the clock there that isn’t involved in this (which is up to and including maybe everyone.)

I have no real advice here, and in fact I would like to explicitly offer no suggestion at all; but at this point in time, there are two points to understand:

1.  Piriform hasn’t entirely dealt with the issue until they know who did it, but that is a legitimate and long established “good” app and company, and you should have no doubt that Piriform (and their parent company Avast, the makers of that big anti-virus software product, I might reiterate) will be paying attention more closely from here on out.  That should be more comforting than it might sound to someone already burned.

2.  Realize that this can happen to any other legitimate and long established (“trusted”) software by the time you make the switch, if it didn’t happen already and it’s just undetected to date (as was the case here.)  

So the best I can offer for the time being is just a little food for your own thought, with the disclaimer that you take this information like anything else you read on the internets, with a grain of salt!  (That, and don’t forget you are likely infected, so get your PC looked at!)  


Now, speaking only to our IT Professional / Tech Shop customers, here’s what you need to know as a tech/IT pro who maybe uses CCleaner through a custom app profile with our software:

Malicious code has infected 32bit binaries of the 3rd party software CCleaner, which can be found as a default/included custom app profile in our more popular tech-oriented/non-consumer Foolish IT apps dating back to the original d7, so there’s a high probability that someone is using it in their tech work and repair scenarios…  64bit systems are unaffected, and there isn’t a “Cloud” version in our example profiles for 3rd party applications, so you should know if that’s an issue because you created and use the customized profile.

It’s worthy of note the malicious code was planted … ok I haven’t read it all (it would seem at least before digital code signing) which means it was an “inside job” and therefore changing your download links in the custom app profiles won’t matter, it wasn’t that kind of breach…

For more technicals on the CCleaner thing, the folks at Cisco’s Talos Intelligence Group have a nice technical analysis in CCleanup: A Vast Number of Machines at Risk and thanks to our own Brantley for the link, who pointed out the pic of ClamAV near the bottom with the very first detection, good job!  (ClamAV is an anti-virus engine which seems like the historical last to recognize or do much of anything, another fine example of how things shift quickly, frequently, and wildly in this industry.)


d7II and d7x (Alpha)

CCleaner (under the default custom app in d7II/d7x) should re-download itself every 7 days, so if the affected version exists in your d7II 3rd Party Tools directory, and for example you lived under a rock and didn’t know about the breach, then the infected version will be there for at most another 5 days before it is replaced by Piriform’s most recent version which we would all hope is still as clean as it should be right now.

In fact, you can disable the re-download option right now (d7II Config for the custom app, persistent settings tab, you want the check at the top I believe) and it won’t ever update unless it isn’t there, so in a bench / network / office / USB flash drive scenario you’re good to go with the download you have, still a very good program for what it does and more than likely legit/clean at the moment, and it won’t update anymore so you can use it without worrying about the profile updating it to a version you don’t trust yet.

Of course you’re reading this, and hopefully you clicked on the alert in the lower status bar, then please just go delete the entire “\3rd Party Tools\ccleaner” directory, and the “\3rd Party Tools\” file if they exist from ALL of your copies of d7II/d7x, and be done with it; the (hopefully) still clean versions will download automatically as usual, as you decide to use them.

If you made it this far and you are a d7II subscriber, please also check out the d7x Alpha info page to understand what is different and consider testing it, the download is found in the new d7x Manual.


d7 (original/free)

I do believe it is a default option for maintenance, and although I don’t recall the specific download rules in the final v10.something, I do not believe it updates much.  Anyone using this tool should seek to do the same as mentioned above and delete your CCleaner files, let them re-download and use that if you insist, for the time being.  Then look into d7II and the upcoming d7x first and step up.


dSupportSuite (and dMaintenance)

Owners of dSupportSuite may know the software includes example custom app profiles for CCleaner/Defraggler as 3rd party downloads, and those who’ve deployed dSS profiles to your clients using these apps are of course affected.

So with every maintenance cycle of dSupportSuite (weekly) by default when an internet connection exists it should attempt to download the latest 3rd party tools configured for use.  Good for the fix, not so much when it was a problem!  The same automated re-download on every maintenance also applies to the older dMaintenance stand-alone apps (both the original tech version and later home edition.)

Although the issue has been corrected (for the moment) on Piriform’s end, and we’re sure that they (and their parent company alike) will be keeping a close eye on future releases, you wouldn’t be wrong to push out a new profile that doesn’t include it, at least for a time.

Also, those machines have infected code possibly running on them right now, and as much as any fix (which will more than likely be present in their security product already on their system within the next few days, if it isn’t already neutralized) your clients need to be made aware of the breach itself.


The same goes for many tech shops and repair guys out there, I think your customers need to hear it IF they can possibly be affected.  Probably most tech shops at one point in time or another have had at least one employee use CCleaner on a customer’s system, quite a few probably within the last month, world-wide…  That’s conservative, but my guess more than likely is that CCleaner is just part of the way things are done in many tech shops, by most if not all techs who are allowed to do their own thing, if not being some semi-to-official company mandate (depending on how large the company is they shy away from 3rd party apps without $$ agreements, but under 20 employees it’s completely possible.)  It surely is in the toolbox of most door to door guys, wouldn’t you think?

This wide-spread usage is for a good reason, let’s not forget.  I think most agree it’s also good at doing what it advertises.  Dispute the app’s necessity all you want (and I would personally do it in some other article to some degree) but I don’t ever recall finding fault with the company’s character, and we still have it in the custom app profiles our tech customers use for a reason.  As stated earlier it is a legitimate and long established “good” app and company, so don’t’ forget Piriform’s reputation and read up on how they are handling it well right now.

I’m sure since it’s so widely respected and used, a quick visit to your favorite tech forums and you’ll find plenty of tips and example scripts on what others are already saying to their customers.

I know it’s an ugly conversation with any client, depending on how one might view the situation, but if you approach it with honesty, it can be a good opportunity to reconnect with clients maybe you haven’t seen in a while, and show them some concern and care.  It’s good to build any of your client relationships through all seasons, and the integrity pays in good ways.


]]> 1 12907
Foolish Tech Show 09/19/2017 has been posted to our YouTube channel! Tue, 19 Sep 2017 17:51:50 +0000 If you missed the show from today (09/19/2017) or just want to review it again, we’ve got it edited and posted to our YouTube channel!

On this episode we go over some of the security issues going around right now and Nick spends a good chunk of time going over the latest updates to d7x. *Spoiler Alert It’s ready for production usage* d7II can be used as a backup fallback still*

d7x Manual (Alpha Release Notes/Download):

d7x Manual

“Pan Galactic Gargle Blaster” from Hitchhiker’s Guide To The Galaxy:

CCleaner Infected:
*Updated From Avast * Not talked about on show*:
Credit Karma ID Monitoring Service:
SMS Doesn’t help for 2-factor authentication:
Toy-R-Us files Bankruptcy:
Logitech TrackBall Updated:
d7x Manual (Alpha Release Notes/Download):

d7x Manual

Create WinPE Boot Disc:

Creating a WinPE 5.1 Bootable

d7x Manual (Alpha Release Notes/Download):

d7x Manual

We’ll be back on the air next Thursday (09/21/2017) at 5pm EST! Join us at to join our live chat and talk with us directly!

2017-Back2School Sale 31% Off Everything! Sat, 22 Jul 2017 22:15:45 +0000

Back 2 School Sale
31% Off Everything

Home/Business Products

Protect your school work from ransomware! 
For Subscription Use Coupon Code:

For Non-Subscription Use Coupon Code:


For Bulk Edition Use Coupon Code:


For White-Label Edition Use Coupon Code:


Tech Shop Products

Repair the school computers with ease! 
For d7II (all variants) Use Coupon Code:

For dMZ Add-ons Use Coupon Code:


Keep the school computers running smoothly! 
For dSS (Single Payment) Use Coupon Code:

For dSS (3-Month payment split) Use Coupon Code:


Check out our other apps; like dMaintenance and dUninstaller and more! 
For All Other App Purchases Use Coupon Code:
*Discounts apply to first term on subscriptions where applicable

]]> 12700