What is Floxif?

Floxif is a backdoor infection that was able to illegally modify CCleaner’s installation files and enter the systems of its unaware users without being detected. You might be one of these unfortunate users if you downloaded CCleaner 5.33 version between August 15 and September 12. In which case we highly encourage you to learn more about this situation and continue reading our report. In the rest of the text, we will explain to you how the malicious application was able to travel with the well-known PC optimization tool and what problems it might have caused to its victims. Just below the article, we will present instructions showing the recommended steps that should be taken if Floxif infected the computer.

How was Floxif distributed?

The malware’s creators somehow were able to obtain a valid digital certificate signed by Piriform; the company who created CCleaner. The hackers used it to sign Floxif’s installer, which later was embedded to the mentioned PC optimization tool’s installation file. Thus, when the user would download and launch the setup file, the infection’s installation would automatically initiate as well. However, we should stress that this was possible only if the user was running a 32-bit system; otherwise, the threat’s installer could not launch. As we said at the beginning, the modified installer could have been downloaded up till September 12. Afterward, the malicious server from which the backdoor infection was noticed to be downloading its payload was closed due to the actions of Avast and law enforcement institutions. The reason why Avast was dealing with this malware is that it purchased Piriform and the company's created application few days after the modified files were firstly distributed.

How did Floxif work?

The research shows Floxif could have created particular Registry keys to settle in, but updating the compromised PC optimization tool should overwrite them with legitimate keys. Then it was noticed it could connect to the earlier mentioned server from which it might not only downloaded data but also uploaded information gathered after infecting the device. It looks like the threat might have been after the user’s login passwords, list of installed software or programs running at the moment the system was affected by the malware, etc. Revealed computer’s password could turn into a disaster as it might allow hackers gain access to the system, so users should change it at once. On top of this, specialists say the backdoor infection may have had a way to place more malware on the device. Fortunately, researchers did not notice such behavior, and it is entirely possible the hackers behind the malicious program simply did not have the time to exploit this opportunity or perhaps their only intention was to steal user’s data.

How to remove Floxif?

Even though Floxif sounds like an extremely complicated and dangerous threat, its deletion might be not as difficult as you could imagine. To make sure the backdoor infection is fully erased and the system is not at risk any more specialists advice to complete the steps listed below this paragraph. Also, if you need more help or have some questions related to this malicious program, you are welcome to leave us a message below or write us via social media.

Erase Floxif

  1. Launch CCleaner.
  2. Agree to update the program if you see a notification suggesting it or go to the official developer’s website and download the latest update.
  3. Choose a legitimate antimlware tool, then install it and set it to scan the system.
  4. Press the deletion button to eliminate all identified threats.
  5. Change the computer’s password or other login information that could have been obtain while the backdoor infection was active. 100% FREE spyware scan and
    tested removal of Floxif*

Leave a Comment

Enter the numbers in the box to the right *