Piriform makes CCleaner, a popular application that allows Windows users to perform routine maintenance on their systems. CCleaner was compromised and used to spread malware last year.
The same group published a second analysis, detailing a number of companies that it said were targeted by the malware within CCleaner. Listed were Cisco, Intel, Microsoft, HTC, Samsung, VMware, Akamai, Sony, Singtel, D-Link, O2, Vodafone, German gaming and gambling company Gauselmann, Linksys, Gmail, MSI, Dynamic Network Services and Epson.
In its latest update, issued on Thursday, Avast said in order to complete its investigation, it had migrated all the Piriform infrastructure to its own set-up.
In the course of this process, it found that ShadowPad had been installed on the four Piriform PCs on 12 April 2017. The installation of ShadowPad was presumed to have been done by the second stage downloader of the malware that was used to compromise CCleaner.
"By installing a tool like ShadowPad, the cyber criminals were able to fully control the system remotely while collecting credentials and insights into the operations on the targeted computer," the Avast post said.
"Besides the keylogger tool, other tools were installed on the four computers, including a password stealer, and tools with the capacity to install further software and plugins on the targeted computer remotely."
The Avast post said that the investigation into the CCleaner compromised was continuing and it would issue further updates as needed.