ky331
7 Gold

MalwareBytes now detecting many Auslogics products as "PUPs"

PUP = Potentially Unwanted Program

Auslogic's Disk Defragmenter is included among the programs being detected... it is NOT a "False Positive" on MBAM's part.

I had "frozen" my Auslogic's Disk Defragger program a few years ago (i.e., I intentionally haven't updated it since then), so it's possible that the newer/modern objections don't apply to mine.   Regardless, since it's a program I want and use, I am instructing MBAM to allow/ignore it.

I *MIGHT* be concerned about the later/newest versions...

The choice is yours... to each, his own.

https://forums.malwarebytes.org/topic/191302-adwcleaner-fp-with-auslogics-disk-defrag/

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
10 Replies
joe53
6 Gallium

RE: MalwareBytes now detecting many Auslogics products as "PUPs"

As it happens, I found this morning that MBAM Premium had detected 2 Auslogics files on a scheduled overnight scan on my Win 7, namely:
PUP.Optional.AuslogicsDiskDefrag, C:\Users\joseph\AppData\Roaming\Auslogics\Disk Defrag\Reports\Disk_Defrag_Report.html, No Action By User, [eb2f06deb4e644f20cce1b8ab14faa56],
PUP.Optional.AuslogicsDiskDefrag, C:\Users\joseph\AppData\Roaming\Auslogics\Disk Defrag\Reports\Disk_Defrag_Report.xml, No Action By User, [eb2f06deb4e644f20cce1b8ab14faa56],

These files (both reports) were created in September/2013, when I was using Auslogics Disk Defrag, which I subsequently decided to uninstall, after Auslogics bundled Search Protect by Conduit with a defrag upgrade (which I allowed to install in an unguarded moment - my bad!). I just couldn't trust any company that would bundle malware like Conduit.  

So I uploaded both files to to VirusTotal, where 0/54 scanners detected anything amiss (including MBAM). I don't know if the scanners at VT scan for PUPs, however. So I downloaded the latest version of AdwCleaner from Malwarebytes, and its scan also flagged some Auslogic folders:
[!] Folder not deleted: C:\Users\joseph\AppData\Roaming\Auslogics
[!] Folder not deleted: C:\ProgramData\Auslogics
[!] Folder not deleted: C:\ProgramData\Application Data\Auslogics
It also detected 4 registry keys related to Auslogics.

I'm not surprised that Malwarebytes detected Auslogics files. What remains a bit of a mystery is why only now does MBAM decide that Auslogic files are potentially unwanted?

_________________________________________


Dell Forum Member since 2,000


 Use OpenDNS   MalwareBytes' Anti-Malware Free


Windows 10 Pro (64- Bit): Malwarebytes 4.x Premium, Windows Defender AV, Windows Firewall, WinPatrol PLUS, Emsisoft Emergency Kit Free and HitmanPro Free (on-demand scanners), OpenDNS, MVPS Hosts file, SpywareBlaster, Pale Moon web browser, Sandboxie, CCleaner Free.


"In the future, everyone will be anonymous for 15 minutes" - Banksy

0 Kudos
ky331
7 Gold

RE: MalwareBytes now detecting many Auslogics products as "PUPs"

https://blog.malwarebytes.com/malwarebytes-news/2016/10/malwarebytes-gets-tougher-on-pups/

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
PudgyOne
8 Krypton

RE: MalwareBytes now detecting many Auslogics products as "PUPs"

I just scanned with Malwarebytes(FREE Edition)(NO Trial) version on 12/3

It did NOT detect any issues with Auslogic's Disk Defragger Version 5.4.0.0

(Version has a copyright date of 2008 - 2015)

Rick


#DellRockstar

Welcome to Dell Community!

#DellWorld 2012
#DellWorld 2015
#Dell EMC World 2016

#MicrosoftMVP - Windows Expert-Consumer April 1, 2012 to March 31, 2015

This is a Dell User Forum. I am a Dell user, just like you are.
0 Kudos
ky331
7 Gold

RE: MalwareBytes now detecting many Auslogics products as "PUPs"

On this particular system, I have Auslogics Defragger 4.4.0.0 ;  (c) 2008-13 ; which was detected as a PUP.

Edit:   On another system, I have Defragger 4.4.1.0 ; and the MBAM detections were all during its heuristic analysis phase.

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
joe53
6 Gallium

RE: MalwareBytes now detecting many Auslogics products as "PUPs"

Thanks for the link, ky. It's about time Malwarebytes got more aggressive.

You guys were wise not to update your versions of Disk Defrag. I liked the program, and all my problems with it began with a version update. Out of interest, I went to Auslogics website, and looked at the version history of Disk Defrag. Of note were:

v. 5.3.0.0 (10/02/2015)
•the program now participates in the Auslogics Green Seal Project, which guarantees it to be free of toolbars, adware or third-party offers in the installer;
•fixed minor bugs.

v. 7.1.0.0 (09/11/2016)
•Users may now choose if they want disk temperature to be displayed in Celsius or Fahrenheit;
•Installer was optimized for better user experience;
•All known bugs have been fixed.

Wow- no 3rd party offers in an optimized installer! Could Auslogics have changed its ways? I had to investigate. So against my better judgement, I downloaded and ran the most recent version of Disk Defrag, using a "Custom Install".

Results:
The installer will set Yahoo as your home page and default search engine, and also install "BoostSpeed" (a registry and disk "cleaner"), unless you use the custom install, and uncheck these default options. Despite unchecking these options, it still tried to change my homepage to Yahoo (caught by WinPatrol), which I rejected. Despite rejecting Yahoo twice, WinPatrol kept throwing up alerts.

MBAM Premium detected a dozen or so Auslogic files during the installation, which I allowed (for now). After installation completed, I was re-directed to giveaway-club dot- com, which promoted Auslogics free "BoostSpeed". When I opened IE 11, my homepage was unchanged, but I got an alert that an unkown program was still  trying to change it to Yahoo, which I yet again rejected. 

I ran Disk Defrag, which ran without problems. But I was informed that over 2,000 problems with my computer had been detected, (most of them registry errors, plus junk files wasting 94 MB of disk space) that - you guessed it - BoostSpeed could fix. Talk about scareware!

In short, this PUPpy hasn't changed one bit. It ignored my explicit instructions, and installed what it dangwell pleased. If not for WinPatrol and MBAM real-time protection, my home page, my search engine would have changed, and I'd probably have a worthless registry cleaner installed.

So I uninstalled Disk Defrag (and its evil twin program - AuslogicsDriverUpdater) via Control Panel. Then I purged the Auslogics remnants (files, folders, and registry keys) found by MBAM (17) and AdwCleaner (6).

Malwarebytes was right to tag Auslogics as a PUP. I just wish I still had the installer for a version of Disk Defrag from before the time Auslogics crossed  to the dark side.

_________________________________________


Dell Forum Member since 2,000


 Use OpenDNS   MalwareBytes' Anti-Malware Free


Windows 10 Pro (64- Bit): Malwarebytes 4.x Premium, Windows Defender AV, Windows Firewall, WinPatrol PLUS, Emsisoft Emergency Kit Free and HitmanPro Free (on-demand scanners), OpenDNS, MVPS Hosts file, SpywareBlaster, Pale Moon web browser, Sandboxie, CCleaner Free.


"In the future, everyone will be anonymous for 15 minutes" - Banksy

0 Kudos
PudgyOne
8 Krypton

RE: MalwareBytes now detecting many Auslogics products as "PUPs"

Joe,

Older versions of Auslogics Disk Defragger can be found HERE.

If I click on System Health, I get...

Registry errors = 7579

Junk Files = 3412

But I NEVER do anything about them. I like the Defragger part.

Rick


#DellRockstar

Welcome to Dell Community!

#DellWorld 2012
#DellWorld 2015
#Dell EMC World 2016

#MicrosoftMVP - Windows Expert-Consumer April 1, 2012 to March 31, 2015

This is a Dell User Forum. I am a Dell user, just like you are.
0 Kudos
joe53
6 Gallium

RE: MalwareBytes now detecting many Auslogics products as "PUPs"

Hey Rick - thanks!

I downloaded Disk Defrag 4.4.0.0 (Released: 28 Nov 2013), which I believe is the last version that came without unwanted bundled junk, from:
filehippo.com/.../

It installed cleanly, and didn't mess with my browser. Nothing was added to my startup list, or to my services. No ads for wretched registry cleaners. I had to toggle off the setting to notify me of updates. And if I ignore the "System Health" tab, I won't have to see all those registry entries and junk files that are not in need of "cleaning".

_________________________________________


Dell Forum Member since 2,000


 Use OpenDNS   MalwareBytes' Anti-Malware Free


Windows 10 Pro (64- Bit): Malwarebytes 4.x Premium, Windows Defender AV, Windows Firewall, WinPatrol PLUS, Emsisoft Emergency Kit Free and HitmanPro Free (on-demand scanners), OpenDNS, MVPS Hosts file, SpywareBlaster, Pale Moon web browser, Sandboxie, CCleaner Free.


"In the future, everyone will be anonymous for 15 minutes" - Banksy

0 Kudos
ky331
7 Gold

RE: MalwareBytes now detecting many Auslogics products as "PUPs"

Joe,

Glad you were able to download/install a clean(er) version.    But to emphasize, my MBAM scans still had PUP objections to versions 4.4.0.0 and 4.4.1.0 --- probably "guilt-by-association" with analogous files in the newer versions.  

I am happy with my results/performance with 4.4.x, and intend to keep it... settings exclusions for any "objections" found by MBAM.

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
PudgyOne
8 Krypton

RE: MalwareBytes now detecting many Auslogics products as "PUPs"

I spoke too soon. Just ran Malwarebytes and it detected the pups...

Registry Keys: 1
PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1, Quarantined, [b78f8d5a0397082efc62c4e3d92744bc],


Folders: 2
PUP.Optional.AuslogicsDiskDefrag, C:\Users\Rick\AppData\Roaming\Auslogics\Disk Defrag, Quarantined, [163033b40397270f95d7a7004ab608f8],
PUP.Optional.AuslogicsDiskDefrag, C:\Users\Rick\AppData\Roaming\Auslogics\Disk Defrag\Reports, Quarantined, [163033b40397270f95d7a7004ab608f8],

Files: 2
PUP.Optional.AuslogicsDiskDefrag, C:\Users\Rick\AppData\Roaming\Auslogics\Disk Defrag\Reports\Disk_Defrag_Report.html, Quarantined, [163033b40397270f95d7a7004ab608f8],
PUP.Optional.AuslogicsDiskDefrag, C:\Users\Rick\AppData\Roaming\Auslogics\Disk Defrag\Reports\Disk_Defrag_Report.xml, Quarantined, [163033b40397270f95d7a7004ab608f8],

Rick


#DellRockstar

Welcome to Dell Community!

#DellWorld 2012
#DellWorld 2015
#Dell EMC World 2016

#MicrosoftMVP - Windows Expert-Consumer April 1, 2012 to March 31, 2015

This is a Dell User Forum. I am a Dell user, just like you are.
0 Kudos