Jump to content

Fatdcuk

Staff
  • Content Count

    20,723
  • Joined

Posts posted by Fatdcuk


  1. HI cariliv and welcome to the MBAM support forum.

    If you restart your computer first then attempt to restore from quarantine does the message persist ?

    You will also have to restart the computer again after items have been restored from quarantine.

    Next run another MBAM scan and when you get to the results page please make sure that all Boost Speed detection lines/boxes are unchecked and then ask MBAM to remove them.

    This will generate a window asking if you would like to ignore those detections one time or always.

    Select always and detections of Boost Speed should no longer persist on subsequent MBAM scans.


  2. Hi guys :)

     

    We added Auslogics Disc Defrag recently after we moved our listing criteria recently to be more aggressive on PUP's

    https://blog.malwarebytes.com/malwarebytes-news/2016/10/malwarebytes-gets-tougher-on-pups/

     

    If however you dont consider the detection to be valid then please at the end of a threatscan uncheck all related detection results and select remove all. This will generate a UI window where you can select add to ignore list and the detections will occur no more.

     


  3. Hi Simon

    We are detectiong that file as PUP.Optional.DownloadGuide and this is not a False Positive detection.

    We do not detect your software (or when it is installed) but we correctly identify the download wrapper as a Potentially Unwanted Program.

    1.jpg

     

    2.jpg

    Quite a few other AV companies agree with this conclusion on this file.

    https://www.virustotal.com/en/file/f806e3143f710a6a7315dd3a35f38fdb82c477d7f124d2a0aa86516cf328c72c/analysis/

    Please see here for further details of our PUP detection policy and if you wish to dispute this classification.

    https://www.malwarebytes.com/pup/

     

     


  4. Hi Tobi_Alafin,

    Not to worry about uploading your quarantine contents.

    I have reviewed your MBAM scan logs and cannot find any f/p detection which leaves only one other sceanrio.

    It is possible that we have failed to fix a part of the hijacker and this has had a colateral effect. Sorry for this happening to you but we will need to run some diagnostic tools to enable us to repair any previously missed fix.

    FRST.gif Scan with Farbar Recovery Scan Tool

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
      (XP users click run after receipt of Windows Security Warning - Open File).
    • When the tool opens click Yes to disclaimer.
    • Make sure that Addition option is checked.
    • Press Scan button and wait.
    • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

     


    Please copy and paste their content into your next reply.

    Thanks in advance :)

     


  5. Hello Ashish Parihar and welcome back to the Malwarebytes support forums :)

     

    Please see our PUP listing criteria here (https://www.malwarebytes.org/pup/ ) with reference to the following criterias.

    #1 -Registry Cleaners, Optimizers, Defragmenters.

    Quote

    Microsoft has officially stated that they do not support the use of registry cleaners as shown here:

    https://support.microsoft.com/en-us/kb/2563254 Many of these are installed as part of “bundlers” or “wrappers” and the end user is left with a program that performs a scan at startup and presents a report in an alarmist fashion, stating that a large number of errors are present in the registry. Our testing has shown that these programs will always find errors in the registry, even on a freshly installed operating system. As such this behaviour qualifies for a PUP classification.

    On my clean and stable research OS  many errors were found and in our opinion most of these system issues are overstated to induce an end user into thinking that your software is needed as their computer has many issues in need of fixing.

    Noname.jpg

    Apon selecting start repair then your purchase page is opened up in the default system browser so confirms no free trial or part free functionabilty available.

    Although niether of those are required for any software(or a reason for PUP listing) they both however would display your confidence in your product as a worthwhile purchase and also give the end user a chance to evaluate whether your software offers any value before purchasing.

    #2 -Malicious bundling

    Is your application in a bundle where some of the accompanying applications are malicious or already classified as a PUP?

    In the past 6 months the application has been seen heavily distributed by the InstallCore/Ironside download wrapper where it has accompanied other softwares that we have classified as PUP.

    For the combination of reasons listed above we will still be listing this sofware as PUP but should the software be modified to reflect our reasons for listing then we will be happy to review once more.

     


  6. Hello Ashish Parihar and welcome to the Mlawarebytes support forums :)

    Apon re-evaluation of your reported software we will be delisting detection for it shortly.

    We should advise you this software appears to be very closely cloned to other PUP software so we will be monitoring it going forward for any negative behavioural changes that might result in it being potentially listed again.


  7. Hi Ian2016 and welcome back to the Malwarebytes support forums :)

    I have revisted your website and collected the currently distributed installer for FixMyPC and loaded up for re-assessment and to verify what you have conveyed has changed.

     

    #1 Bundling

    On running the installer i am presented with your install window which includes your additional software prechecked for install as before and occupying a single non prominent line in the UI.

    It is your prerogative to include additional software but including additional software is bundling(especially when prechecked for install and the additional install is not given as equal prominence in that install window as the initial intended install. A lot of users would unwittingly install the extra software although they would not have  knowingly solicited it.

    Bundler.jpg

     

    Quote

    1. Bundling. We may offer one additional product (our own product, not a third party one) as a bundle that is tailored to work together to ensure maximum synergy for keeping PC in a good condition. Also, in your criteria you mention containing malicious bundling, which is not our case as well.  

    After declining your additional software and accepting the initial downloaded software then i am presented with this window offering a 3rd party application.

    Bundler1.jpg

    After declining that 3rd party offer i am then given yet another offer 3rd party offer.

    Bundler2.jpg

     

    Alarmist detections

    Our original observations in the linked original topic still stand that detections are reported in an alarmist fashion.

    Red font with the use of the word "severe" would make a user perceive something as being super bad for their computer when in fact in my case those detections are not.

    severe.jpg

     

    severe2.jpg

     

    We are glad you bring Nortons equivilent software as a comparitive example as you will see they are not using red font or using the word "severe" in reporting their findings on a computer.Their reporting of detections is considered to be a lot less alarmist because of that.

    Based on a compound of reasons listed either in the original review that were not changed and now the additional 3rd party software bundling we will continue to detect this Fix-my-PC as PUP software.

    Please see our official listing criteria here and how to appeal if you disagree with our continued reasons for listing your software.

    https://www.malwarebytes.org/pup/

    If you are willing to address the above reasons for listing we would be happy to re-evaluate the software at such a time.

     

     


  8.  

    Hi Ian2016 and welcome to the Malwarebytes Support forums again :)

     

    After re-evaluating your software  Fix-my-PC we consider it still to be classified as a PUP (Potentially Unwanted Program).

    Our collective reasoning for doing so are as follows.

    #1 Bundling >> The supplied installer bundles a secondary software (Pre-checked for install).Bundling.jpg

    #2 No free time limited trial or partial free functionabilty to allow a potential customer to make a valued decision with out first purchasing the product.On the first run when removal is selected will lead to this.

    scan removal select.jpg

     Subsequent scans apon completion automatically open your payment page with the system default browser before any action is selected.

    scan.jpg

     

     

    #3 Alarmist detections after running the software on a very stable and relatively clean Windows 10 install i was shocked to find that i had "severe" issues that would require purchase of your product to fix.

    On closer inspection these turned out to be nothing more then either system orphaned uninstaller registry values, empty uninstaller folder references or orphaned windows firewall exception keys of which none would constitute any form of nearing "severe" system instabilty. In fact i was blissfully unaware they were even present such was the stabilty of the computer used to re-evaluate your software on.

    As such the way the results are listed and described it would appear you are trying to scare users into purchasing your product.Alarmist uninstaller.jpg

    firewall rules alarm.jpg

    #4 Exit program should mean exit and not another unsolicited attempt at targeting a purchase. When the software is exited in the taskbar the following window is created.

    exit tray.jpg

     

    #5 We have had numerous users who have submitted the software to us as unwanted and additionally WOT would suggest there are many disatified customers for your company/products/services.

    https://www.mywot.com/en/scorecard/tweakbit.com?utm_source=addon&utm_content=popup-donuts

    As you can see this is a combination of check points/behaviours that compound and give us a reason for listing Fix-my-PC as PUP.

    Please see our official listing criteria here and how to appeal if you disagree with our reason for listing your software.

    https://www.malwarebytes.org/pup/

    If you are willing to address the above reasons for listing we would be happy to re-evaluate the software at such a time.


  9. Hi Ian2016 and welcome to the Malwarebytes Support forums :)

     

    After re-evaluating your software PC-cleaner we consider it still to be classified as a PUP (Potentially Unwanted Program).

    Our collective reasoning for doing so are as follows.

    #1 Bundling >> The supplied installer bundles a secondary software (Pre-checked for install).

    Bundling.jpg

     

    #2 No free time limited trial or partial free functionabilty to allow a potential customer to make a valued decision with out first purchasing the product.All options when removal is selected lead to this.

    Purchase-activation.jpg

    #3 Dubious cleaning option in itself (System files) > Prefetch files to increase detection counts.

    Please read here >> http://windows.microsoft.com/en-gb/windows-vista/what-is-the-prefetch-folder

     

    Quote

    The prefetch folder is self-maintaining, and there's no need to delete it or empty its contents. If you empty the folder, Windows and your programs will take longer to open the next time you turn on your computer.

     

    prefetch.jpg

     

    #4 Exit program should mean exit and not another unsolicited attempt at targeting a purchase. When the software is exited in the taskbar the following window is created.

    task bar exit.jpg

    #5 Items placed on the computer by the installation of your software are listed as files that you want payment for removing.

    This was confirmed by removing all available files that you would list for removal from my computer then installing your software only.

    Install files in %TEMP%

    temp files.jpg

    When your software is installed it launches the system default browser to launch your webpage. In my case this is Google Chrome and in doing so you created files in my Chrome cache which you want payment to remove.

    StartPage.jpg

    Google cache.jpg

     

    #6 We have had numerous users who have submitted the software to us as unwanted.

     

    As you can see this is a combination of check points/behaviours that compound and give us a reason for listing PC-Cleaner as PUP.

     

    Please see our official listing criteria here and how to appeal if you disagree with our reason for listing your software.

    https://www.malwarebytes.org/pup/

    If you are willing to address the above reasons for listing we would be happy to re-evaluate the software at such a time.

     

    To close off one oddity we did find whilst re-evaluating the software was the use of the "Norton Secured" logo in some of your UI's whilst Norton/Symantec flag your file at VirusTotal as "PUA.Fixmypc"...very odd :)

    VT.jpg

     

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.