Jump to content

Fatdcuk

Staff
  • Content Count

    20,723
  • Joined

Posts posted by Fatdcuk


  1. Hi Rosalie and welcome to the Malwarebytes support forums.

     

    Upon revisiting the 4 reported softwares i can report back  that both Ultra eBook Reader and Ultra File Opener were false positive detections and can confirm that those detections have been removed.

     

    However both PC TuneUp Maestro and PC Clean Maestro are being classified as Potentially Unwanted Program because of the following compounded behaviors observed in the past weeks.

     

    #1 Both software have been seen distributed via multiple mainstream download wrappers where they are pre checked for installation(eg Opt out)

     

    * Since its well known that most end users are duped by dark patterns or obscure opt out mechanisms used by most download wrappers into installing software then it comes as no surprise that many end users see software delivered this way as unwanted and complain because of that.

     

    #2 The software sets itself to run at system start up and sets additional system tasks, it scans the persons machine and then wants payment/registration in order to action any found issue's.

     

    This continues every time the user logs in until either purchased, uninstalled or they have located where in the software settings(or operating system)  they can uncheck for it too no longer run either via system start up or by the additional scheduled tasks.

     

    Additionally it offers no time limited functionality or partial functionality to action any of those reported issues to provide some proof of *value* before purchase.


  2. Hi Eagleeye ,

     

    We added detection for the Ask Partner Network Toolbar  installer(s) earliar today and hence why the files have suddenly become detected out of the blue.

     

    They are PUP detections (not malware or malicious) so no need to worry :)

     

    You can either allow Malwarebytes to remove them or create an ignore rule for each if you do not want the files to be detected again.


  3. Hi guys,

     

    I hope you don't mind me piggybacking on the back of this but I just got a similar warning for the powerdvd 10 version of this file, does the false positive mean I should restore the file, make sure I get the database update and rescan just to be sure?

     

    Thanks

     

    Hi RangeFinder

     

    Yes please restore the file, update to the most current database and the detection should no longer occur.


  4. Hi :)

     

    The log attached does not show any detection(s) at all so without knowing what detection MBAM has made it is hard to divine whether or not it is a F/p detection.

     

    As far as adding the file to the ignore list. This will prevent us from checking that files contents.Which in a scenario where something has set a bad homepage, newtab or startup Url for Chrome browser. We would not be able to detect and apply a fix if one is required.


  5. Hi and welcome to the Malwarebytes Support forum :)

     

    Please see here >

    http://www.bleepingcomputer.com/virus-removal/remove-games-bot

     

    These resource issues\behaviours were present when reviewed and initial detections were created for this software.

     

    Also please see here >

    https://www.virustotal.com/en/file/041d31762553c6e80614b5c96a6c44485a10bb24ad2062423871031d6c1312b5/analysis/

     

    For details of our PUP listing criteria and how to appeal a classification please read here >

    https://forums.malwarebytes.org/index.php?/topic/130207-pupoptional-listings-and-disputes/


  6. Hi Schiffy and welcome to the Malwarebytes support forums :)

     

    If you navigate to the folder where "prefs.js" file is located.

     

    Is there a file called "user.js" present ?

     

    If so please take the following actions.

     

    First close/exit Firefox

    Delete "User.js" file if it exists in the same folder as "Prefs.js"

    Rescan with Malwarebytes and if the detection is made then allow MBAM to fix it.

    Restart your computer.

     

    Please then rescan to verify whether the detection still persist.

     

    Thanks in advance :)


  7. Hi,

     

    We detect the installer and toolbar as "PUP.Optional" . PUP meaning potentially unwanted program.

     

    The reason for this classification is based upon multiple checkpoints based on behavior and support evidences.

     

    Predominantly we have seen the toolbar pushed by multiple download wrappers(DomalIQ, Firsiera etc) where the installation is pre-checked (Opt out). and both the homepage and search engine modifications are pre-checked (Opt out ).

    Whilst bundling is a legal marketing method having opt out installs pre-checked are aimed deliberately at maximizing install #'s and in no way serve the end user's requirements(or else all offers would be "Opt in" on a download wrapper with no pre-checking or opt out required).

     

    post-1856-0-99748100-1411222779_thumb.jp

     

    Supplied installer.

     

    VirusTotal check would say some others agree.

    https://www.virustotal.com/en/file/30829b76847fc4332bdb662e92677f8789a6c8d3e7e87874aaace99cbd6065b5/analysis/

     

    Verifying the supplied installer also is pre-populated check box for search and homepage modification.

     

    Observations whilst toolbar was currently installed.

     

    #1 My Firefox new tab has changed from default to the following (this occurred on an install where i deselected permissions to modify both my search engines and homepage.)

     

    post-1856-0-90536900-1411308135_thumb.jp

     

    #2 Whilst making this post i was served a Bubble Ad for  3 coupons for Malwarebytes discount was served.

     

    The bubble ad although clearly offering a "do not show me again" check function but showed no "Ownership" indicator.

     

    post-1856-0-69070600-1411059414_thumb.jp

     

    Searching the name string "MyStart Toolbar" on Google renders the following results which would suggest there is a groundswell in the community that believe the toolbar to be a PUP application.

    https://www.google.co.uk/?gws_rd=ssl#q=mystart+toolbar

     

    Please read this post for further details on our potential listing criteria and how to appeal a classification.

     

    https://forums.malwarebytes.org/index.php?/topic/130207-pupoptional-listings-and-disputes/#entry708616

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.