Jump to content
jkaleta

Temporary install files created with InstallMate installer

Recommended Posts

InstallMate is a program for building software installers. I believe it must have been used by someone to build a malware program, and therefore temporary installation files created by InstallMate have been since marked as malware for no good reason. I believe this is a false positive, and - for what it's worth - the maker of InstallMate also thinks so. They say they've been trying to contact Malware Bytes for weeks, but no response or action on your part has been taken.

Please advise if this is a false positive.

MBAM-log-2013-03-18 (12-20-02).txt

Share this post


Link to post
Share on other sites

Hi,

This is the log you attached again. Can you zip and attach the detected file?

_Setup.dll

Looks like you figured it out already :)

Share this post


Link to post
Share on other sites

Just had Malwarebytes bring up a series of InstallMate files.  Is it possible that these are benign install/uninstall files?  I havn't installed anything recently, intentionally.  I wonder if this is the previous false positive recurring...

 

A. Carwile

 

MBAM-log-2013-08-14 (16-52-07).txt

Share this post


Link to post
Share on other sites

This is a False Positive indeed and will be fixed in next database update. Thanks for reporting!

 

Just started reporting a bunch of InstallMate files... I am sure there has been a database update since this was reported....

 Where do we go from here?

Share this post


Link to post
Share on other sites

A. Carwile:

 

Your installmate files come from WinPatrol.   I just received a similar detection, with MBAM database 2013.08.14.08.

 

 

4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE refers to WinPatrol 28.0.2013.0 (or at least, some current 28.x version)

A62F9CD0-B2E0-4F2A-88F2-79254A3C8539 refers to WinPatrol 26.1.2013.0 (or at least, some other prior version).

 

"The files in this folder are required for a clean update or removal of the above product. Please do not delete them".

Share this post


Link to post
Share on other sites

A. Carwile:

 

Your installmate files come from WinPatrol.   I just received a similar detection, with MBAM database 2013.08.14.08.

 

 

4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE refers to WinPatrol 28.0.2013.0

A62F9CD0-B2E0-4F2A-88F2-79254A3C8539 refers to WinPatrol 26.1.2013.0

 

 

"The files in this folder are required for a clean update or removal of the above product. Please do not delete them".

OK... so what do I do with that info.... ?

Share this post


Link to post
Share on other sites

I suggest we wait for an official response from someone on the MalwareBytes team, now that this issue has been brought to their attention.

 

Given the response on 18 March (above) that it was indeed an F/P then, I would expect the same result now.

 

A PUP is a Potentially Unwanted Program, so there is room for debate there (in general).   But I would suspect that no one would consider WinPatrol's UNinstaller to be a PUP.   I am taking for granted that MBAM can determine which program (e.g., WinPatrol) is being uninstalled in these cases.

 

If you delete the WinPatrol-related files, you'll "break" WinPatrol's ability to uninstall itself.   [This isn't as critical as it sounds... because if you re-install WinPatrol over itself, it will re-create these files, allowing you to then properly uninstall it.]

 

In the event that MBAM decides to stick with this classification, keep in mind that a PUP is ultimately a user-choice:  what one person deems "unwanted", another person might consider useful.   Knowing that my "PUPs" came from WinPatrol, I intend to keep them regardless.

Share this post


Link to post
Share on other sites

Looks like the issue has been FIXED with the release of database 2013.08.15.1

Share this post


Link to post
Share on other sites

Sunriseal,

 

The problem that A. Carwile and I experienced was for InstallMate -- specifically, the UNinstaller (and related files) used by WinPatrol.   This issue has indeed been addressed/fixed as I noted above.

 

When you mentioned "a bunch of InstallMate files", I assumed (perhaps erroneously) that you were referring to precisely the same issue [and nothing more].    When you subsequently posted your log, it then became clearer that your issue was SweetPacks/SweetIM and Conduit --- you'll note that InstallMate is not mentioned in your log at all.

 

As miekiemoes mentioned, SweetPacks and Conduit are a different matter (than InstallMate/WinPatrol).

Share this post


Link to post
Share on other sites

sunriseal,

 

Your detections are no False Positives, but PUP detections.

PUP means, Potentially Unwanted Program, so this isn't malware.

Please see here: http://forums.malwarebytes.org/index.php?showtopic=130207

You are aboslutely correct. Sorry for the "false alram"...

 

After a decent nite's sleep (needed badly) I ran MB again and removed those PUP detections and all is now good.

 

Those files have been on my system for some time and after last nite's database it suddenly reported them (had not with prior database update afew hours earlier). All that coupled with the false positive an hour or so earlier and lack of sleep contributed to the 'perfect storm'.. <grin

 

Al

Share this post


Link to post
Share on other sites

Sunriseal,

 

The problem that A. Carwile and I experienced was for InstallMate -- specifically, the UNinstaller (and related files) used by WinPatrol.   This issue has indeed been addressed/fixed as I noted above.

 

When you mentioned "a bunch of InstallMate files", I assumed (perhaps erroneously) that you were referring to precisely the same issue [and nothing more].    When you subsequently posted your log, it then became clearer that your issue was SweetPacks/SweetIM and Conduit --- you'll note that InstallMate is not mentioned in your log at all.

 

As miekiemoes mentioned, SweetPacks and Conduit are a different matter (than InstallMate/WinPatrol).

I was reporting the SAME issue as u folks did... the log posted was AFTER I had run the database update15.1 which did fix the InstallMate issue... see my post from a few minutes ago... should explain all..

Share this post


Link to post
Share on other sites

Today did a quick scan (10/4/13) and InstallMate files have been detected. 

Why I'm posting. First, even though I own WinPatrol, it's never been installed on this PC yet these files are in the C:\Program Data\InstallMate folder.

 

No pc issue's, no other malware detected, just InstallMate. All PUP detections. All I can say is how sneaky! Apparently these files are just to install their install maker program. 

 

It may be fine software but the way it found itself to my pc is to my way of thinking not ethical, and creepy.

 

Attached is everything including MBAM log file.

InstallMate.zip

MBAM-log-2013-10-04 (14-20-37).txt

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.