Jump to content

Temporary install files created with InstallMate installer


Recommended Posts

InstallMate is a program for building software installers. I believe it must have been used by someone to build a malware program, and therefore temporary installation files created by InstallMate have been since marked as malware for no good reason. I believe this is a false positive, and - for what it's worth - the maker of InstallMate also thinks so. They say they've been trying to contact Malware Bytes for weeks, but no response or action on your part has been taken.

Please advise if this is a false positive.

MBAM-log-2013-03-18 (12-20-02).txt

Link to post
Share on other sites
  • 4 months later...

A. Carwile:

 

Your installmate files come from WinPatrol.   I just received a similar detection, with MBAM database 2013.08.14.08.

 

 

4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE refers to WinPatrol 28.0.2013.0 (or at least, some current 28.x version)

A62F9CD0-B2E0-4F2A-88F2-79254A3C8539 refers to WinPatrol 26.1.2013.0 (or at least, some other prior version).

 

"The files in this folder are required for a clean update or removal of the above product. Please do not delete them".

Link to post
Share on other sites

A. Carwile:

 

Your installmate files come from WinPatrol.   I just received a similar detection, with MBAM database 2013.08.14.08.

 

 

4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE refers to WinPatrol 28.0.2013.0

A62F9CD0-B2E0-4F2A-88F2-79254A3C8539 refers to WinPatrol 26.1.2013.0

 

 

"The files in this folder are required for a clean update or removal of the above product. Please do not delete them".

OK... so what do I do with that info.... ?

Link to post
Share on other sites

I suggest we wait for an official response from someone on the MalwareBytes team, now that this issue has been brought to their attention.

 

Given the response on 18 March (above) that it was indeed an F/P then, I would expect the same result now.

 

A PUP is a Potentially Unwanted Program, so there is room for debate there (in general).   But I would suspect that no one would consider WinPatrol's UNinstaller to be a PUP.   I am taking for granted that MBAM can determine which program (e.g., WinPatrol) is being uninstalled in these cases.

 

If you delete the WinPatrol-related files, you'll "break" WinPatrol's ability to uninstall itself.   [This isn't as critical as it sounds... because if you re-install WinPatrol over itself, it will re-create these files, allowing you to then properly uninstall it.]

 

In the event that MBAM decides to stick with this classification, keep in mind that a PUP is ultimately a user-choice:  what one person deems "unwanted", another person might consider useful.   Knowing that my "PUPs" came from WinPatrol, I intend to keep them regardless.

Link to post
Share on other sites

Sunriseal,

 

The problem that A. Carwile and I experienced was for InstallMate -- specifically, the UNinstaller (and related files) used by WinPatrol.   This issue has indeed been addressed/fixed as I noted above.

 

When you mentioned "a bunch of InstallMate files", I assumed (perhaps erroneously) that you were referring to precisely the same issue [and nothing more].    When you subsequently posted your log, it then became clearer that your issue was SweetPacks/SweetIM and Conduit --- you'll note that InstallMate is not mentioned in your log at all.

 

As miekiemoes mentioned, SweetPacks and Conduit are a different matter (than InstallMate/WinPatrol).

Link to post
Share on other sites

sunriseal,

 

Your detections are no False Positives, but PUP detections.

PUP means, Potentially Unwanted Program, so this isn't malware.

Please see here: http://forums.malwarebytes.org/index.php?showtopic=130207

You are aboslutely correct. Sorry for the "false alram"...

 

After a decent nite's sleep (needed badly) I ran MB again and removed those PUP detections and all is now good.

 

Those files have been on my system for some time and after last nite's database it suddenly reported them (had not with prior database update afew hours earlier). All that coupled with the false positive an hour or so earlier and lack of sleep contributed to the 'perfect storm'.. <grin

 

Al

Link to post
Share on other sites

Sunriseal,

 

The problem that A. Carwile and I experienced was for InstallMate -- specifically, the UNinstaller (and related files) used by WinPatrol.   This issue has indeed been addressed/fixed as I noted above.

 

When you mentioned "a bunch of InstallMate files", I assumed (perhaps erroneously) that you were referring to precisely the same issue [and nothing more].    When you subsequently posted your log, it then became clearer that your issue was SweetPacks/SweetIM and Conduit --- you'll note that InstallMate is not mentioned in your log at all.

 

As miekiemoes mentioned, SweetPacks and Conduit are a different matter (than InstallMate/WinPatrol).

I was reporting the SAME issue as u folks did... the log posted was AFTER I had run the database update15.1 which did fix the InstallMate issue... see my post from a few minutes ago... should explain all..

Link to post
Share on other sites
  • 1 month later...

Today did a quick scan (10/4/13) and InstallMate files have been detected. 

Why I'm posting. First, even though I own WinPatrol, it's never been installed on this PC yet these files are in the C:\Program Data\InstallMate folder.

 

No pc issue's, no other malware detected, just InstallMate. All PUP detections. All I can say is how sneaky! Apparently these files are just to install their install maker program. 

 

It may be fine software but the way it found itself to my pc is to my way of thinking not ethical, and creepy.

 

Attached is everything including MBAM log file.

InstallMate.zip

MBAM-log-2013-10-04 (14-20-37).txt

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.