Jump to content
marcor

False positive detection

Recommended Posts

Dear Support,

 

Your antivirus detected our product as PUP.Optional.MyStartTB.A malware . This is a false positive detection. Can you remove it please?

 

The exe file is available at http://toolbar.mystart.com/ or http://toolbar.mystart.com/download/mystartTb_5.4.2.6.exe .

 

I attached the exe file in zip with infected password .

 

if you have question, let me know.

 

Best regards,

 

Marco Ribeiro

log_malwarebytes.txt

Share this post


Link to post
Share on other sites

Hi,

 

We detect the installer and toolbar as "PUP.Optional" . PUP meaning potentially unwanted program.

 

The reason for this classification is based upon multiple checkpoints based on behavior and support evidences.

 

Predominantly we have seen the toolbar pushed by multiple download wrappers(DomalIQ, Firsiera etc) where the installation is pre-checked (Opt out). and both the homepage and search engine modifications are pre-checked (Opt out ).

Whilst bundling is a legal marketing method having opt out installs pre-checked are aimed deliberately at maximizing install #'s and in no way serve the end user's requirements(or else all offers would be "Opt in" on a download wrapper with no pre-checking or opt out required).

 

post-1856-0-99748100-1411222779_thumb.jp

 

Supplied installer.

 

VirusTotal check would say some others agree.

https://www.virustotal.com/en/file/30829b76847fc4332bdb662e92677f8789a6c8d3e7e87874aaace99cbd6065b5/analysis/

 

Verifying the supplied installer also is pre-populated check box for search and homepage modification.

 

Observations whilst toolbar was currently installed.

 

#1 My Firefox new tab has changed from default to the following (this occurred on an install where i deselected permissions to modify both my search engines and homepage.)

 

post-1856-0-90536900-1411308135_thumb.jp

 

#2 Whilst making this post i was served a Bubble Ad for  3 coupons for Malwarebytes discount was served.

 

The bubble ad although clearly offering a "do not show me again" check function but showed no "Ownership" indicator.

 

post-1856-0-69070600-1411059414_thumb.jp

 

Searching the name string "MyStart Toolbar" on Google renders the following results which would suggest there is a groundswell in the community that believe the toolbar to be a PUP application.

https://www.google.co.uk/?gws_rd=ssl#q=mystart+toolbar

 

Please read this post for further details on our potential listing criteria and how to appeal a classification.

 

https://forums.malwarebytes.org/index.php?/topic/130207-pupoptional-listings-and-disputes/#entry708616

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.