Jump to content

Venis Registry Keys?

bionic_barry
 Share

Recommended Posts

bionic_barry

bionic_barry

Posted
Posted

This is a weird one that I came across this morning. I have a client that runs Malwarebytes Pro and Advanced SystemCare 9.4. Both are paid versions. I'm well aware of the IOBit theft, but I can't convince this client to remove it since it was paid and annually renewed. They upgraded to version 9.4 yesterday, and have an automatic Malwarebytes scan scheduled daily for 3am. This morning, they called me in a panic because all of their systems shows malware scan results of 474 PUPs. When I reviewed, the log, the majority were PUP.Optional.AdvancedSystemCare and PUP.Optional.DriverBooster, but there were 3 entries found for PUP.Optional.Venis. I'm not sure if these are associated with Venis Ransomware or if these are something else. There are no symptoms of an infection and the entries point to Advanced System Care registry keys. Are all of these entries false flags? Are they safe to ignore? Were these additions to the database intentional due to an actual threat, or is it due to bad blood with IOBit? I'm trying to give a recommendation based on facts, so I thought I'd inquire. Thanks in advance!

Link to post
Share on other sites
Aura

Aura

Posted
Posted

Hi bionic_barry :)

The IObit detections were added following Malwarebytes' new and more agressive stance on PUPs. For more information, you can check out the thread below.

https://forums.malwarebytes.org/topic/189093-new-criteria-for-detecting-potentially-unwanted-products-pups/

This being said, are you able to copy/paste the PUP.Optional.Venis entries here so we can check them? Since they are flagged as PUP.Optional, I doubt they are related to the Venis Ransomware (and I've never heard of a Ransomware dubbed Venis).

Link to post
Share on other sites
bionic_barry

bionic_barry

Posted
  • Author
Posted

Thanks for looking into that. I'd never seen that PUP.Optional.Venis before, and couldn't find any resources on Google. The closest I could find was referencing a Venis Ransomware posted on 10/5/2016. In any case, I'll disregard these for now, but I'm really going to push them to remove all IOBit products and not to renew, but it seems like playing Donkey Kong. Thanks for the help.

Link to post
Share on other sites
PaidCustomer

PaidCustomer

Posted
Posted

Greetings -

First time here, so don't want to be too grouchy, but this feud that you all are having with IObit is costing me time, and that's money. To pop up a notice telling me that it is "POTENTIALLY" unwanted software is fine I suppose - although if it shows up as registered, then you should know it is wanted, as I'm not in the habit of paying for things I don't want. But to quarantine the product and pop up dozens of "Non-malware Detected" notices - even after I have REPEATEDLY clicked the button - is unacceptable. Now the program will not start as a .dll file is missing. and other parts of it (like the registered Driver Booster) won't work properly. Indeed, your software has become the malware!

Frankly, I don't see why you all didn't just do a license agreement to combine your virus definitions for the benefit of your respective customers - which often are the same people because they buy both programs - not for the different definitions, but for the different feature sets. It's all very unprofessional and amateurish.

In any event, I must demand that a proper update to your software be issued immediately. This problem just began, so I know rolling it back should not be that difficult for you. Additionally, I would specific instructions on how to completely restore the functionality of my paid IObit applications. Please make every effort to respond to my demands in the most timely manner possible, as again, this is a complete waste of my time.

ASN

Link to post
Share on other sites
Aura

Aura

Posted
Posted

Hi PaidCustomer :)

You can set an exclusion in Malwarebytes to exclude IObit files and folders if you wish. This way, Malwarebytes won't target them anymore.

https://www.malwarebytes.com/support/guides/mbam/MalwareExclusions.html

You can also change the Malwarebytes settings to warn/not warn about PUP and/or PUM detections as well.

detection-protection.jpg

As for the files that were quarantined by Malwarebytes, simply head to the History tab, followed by Quarantine, select the files you want to restore and click on the Restore button. This should restore your IObit programs functionnality. If not, let us know.

Additionally, Malwarebytes started targetting some of IObit products following a change in their PUP policy so they can target more products that have been reported by numerous users worldwide as being annoying, not wanted, etc.

https://forums.malwarebytes.org/topic/189093-new-criteria-for-detecting-potentially-unwanted-products-pups/

If you want more detailled instructions, let me know and I'll help you.

Note: I am not a Malwarebytes employee, I'm simply a mere volunteer on their forums.

Link to post
Share on other sites
PaidCustomer

PaidCustomer

Posted
Posted

Not sure how it manifests itself on others boxes, but on mine, it has a popup for every single file that is in the IObits application. It's totally uncalled for. And no, I don't want to turn off PUP notifications, but I also don't want to be used as some pawn in a vendetta between two companies arguing over something that should have been handled in a more professional manner. If there was an IP violation it should have been pursued through legal channels and not turned into some social media battle and extended in such as way that it interrupts my work and requires me to spend time learning what actions I need to take to counteract Malwarebytes effort to undermine IObits. Either grow up or just give me a refund and I'll find a more professionally managed product.

 

Link to post
Share on other sites
Aura

Aura

Posted
Posted

In that case, you simply have to exclude IObit files and folders (I posted a link with the instructions in my previous post) so Malwarebytes won't detect them anymore. Simple as that.

Also like I've said, I doubt this is a personal vendetta, Malwarebytes is only applying their revised PUP criteria on products that weren't targetted under the old criteria, but now are. You'll notice that other programs, such as SpyHunter are also being targetted, and Malwarebytes doesn't have a personal "vendetta" against them.

Link to post
Share on other sites
Aura

Aura

Posted
Posted

I'm giving you a solution that has been proposed earlier by a Malwarebytes employee, so I thought this was a good solution. Also, I'm a volunteer here and I do my best to assist users that have issues with Malwarebytes and/or their programs. If you don't like my advice, you are free to ignore them.

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.