Jump to content

PUP'S


Wittmann
 Share

Recommended Posts

Firstly I apologise if this is the wrong section to put my question.

I have never had this  happen in over 10 years experience and ask  the  experts on this Forum to offer an explanation.

I have used Auslogics to defrag my system weekly for years.

I did my usual Auslogics defrag. I then scanned my PC with MBAM and it found 532 Auslogics PUP's which I quarantined

On a second defrag some days later I again used Auslogics On scanning with MBAM it again picked up.13 Auslogics PUP's.

It seems like every time I am now using Auslogics, it loads many PUP's onto my system.

Any clues ?

MBAM PUPS Auslogics.JPG

Link to post
Share on other sites

I'm getting the same thing. Not only is Auglogics Disk Defrag (ADD) identified as a PUP, so is Wise Registry Cleaner. Like you, I've used ADD for many years, and Wise for a couple of years, and MB never ID'd either as PUPs. The first time it did, I thought there must be some piggy-back malware on ADD (probably the annoying ad for BoostSpeed), so I let MB delete them. BAD DECISION! ADD would not work after that, so I had to download/reinstall it. Wise Registry Cleaner is also NOT a PUP. Incidentally, MB's recent acquisition, AdwCleaner, also ID's the same programs as PUPs.

I contacted MB support about this, and the first response was that they realized they were false positives, had fixed the program, and I needed to download the latest version. I did, and both programs still ID'd these as PUPs. I contacted them again, said the updates were still making false positives. Their response:

NOV 28, 2016  |  12:31PM PST
Larry replied:

According to the Developers, these are not False Positives.

p((. _Larry Tate - *"LDT"*
Consumer Success Specialist & Malware Removal Specialist_
3979 Freedom Circle, 12th Floor
Santa Clara, CA 95054
For the first time in MANY years, I'm having bad thoughts about the current direction of Malwarebytes.

 

Link to post
Share on other sites

I do hope that the MBAM specialists will give a finite answer on this.

If not, as Auslogics is a global favourite I will keep using it and use another reputable scanner instead of MBAM.

I obviously cannot accept a massive PUP display by MBAM every time I defrag.

Link to post
Share on other sites

  • Administrators

Hi @Wittmann,

6 hours ago, Wittmann said:

I obviously cannot accept a massive PUP display by MBAM every time I defrag.

PUPs are set to be quarantined by default, but you can change this by following these steps: https://support.malwarebytes.com/customer/portal/articles/1834873?b_id=6438

Additionally, you can whitelist files and websites you trust by following these steps: https://support.malwarebytes.com/customer/portal/articles/1835326-?b_id=6438

 

Link to post
Share on other sites

  • Staff

Wittman,

These detections can be added to the malwarebytes ignore list in your client and you will not be alerted about them again on further scans.

You can also see this informative post which helps explains why we listed them. Older versions seem ok and can be added to the ignore list. 

 

Edited by shadowwar
Link to post
Share on other sites

17 hours ago, shadowwar said:

Wittman,

These detections can be added to the malwarebytes ignore list in your client and you will not be alerted about them again on further scans.

You can also see this informative post which helps explains why we listed them. Older versions seem ok and can be added to the ignore list. 

 

Brilliant reference Shadowwar, it explains this controversy clearly in terms of PUP authentic definition by MBAM and irresponsibility by Auslogics.

But if Auslogics bombard a users PC with hundreds of meaningless files defined as PUP's by MBAM, I for one do not wish to have my hard drive polluted by these redundant files and therefore using an old version of Auslogics which hides them is not the answer. I will use Piriform Defraggler until if ever Auslogics sort themselves out.

Link to post
Share on other sites

11 December 2016

I have just done a  trial scan after using Auslogics.

There were no infections right along the scan including system files, until the heuristic analysis. It then picked up 14 PUP's.

So, the actual scan procedure appears to be clean, it is during the heuristic analysis that all these PUP's are being found.

The scan covered 323,000 items and lasted 36 minutes.

Can somebody answer why it is the heuristic analysis which is picking up these PUP's  ?

Link to post
Share on other sites

15 hours ago, shadowwar said:

The heuristic portion of the scan looks for registry and entries and install patterns. That is why its picking it up then.

 

Thanks, you really are helpful.

I have a few very reputable AV programs which I run manually as an alternative to MBAM occasionally and none of them specify heuristics as a factor include in their scanning procedure.

None of them have ever picked up any Auslogics PUP's. Does this mean that every time I run Auslogics a quantity of PUP's enter my system and these will keep multiplying until I run MBAM ? As I said, MBAM did find 532 PUP's, perhaps accumulated during the period while I was using Avast AV.

Link to post
Share on other sites

Malwarebytes' Anti-Malware ( MBAM ) does not target scripted malware files.  That means MBAM will not target; JS, JSE,  PY, .HTML, HTA, VBS, VBE, WSF, .CLASS, SWF, SQL, BAT, CMD, PDF, PHP, etc.
It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, RTF, etc.
It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Until MBAM, v1.75, MBAM could not access files in archives but with v1.75 came that ability so it can unarchive a Java Jar (which is a PKZip file) but it won't target the .CLASS files within. Same goes with CHM files (which is a PKZip file) but it doesn't target the HTML files within. MBAM v1.75 and later specifically will deal with; ZIP, RAR, 7z, CAB and MSI for archives. And self-Extracting; ZIP, 7z, RAR and NSIS executables (aka; SFX files).

MBAM specifically targets binaries that start with the first two characters being; MZ
They can be; EXE, CPL, SYS, DLL, SCR and OCX. Any of these files types can be renamed to be anything such as;  TXT, JPG, CMD and BAT and they will still be targeted just as long as the binary starts with 'MZ'.

MZ-binary.jpg

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.