Wittmann Posted December 6, 2016 ID:1077478 Share Posted December 6, 2016 Firstly I apologise if this is the wrong section to put my question. I have never had this happen in over 10 years experience and ask the experts on this Forum to offer an explanation. I have used Auslogics to defrag my system weekly for years. I did my usual Auslogics defrag. I then scanned my PC with MBAM and it found 532 Auslogics PUP's which I quarantined On a second defrag some days later I again used Auslogics On scanning with MBAM it again picked up.13 Auslogics PUP's. It seems like every time I am now using Auslogics, it loads many PUP's onto my system. Any clues ? Link to post Share on other sites More sharing options...
KNRover Posted December 6, 2016 ID:1077500 Share Posted December 6, 2016 I'm getting the same thing. Not only is Auglogics Disk Defrag (ADD) identified as a PUP, so is Wise Registry Cleaner. Like you, I've used ADD for many years, and Wise for a couple of years, and MB never ID'd either as PUPs. The first time it did, I thought there must be some piggy-back malware on ADD (probably the annoying ad for BoostSpeed), so I let MB delete them. BAD DECISION! ADD would not work after that, so I had to download/reinstall it. Wise Registry Cleaner is also NOT a PUP. Incidentally, MB's recent acquisition, AdwCleaner, also ID's the same programs as PUPs. I contacted MB support about this, and the first response was that they realized they were false positives, had fixed the program, and I needed to download the latest version. I did, and both programs still ID'd these as PUPs. I contacted them again, said the updates were still making false positives. Their response: NOV 28, 2016 | 12:31PM PSTLarry replied: According to the Developers, these are not False Positives. p((. _Larry Tate - *"LDT"* Consumer Success Specialist & Malware Removal Specialist_ 3979 Freedom Circle, 12th Floor Santa Clara, CA 95054 For the first time in MANY years, I'm having bad thoughts about the current direction of Malwarebytes. Link to post Share on other sites More sharing options...
Administrators celee Posted December 6, 2016 Administrators ID:1077531 Share Posted December 6, 2016 Hi everyone, I've moved this over to our False Positive section. Our experts can assist you here. Thanks, Cecile Link to post Share on other sites More sharing options...
Wittmann Posted December 7, 2016 Author ID:1077674 Share Posted December 7, 2016 I do hope that the MBAM specialists will give a finite answer on this. If not, as Auslogics is a global favourite I will keep using it and use another reputable scanner instead of MBAM. I obviously cannot accept a massive PUP display by MBAM every time I defrag. Link to post Share on other sites More sharing options...
Porthos Posted December 7, 2016 ID:1077695 Share Posted December 7, 2016 2 hours ago, Wittmann said: I obviously cannot accept a massive PUP display by MBAM every time I defrag. The portable version of Auslogics defrag does not contain any junk and is NOT blocked by MBAM. http://www.majorgeeks.com/mg/get/auslogics_disk_defrag,2.html Link to post Share on other sites More sharing options...
Administrators celee Posted December 7, 2016 Administrators ID:1077751 Share Posted December 7, 2016 Hi @Wittmann, 6 hours ago, Wittmann said: I obviously cannot accept a massive PUP display by MBAM every time I defrag. PUPs are set to be quarantined by default, but you can change this by following these steps: https://support.malwarebytes.com/customer/portal/articles/1834873?b_id=6438 Additionally, you can whitelist files and websites you trust by following these steps: https://support.malwarebytes.com/customer/portal/articles/1835326-?b_id=6438 Link to post Share on other sites More sharing options...
Staff shadowwar Posted December 7, 2016 Staff ID:1077790 Share Posted December 7, 2016 (edited) Wittman, These detections can be added to the malwarebytes ignore list in your client and you will not be alerted about them again on further scans. You can also see this informative post which helps explains why we listed them. Older versions seem ok and can be added to the ignore list. Edited December 7, 2016 by shadowwar Link to post Share on other sites More sharing options...
Wittmann Posted December 8, 2016 Author ID:1077996 Share Posted December 8, 2016 17 hours ago, shadowwar said: Wittman, These detections can be added to the malwarebytes ignore list in your client and you will not be alerted about them again on further scans. You can also see this informative post which helps explains why we listed them. Older versions seem ok and can be added to the ignore list. Brilliant reference Shadowwar, it explains this controversy clearly in terms of PUP authentic definition by MBAM and irresponsibility by Auslogics. But if Auslogics bombard a users PC with hundreds of meaningless files defined as PUP's by MBAM, I for one do not wish to have my hard drive polluted by these redundant files and therefore using an old version of Auslogics which hides them is not the answer. I will use Piriform Defraggler until if ever Auslogics sort themselves out. Link to post Share on other sites More sharing options...
Wittmann Posted December 11, 2016 Author ID:1079223 Share Posted December 11, 2016 11 December 2016 I have just done a trial scan after using Auslogics. There were no infections right along the scan including system files, until the heuristic analysis. It then picked up 14 PUP's. So, the actual scan procedure appears to be clean, it is during the heuristic analysis that all these PUP's are being found. The scan covered 323,000 items and lasted 36 minutes. Can somebody answer why it is the heuristic analysis which is picking up these PUP's ? Link to post Share on other sites More sharing options...
Staff shadowwar Posted December 11, 2016 Staff ID:1079323 Share Posted December 11, 2016 The heuristic portion of the scan looks for registry and entries and install patterns. That is why its picking it up then. Link to post Share on other sites More sharing options...
Wittmann Posted December 12, 2016 Author ID:1079430 Share Posted December 12, 2016 15 hours ago, shadowwar said: The heuristic portion of the scan looks for registry and entries and install patterns. That is why its picking it up then. Thanks, you really are helpful. I have a few very reputable AV programs which I run manually as an alternative to MBAM occasionally and none of them specify heuristics as a factor include in their scanning procedure. None of them have ever picked up any Auslogics PUP's. Does this mean that every time I run Auslogics a quantity of PUP's enter my system and these will keep multiplying until I run MBAM ? As I said, MBAM did find 532 PUP's, perhaps accumulated during the period while I was using Avast AV. Link to post Share on other sites More sharing options...
Wittmann Posted December 12, 2016 Author ID:1079567 Share Posted December 12, 2016 During a discussion on another Forum, one of their experts made this comment :- "MBAM is not an AV, it only scans executable files (which can be read on the MBAM website)." Is this statement really true ? Link to post Share on other sites More sharing options...
David H. Lipman Posted December 12, 2016 ID:1079596 Share Posted December 12, 2016 Malwarebytes' Anti-Malware ( MBAM ) does not target scripted malware files. That means MBAM will not target; JS, JSE, PY, .HTML, HTA, VBS, VBE, WSF, .CLASS, SWF, SQL, BAT, CMD, PDF, PHP, etc. It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, RTF, etc. It also does not target media files; MP3, WMV, JPG, GIF, etc. Until MBAM, v1.75, MBAM could not access files in archives but with v1.75 came that ability so it can unarchive a Java Jar (which is a PKZip file) but it won't target the .CLASS files within. Same goes with CHM files (which is a PKZip file) but it doesn't target the HTML files within. MBAM v1.75 and later specifically will deal with; ZIP, RAR, 7z, CAB and MSI for archives. And self-Extracting; ZIP, 7z, RAR and NSIS executables (aka; SFX files). MBAM specifically targets binaries that start with the first two characters being; MZ They can be; EXE, CPL, SYS, DLL, SCR and OCX. Any of these files types can be renamed to be anything such as; TXT, JPG, CMD and BAT and they will still be targeted just as long as the binary starts with 'MZ'. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now