Nero 18 flagged

[wingdam]

I just installed the new Nero 18 and Malwarebytes flagged almost every part of the program as PUP. and Quarantined one .exe 

[nikhils]

Hello @wingdam

What version of the Malwarebytes product do you have?

Also for NERO are you running the Standard Suite or the Platinum suite?

Thank you

[wingdam]

Version 3.2.2 and it's Nero Platinum suite

[dcollins]

Can you please grab the information listed in the thread below? This will help us get the exact versions of Nero and see what specifically was blocked. Thanks!

 

[wingdam]

[dcollins]

Can you please provide the zip file mentioned in the thread I linked. It has more information about those specific files (hashes to make sure they're proper, etc)

[wingdam]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/26/17
Scan Time: 2:14 AM
Log File: 20b18284-a29b-11e7-9bd8-10c37ba2ae8c.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2887
License: Premium

-System Information-
OS: Windows 10 (Build 15063.608)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 414734
Threats Detected: 43
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 3 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 7
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\AutoPilotModuleCheckModule, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\HighSpeedModule, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\RegCleanerDll, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\services, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\startup, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\PROGRAMDATA\NERO\NERO TUNEITUP, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\NERO, No Action By User, [2216], [354280],1.0.2887

File: 36
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\services\services.xml, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\AutoPilotModuleCheckModule\settings_Auto.xml, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\AutoPilotModuleCheckModule\settings_Default.xml, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\AutoPilotModuleCheckModule\settings_Off.xml, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\HighSpeedModule\autopilot_processlist.xml, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\RegCleanerDll\BlackList.cfg, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\startup\startup.xml, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\BrowserCleanerModule.ico, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\DefragModule.ico, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\PowerSaverModule.ico, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\RecycleBinShredderModule.ico, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\RegistryCleanerModule.ico, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\ServicesModule.ico, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\Setup Log 2017-09-24 #002.log, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\simplitec_Power_Suite.ini, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\StartUpModule.ico, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\ToBeUninstalled.dat, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\usertips_DE.xml, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\usertips_EN.xml, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\usertips_ES.xml, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\usertips_FR.xml, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\usertips_IT.xml, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\usertips_KO.xml, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\usertips_NL.xml, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\usertips_PL.xml, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\usertips_PT.xml, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\usertips_RU.xml, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Nero\Nero TuneItUp\winsettings.dat, No Action By User, [2216], [354279],1.0.2887
PUP.Optional.NeroTuneItUp, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\NERO\NERO TUNEITUP.LNK, No Action By User, [2216], [354280],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\1-Click Optimisation.lnk, No Action By User, [2216], [354280],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero ControlCenter.lnk, No Action By User, [2216], [354280],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero CoverDesigner.lnk, No Action By User, [2216], [354280],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Disc To Device.lnk, No Action By User, [2216], [354280],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero MediaBrowser.lnk, No Action By User, [2216], [354280],1.0.2887
PUP.Optional.NeroTuneItUp, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero MediaHome.lnk, No Action By User, [2216], [354280],1.0.2887
PUP.Optional.NeroTuneItUp, C:\USERS\PUBLIC\DESKTOP\NERO TUNEITUP.LNK, No Action By User, [2216], [354283],1.0.2887

Physical Sector: 0
(No malicious items detected)

(end)

[dcollins]

While this is more information, the requested zip file has all the relevant details of what we need to identify this that are missing in these other locations. Here's the link again to instructions on how to grab that data. If you are concerned about posting that data publicly, you can private message me the zip file by clicking on my name and choosing Message

 

Edited September 28, 2017 by dcollins

[wingdam]

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/24/17
Protection Event Time: 6:05 PM
Log File: 9676ab2a-a18d-11e7-b375-10c37ba2ae8c.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2878
License: Premium

-System Information-
OS: Windows 10 (Build 15063.608)
CPU: x64
File System: NTFS
User: System

-Blocked Malware Details-
File: 1
PUP.Optional.NeroTuneItUp, C:\Program Files (x86)\Nero\Nero TuneItUp\TuneItUp.exe, Quarantined, [2199], [354276],1.0.2878

(end)

[wingdam]

There is no way to get the Nero Version as it's a collection with different version numbers. It's the latest Nero Platinum 2018

mb-check-results.zip

[dcollins]

It looks like Nero TuneItUp is all we're flagging, not the main Nero product. There's a few exclusions that aren't being added which are triggering the detection. The best thing to do is this:

1. Run a threat scan
2. Let the scan finish
3. At the scan results page, uncheck all items and click next
4. A popup should ask you how you want to handle these items, choose Ignore Always
5. This should exclude all identified files and prevent it from getting flagged again