Jump to content

Recommended Posts

Why is AdwCleaner showing this company as PUP, yes some of their programs are but not all .  So simply have this name ( Auslogics ) AdwCleaner show it as PUP . Auslogics Windows Slimmer is okay but if one does download the program and goes to install there are other programs added on but all one needs to do is unslected them and just use Auslogics Windows Slimmer. And I find this program alone is okay . OR is Malwarebyes / Adwcleaner saying other wise ?

https://www.auslogics.com/en/software/windows-slimmer

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the AdwCleaner Help forum.

Someone will reply shortly, but in the meantime here are a few resources which may help resolve your issue:

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Share this post


Link to post
Share on other sites
On 7/10/2018 at 4:47 AM, Dude905 said:

Auslogics Windows Slimmer is okay but if one does download the program and goes to install there are other programs added on but all one needs to do is unslected them and just use Auslogics Windows Slimmer.

There's your answer right there.  Bundled installers specifically are something that Malwarebytes deliberately targets aggressively under the PUP category.  You can read about a related example, Auslogics Disk Defrag, here where they cite specifically:

Auslogics products are sometimes downloaded willingly by users and sometimes included in bundlers.

Share this post


Link to post
Share on other sites
Posted (edited)
17 hours ago, exile360 said:

There's your answer right there.  Bundled installers specifically are something that Malwarebytes deliberately targets aggressively under the PUP category.  You can read about a related example, Auslogics Disk Defrag, here where they cite specifically:

I know that ... All one need to do is unselected them and they wouldn't get installed . My point is if you use just the program itself and do a scan afterwards with AdwCleaner ... AdwCleaner will flag 4 files from  Auslogics  which serves no purpose

 

Edited by Dude905

Share this post


Link to post
Share on other sites
On 7/12/2018 at 6:39 AM, fr33tux said:

Hello,

Can you provide a whole logfile please?

Thanks,

I have done scans with other security software companies and none has shown it to be malware

Adwcleaner.jpg

Share this post


Link to post
Share on other sites

Anyways here a list / pics from top security companies scans and none have found any type of malware were by only adwcleaner has . Also, I find using Windows Slimmer has remove files that aren't needed, in another words clean my system and I have zero not one single problem with my computer . So, I would like to ask you exactly what harm is this program Auslogics Windows Slimmer doing to my PC which your scanner suggested it is ?

BitD.jpg

Eset.jpg

F-S.jpg

Sop.jpg

Kas.jpg

Share this post


Link to post
Share on other sites

They're likely being detected because they are the same as ones installed by one of their other products that is detected as a PUP such as BoostSpeed or Driver Updater (both of which I believe are flagged as PUP) so they might need to adjust the defs accordingly as not to flag them when installed by this app.

As for the checkboxes in the installer, that's irrelevant as far as Malwarebytes is concerned.  Because most users do not take the time to read installers to uncheck such items when they are checked by default, they end up with additional software that they did not intend to install, so installers that behave this way are categorized as PUP and flagged as bundled installers.

With regards to the results from those other scanners, they don't really apply.  ADWCleaner isn't a malware scanner, it is specifically focused on adware and PUPs, not malware unlike the other scanners you checked with, none of which are as aggressive against PUPs as Malwarebytes.

Share this post


Link to post
Share on other sites
Posted (edited)

I disagree . As I mention already ADWCleaner is detecting Windows Slimmer program as well and this is after I have decline to install those other 2 programs .  I like to know the harm Windows Slimmer program is doing exactly since I find none . If one choose to remove those 4 so call threats it will totally remove Windows Slimmer

 

From Malwarebytes AdwCleaner own site

The world’s most popular adware cleaner finds and removes unwanted programs and junkware so your online experience stays optimal and hassle-free.
Computer running slow? Strange messages popping up? Browser homepage changed without your permission? This could be the work of adware (and its friends), a sneaky variant of malware that is hard to find, and harder to remove. Malwarebytes AdwCleaner employs innovative technology engineered solely to detect and remove these unwanted hitchhikers. It’s the cleaner of choice for home users and technicians.

 

And none of that happens above with Windows Slimmer

 

MALWARE !!

Edited by Dude905

Share this post


Link to post
Share on other sites

First, what was checked or unchecked is irrelevant.  That's not how detection works for items classified as PUP.

Second, if Windows Slimmer is being targeted deliberately that's one thing, but the contents of this discussion lead me to believe that this is not the case which means the most likely reason for those 4 detections is due to a collision in the signatures being used for targeting something else with the most likely culprit being one or both of the other programs I mentioned since they are all from the same vendor (it's a common practice for vendors to often use the same registry and folder paths for their software, especially for storing settings and data), so if that is the case then the Malwarebytes Researchers who manage ADWCleaner must create an exception in the defs for this program so that it isn't detected by mistake any longer, again, assuming that is the case and it isn't being targeted deliberately.

By the way, have you tried the recently released version of ADWCleaner, version 7.2.2?  It was just published yesterday so it might actually already contain a fix for this.  It's worth a shot if you haven't checked it yet.  I'm downloading it now along with Windows Slimmer to see what it's detecting, then I'm going to check on a few of Auslogics other programs like BoosSpeed, Registry Cleaner and Driver Updater (the most likely 3 to be classified as PUP by Malwarebytes and/or ADWCleaner) to see what paths they use and discover if my theory is correct about shared paths between them and Windows Slimmer.

Share this post


Link to post
Share on other sites

OK, I've done some testing and here are the results.

Note: for speed of testing I unchecked any additional software checkboxes during installation, unchecked the option to launch/run the software after installation (which might have created additional entries once launched as some software does in the registry and/or on disk), unchecked the options for any startup items to launch the installing software on boot, and unchecked the option to place a shortcut for the software on the desktop whenever the installer provided these options so it is possible that these additional items/entries may have been flagged by either or both scanners, however I believe the results I did obtain are sufficient to illustrate what is happening with these detections.

Malwarebytes 3 detects Auslogics Driver Updater as PUP.Optional.Auslogics
It does not detect BoostSpeed, Registry Cleaner or Windows Slimmer

Malwarebytes 3 does detect several components of BoostSpeed following installation as PUP.Optional.AuslogicsBoostSpeed and one component as PUP.Optional.AuslogicsDiskDefrag (likely because it is a shared component between the two programs, both of which are detected as PUP by Malwarebytes 3).

ADWCleaner 7.2.2 detects the following items from a Windows Slimmer installation:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
C:\Program Files (x86)\Auslogics
HKLM\Software\Wow6432Node\Auslogics (in a 32 bit OS this would be HKLM\Software\Auslogics)

All 3 items detected by ADWCleaner for Windows Slimmer are detected as PUP.Optional.AuslogicsDriverUpdater meaning my hypothesis was accurate.  Windows Slimmer is not being deliberately targeted and these signatures causing these detections were created specifically to target one of Auslogics other programs which does fit the classification of PUP as defined by Malwarebytes: Auslogics Driver Updater (reference this page, this article, these search results from the online threat database, this entry and this entry), although the database items referenced are specific to Malwarebytes 3, they do reflect the overall policy of Malwarebytes as an organization when it comes to the PUP classification.

ADWCleaner 7.2.2 detects no components from Auslogics BoostSpeed (likely due to the fact that they are already covered by Malwarebytes 3 and the two tools are designed to overlap as little as possible so that they targed different PUPs).

Malwarebytes 3 detected 1 item from Auslogics Registry Cleaner; a single URL shortcut located in the START menu which it flagged as PUP.Optional.AuslogicsBoostSpeed; none of the other entries from Registry Cleaner were detected.

ADWCleaner 7.2.2 detects the following components from Auslogics Registry Cleaner:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
C:\Program Files (x86)\Auslogics
HKLM\Software\Wow6432Node\Auslogics (in a 32 bit OS this would be HKLM\Software\Auslogics)

All 3 items detected by ADWCleaner for Auslogics Registry Cleaner are detected as PUP.Optional.AuslogicsDriverUpdater just as before witht the items detected for Windows Slimmer so my hypothesis is looking good.

Malwarebytes 3 detected the following items for Auslogics Driver Updater:
C:\Windows\System32\Tasks\Auslogics\Driver Updater\Scan
C:\Windows\System32\Tasks\Auslogics\Driver Updater
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Auslogics\Driver Updater\Scan
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{807AE176-7A36-4359-9FE0-B515E74A98E1}
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{807AE176-7A36-4359-9FE0-B515E74A98E1}

All items detected by Malwarebytes were classified as PUP.Optional.AuslogicsDriverUpdater
Note: the installer for Driver Updater is detected as PUP.Optional.Auslogics by Malwarebytes 3.

ADWCleaner 7.2.2 detects the following components from Auslogics Driver Updater:
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{23BB1B18-3537-48F7-BEF7-42BC65DBF993}_is1
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{807AE176-7A36-4359-9FE0-B515E74A98E1}
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{807AE176-7A36-4359-9FE0-B515E74A98E1}
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Auslogics\Driver Updater\Scan
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
C:\Program Files (x86)\Auslogics
C:\Windows\System32\Tasks\Auslogics
HKLM\Software\Wow6432Node\Auslogics

NOTE: the first 4 items listed were detected as PUP.Optional.Auslogics while the last 4 items were detected as PUP.Optional.AuslogicsDriverUpdater which means that ADWCleaner is targeting the entries using separate signatures and classifications which may indicate that the former are being targeted deliberately for more than one program (if, for example, the same entries are created by one of their other programs like Auslogics Disk Defrag which I did not test as a part of this analysis).

So I hope this helps clear things up and to summarize, Windows Simmer is NOT being targeted deliberately by ADWCleaner and is being detected due to a collision in the defs being used to target Auslogics Driver Updater so this has nothing to do with any checkboxes or bundled/optional/additional applications in Windows Slimmer's installer or the program itself beyond the fact that it shares several key installation points with another program, Auslogics Driver Updater which is detected/targeted deliberately by ADWCleaner so to rectify this, either the signatures in ADWCleaner must be adjusted to target sub-directories/sub-keys of the parent keys/folders being detected to avoid this and other similar collisions with other Auslogics software, or Auslogics other software needs to somehow be whitelisted if possible so that only the one(s) deliberately being targeted by ADWCleaner will be detected.

I hope that this analysis will prove useful.

Share this post


Link to post
Share on other sites
Posted (edited)

Yes, okay that makes more sense, thank you ... So there nothing wrong with using Windows Slimmer itself? I did notice an advance options which does get one to buy other products .

Edited by Dude905

Share this post


Link to post
Share on other sites

There's nothing wrong with using any of the software I tested, even those which are deliberately targeted as PUP.  The term PUP means Potentially Unwanted Program, meaning it is completely subjective, so if a user installed an application categorized as PUP deliberately and wants to continue using it, that's up to them, it is their system after all.  Nothing detected as PUP would do anything truly malicious, as such activity would get it reclassified as actual malware and detection would not be optional so Malwarebytes would flag it as a threat and tag it in red rather than orange.

Now, specifically with regards to Windows Slimmer, that is correct, it is not deliberately being targeted.  It just got caught in the crossfire via some of the defs being used to target other Auslogics software which are categorized as PUP so you should exclude these detections to prevent detection until the team gets the issue resolved.  The new version of ADWCleaner makes this easy.  Just run a scan and when it completes, right-click on each listed entry and select Add to Exclusion List and it should no longer be detected in future scans by ADWCleaner.

Share this post


Link to post
Share on other sites

Yeah... I will do just that and its good to know there nothing wrong with WS and I didn't think there were, thanks for the help

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.