MalwareBytes quarantines Advanced SystemCare10

[Karrstar]

HI

 

Today my Malwarebytes Premium decided to quarantine ASC as a PUP and put all 526+ files into it's quarantine area? I have restored them but why is it seeing ADS as potential damaging PUPs?

 

Cheers

Karr

[joeb427]

Malwarebytes deleted ASC10 after I quarantined 700 PUPs of ASC.I tried downloaded ASC10 a number of times but it won't load.It says it loaded but it seems not to have.

 

When clicking on the icon I get a window that states.

 

The item ASC.exe that this short cut refers to has been changed or moved ,so the short cut won't work properly.

 

I also tried clicking on it from the list of programs that are not short cuts and get the same screen.

[supertweaker]

MBAM Premium did the same thing to my ASC Pro yesterday. I had to restore over ASC files then rescan and tell MBAM to ignore all files in the future. This is crazy! ESET Node32 is also doing this to Windows Utility programs. I understand the theory but proven programs like ASC Pro should not be in MBAM's PUP data base. After all these years of both working beautifully together it was a huge surprise.

 

I see lawsuites coming up with the Legitmate Windows Utility companies and Security Companies that have decided to crank-up their security engines to hunt down well known Utility Software.

 

Granted. MBAM is doing many people a favor who have adware/spyware toolbars and fake registry cleaners and anti-spyware software. But they should not be listing ASC as a PUP (potentially unwanted program).

 

I am a professional with Windows and can repair these problems but the average user is going to go nuts!

[Xcom46]

This is what i got with mine

 

Malwarebytes Tagged ASC 9 and 10 as PUP.Optional.

 

I got this from majorgeeks web site.So i know the program should be clean.

 

Malwarebytes Anti-Malware

http://www.malwarebytes.org

 

Scan Date: 3/8/2017

Scan Time: 2:58 AM

Logfile:

Administrator: Yes

 

Version: 2.2.1.1043

Malware Database: v2017.03.08.02

Rootkit Database: v2017.02.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User:

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 279725

Time Elapsed: 4 min, 24 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 2

PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASC_RASAPI32, Quarantined, [563cd2f53b6dca6c0e4293d2867a3dc3],

PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASC_RASMANCS, Quarantined, [9ef410b72385de58a9a772f321df9a66],

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

[njazrael71]

I would uninstall Malwarebytes if its throwing ASC as malicious as its definitely false positives.

[Xcom46]

uh no malwarebytes is there for a reason.

 

it's most likely a false positive.

 

You really don't understand false positive most likely.

[Scannan]

Do not delete Malwarebytes. It is the best program you can have on your pc. It is not a false positive. The ASC installation file comes with built in code which operates in the Action Centre and tells you that you should have Malware Fighter/Smart Defrag/ Driver Booster etc...

Malwarebytes considers that this is unsolicited and by definition sees it as a PUP.

A PUP is a possibly unwanted program....the important word being....Possibly...it is just warning you.

There have been many discussions in this forum where users have taken Iobit to task for this kind of intrusion and until Iobit adopt a different policy for marketing their programs, they are going to be flagged more often by mainstream Antivirus and Antimalware programs.

I have had Iobit in the ignore/exclusion lists of my AV and AM programs for years.

While we all know that the Iobit programs are not a danger....it cannot be denied that a user should only receive the Iobit program which the user downloads and no other advertising should be bundled into it.

 

 

[Cicely]

Hi everyone,

 

Our Advanced SystemCare is definitely clean. Sorry for the inconvenience that our program files are detected as PUP(potentially unwanted programs) by Malwarebytes.

However, PUP is a very controversial topic since it also makes legit programs as PUP.

 

We have found a better way to add all relevant files and registry entries to Exceptions of Malwarebytes.

 

Please take the steps below:

 

Open Malwarebytes->Click on Settings->Click on the Protection Tab->Scroll down to Potential Threat Protection->Set the PUPs and PUMs setting to Warn User->Scroll down to Automatic Quarantine->Set Automatically quarantine detected malware to Off

 

If you are using premium, you need to remake your automated scans in order for these new settings to apply to them. So please do the following:

 

1. Click the Scan Schedule Tab

2. Check the box next to scheduled scan to select it, then click Delete at the bottom right

3. Click the Add button and set up a new Threat Scan with the preferred settings

4. Reinstall Advanced System Care and run a scan with Malwarebytes.

5. Uncheck all of the boxes related to Advanced System Care when the scan is finished.

 

To uncheck all the boxes at once, please click the box next Threat, and then click Next. In the next pane choose the option “Always Ignore” and Malwarebytes will no longer detect Advanced System Care.

 

Thanks.

 

 

 

[supertweaker]

Hi everyone,

 

Our Advanced SystemCare is definitely clean. Sorry for the inconvenience that our program files are detected as PUP(potentially unwanted programs) by Malwarebytes.

However, PUP is a very controversial topic since it also makes legit programs as PUP.

 

In order to continue using our program, please try the solution below.

 

Launch your Malwarebytes program >> go to its Settings >> click Protection >> find Potential Threat Protection, change the settings for Potentially Unwanted Programs (PUPs) from Treat PUPs as malware (recommended) to Ignore Detection. Then reinstall our program from: http://www.majorgeeks.com/files/deta...emcare_10.html

 

Thanks.

 

 

Yesterday, about 17 hours ago, my user account at MBAM was deleted after I asked them to explain why they suddenly decided to go after legit Windows Utilities such as ASC PRO. No response from them other than they removed my post and deleted my usser account. I was polite too! Considering what they did I just purchased IObit's MalwareFighter and MBAM can kiss my patootie! :x

 

IOBit'ss MalwareFigher was a good price through ASC PRO and so now I am covered with a reputable anti-malware/anti-virus program as well as ASC PRO.

 

PS. Most conversations at MBAM about ASC PRO are now locked. I wonder if other people who questioned their (MBAM's) mission got booted from their forums too?

[beneix]

Now Avira is also detecting ASC and Uninstaller as Trojans (not just PUPs). What is going on?

[supertweaker]

Now Avira is also detecting ASC and Uninstaller as Trojans (not just PUPs). What is going on?

 

We are all going to be speculating at this point until the Security Companies announce this new tactic. Behind the scenes there must be a lot of lawyering-up to contest this behavior by security and utility program companies.

 

My best speculation is that there is a race by the security company's to become the "best" detetector of PUP's to help stop Cyber Crime. If my guess is correct then there should have been a notification sent to all "legit" Windows Utility companies. I am just an individual who finds this very frustrating because I take care of hundreds of people around the world via remote connection (mostly seniors my age or older) who have trusted my advise on installing MBAM for many years. Those who also trusted me to install ASC Pro are now in a frenzy asking me daily "what the heck is going one?".

 

This is a slap in the face to anyone who has used IOBit's software for many years. What I am waiting to hear is CCleaner being detected as a PUP. If that happens all hell will break loose. MBAM and CCleaner have a golden reputation and anything detecting CCleaner will effect millions of users around the world.

 

PS I have a solid-state-drive and a very fast system. I use Driver Booster Pro, ASC Pro and recently dumped MBAM and purchased IOBit Malware Figher Pro. I am not going to use anyone's AV that is in the race to effect my machine by telling me my Windows Utilities are possible scams. They are not, you know this, I know this and quite possibly this forum will be filled with hundreds if not thousands of complaints about MBAM and other anti-malware programs.

[Scannan]

There is an incredible amount of confusion and misunderstanding regarding this issue. Malwarebytes/Avira ESET etc...are not saying that the Iobit utilities are dangerous. They are saying that the Iobit software contains hidden files/code which the user is not aware of. This is in fact true, in that Iobit bundle links and references to other Iobit products.

Some Antivirus and Antimalware companies consider this to be Adware and or PUP's.

It is up to each user to decide if they agree.

That said, I think users should put pressure on these Security companies to give the option to ignore the PUP's and should not arbitrarily uninstall/block a program without the users permission.

This sort of activity is tantamount to taking control of a users machine, and should be stopped.

[supertweaker]

There is an incredible amount of confusion and misunderstanding regarding this issue. Malwarebytes/Avira ESET etc...are not saying that the Iobit utilities are dangerous. They are saying that the Iobit software contains hidden files/code which the user is not aware of. This is in fact true, in that Iobit bundle links and references to other Iobit products.

Some Antivirus and Antimalware companies consider this to be Adware and or PUP's.

It is up to each user to decide if they agree.

That said, I think users should put pressure on these Security companies to give the option to ignore the PUP's and should not arbitrarily uninstall/block a program without the users permission.

This sort of activity is tantamount to taking control of a users machine, and should be stopped.

 

 

I totally agree with this sentence. And yes, people like me are taking a stand against security software companies to stop this nonsense! There will be many more of us in the days and weeks to come.

[Borborygmus]

Now Avira is also detecting ASC and Uninstaller as Trojans (not just PUPs). What is going on?

 

 

I have just started having this problem with Avira Pro. See the thread on here - http://forums.iobit.com/forum/advanced-systemcare/advanced-systemcare-v10/219723-avira-antivirus-incorrectly-identifies-asc-as-trojan

 

I have had no luck with a meaningful response from Avira. All they say on their support forum is -

 

'System Administrators (IOBit) have been known to test their own products and may have explored different avenues for intrusion, whether passive or defensive. Since the reference to the 'Decep' has been made there's a similar tool identified for hacking but this goes back to a much older form of spyware. You may have to wait for an analysis and results from the Avira Labs.'

 

Now this is junk in my opinion. It looks to me like Avira passing the buck, and this response is unprofessional and not customer-centric. I don't WANT to wait for Avira to decide when or if to resolve this. I want to go back to using my paid-for software without someone else deciding that I can't.

 

I agree with what has been said regarding the bundled links to other IOBit software products. I find them a little annoying but the convenience of the IOBit software outweighs the inconvenience of them pushing the other products.

 

[Borborygmus]

 

 

Yesterday, about 17 hours ago, my user account at MBAM was deleted after I asked them to explain why they suddenly decided to go after legit Windows Utilities such as ASC PRO. No response from them other than they removed my post and deleted my usser account. I was polite too! Considering what they did I just purchased IObit's MalwareFighter and MBAM can kiss my patootie! :x

 

IOBit'ss MalwareFighter was a good price through ASC PRO and so now I am covered with a reputable anti-malware/anti-virus program as well as ASC PRO.

 

PS. Most conversations at MBAM about ASC PRO are now locked. I wonder if other people who questioned their (MBAM's) mission got booted from their forums too?

 

I think I know the reason for that. Some time ago, maybe a year or so, I was having problems with Malware Fighter Pro and Googled for help in resolving it (I forget the problem now).

 

I came across a forum where someone from MBAM (sounded like the Founder or maybe CEO) was complaining that IOBit was a bad company, that Malware Fighter was bad software, was illegal and made all sorts of scurrilous claims that it was Trojan ware, was virus-ridden and so on. Looking into it further, it seems that here had been legal proceedings between he two companies and it emerged that MBAM were alleging that IOBit had ripped off MBAM's code or virus/malware database, I forget exactly what. Perhaps it was todo with the BitDefender engine, which rings a bell.

 

Other remarks were made about IOBit - that it was purportedly a Chinese company but registered in the US, the inference also being made that spyware code was deliberately incorporated into IOBit products, that the company was even an offshoot of the Chinese government who were hellbent on gathering as much data from Western countries etc etc.

 

From reading the posts, there was obviously a lot of rancour between the two companies and I thought the writer from MBAM was a bit too shrill and not so believable. The writing seemed to be very weird, and not at all measured or restrained. I may be wrong, but all this can be Googled, and I think there was legal action between the two companies which MBAM may have lost.

 

Perhaps this may explain the reason for the problems with MBAM mentioned above. If anyone can provide more details, it would be interesting to hear them.

 

EDIT

 

After writing the above it seems that there is still some rancour between the two companies. See the thread here from only a few days ago.

https://www.bleepingcomputer.com/forums/t/642319/malwarebytes-vs-iobit/

 

[Cicely]

Hi everyone,

 

We are continuing to contact MBAM and Avira to remove the detection and our experts are working on finding new solutions, which may take some time.

 

Hope to get your understanding.

[Ron Ellison]

[ATTACH=CONFIG]n219765[/ATTACH]

 

I got this message when I ran Reimage Repair today, completing the repair removed one of the programs, I also ran Bitdefender 2017, it did not find a problem, on a google search I came across Avira information on viruses

Whats the deal here

[Borborygmus]

There seems more to this issue than meets the eye, and it could be that we consumers may be the victims of spats and disputes between large software companies attempting to deny users the use of rival companies products, and in doing so, deny us the use of software we have legitimately paid for.

 

I have managed to find more information on previous disputes between IOBit and MBAM, and it is well worth looking here - https://forums.malwarebytes.com/topi...tual-property/ for more details.

 

What seems to be inferred in my searches is that some large AV companies may be colluding in adding other companies legitimate software to their PUP lists and that is not only to the detriment of the companies whose software is being denied, but also to the users who which only yo use what they have paid for.

 

This seems very high-handed and even arrogant. From my point of view I will just stop using software which denies me the use of other software I have bought and paid for.

 

Now that MBAM have issued their recent policy change to PUPs, other AV and anti-Malware companies just seems to be unquestioningly copying them and so there will be more and more of these programs 'taking over' your PC and disallowing access to software you have bought and paid for, and have been using without problems for years.

 

Try reading these links and make your own minds up as to what seems to be happening.

 

https://forums.malwarebytes.com/topi...tual-property/

 

https://www.enigmasoftware.com/legal...-complaint.pdf This is a MUST READ

 

http://forums.iobit.com/forum/advanc...-asc-as-trojan

 

https://www.google.co.th/search?q=io...hrome&ie=UTF-8

 

https://www.bleepingcomputer.com/for...iobit/?hl=+asc

 

http://www.thewindowsclub.com/malwar...wanted-program

 

https://forums.malwarebytes.com/topi...-up-my-pc-why/

 

 

[supertweaker]

My best suggestion to all ASC Pro users is to purchase IObit's Malware Fighter through their ASC Pro interface. You'll get a good price and an anti-malware/anti-virus program that rivals MBAM. Uninstall MBAM first before installing any other IObit programs.

 

I am just a consumer and since I trust ASC Pro I implicitly trust IObit Malware Fighter. Version 4.5 has been enhanced greatly. I like it a lot and will never use another Security program like MBAM unless they stop this nonsense of stripping our computer of what we have safely used for years. Thumbs up

[Stewart]

Hi. Yes me too! My MBAM decided that all files belonging to my ASC pro were PUPS and quarantined all of them!

This did not used to happen.

I then downloaded a fresh version of ASC and it happened again when re-running a MBAM scan

[supertweaker]

I have suggested to 5 clients who like ASC Pro to remove Malwarebytes (save license info) and buy IObit Malware Figher through the ASC Pro interface. I have to help 3 of them through remote connection but the others were succesful on their own. Why even deal with MBAM's and other security programs decision to call just about all 3rd party Windows Utililies as PUP's and stripping a system of those program's files? The User has to jump through hoops to scan, rescan and tell MBAM to ignore the ASC PUP's.

 

Here's something new. I ran MBAM scan on another computer with start10.com menu from Stardock.com . Another perfectly safe program that allows one to configure that Start Menu the way it was with Windows 7 and a couple other configurations. Very nice, I have it too (it's only $5 USD)and updates about twice a year.

 

This indentifying our trusted Utility programs is bizzare if not illegal. Another reason for me to ditch MBAM and install IObit Malware Fighter. If MBAM and others are out to bankrupt IObit it's mean, unwarranted and a (shoot yourself in the foot) company strategy. My clients are updated daily on this saga playing out in the Security Software companies.

 

I ran the EICAR test and MF found it as soon as I saved the text file. It's easy and here is a link to Wiki showing you the instructions: https://en.wikipedia.org/wiki/EICAR_test_file

 

I'm being redundant but a good way to protest these actions is to install Malware Figher.

[scanreg]

Hi everyone,

 

Our Advanced SystemCare is definitely clean. Sorry for the inconvenience that our program files are detected as PUP(potentially unwanted programs) by Malwarebytes.

However, PUP is a very controversial topic since it also makes legit programs as PUP.

 

In order to continue using our program, please try the solution below.

 

Launch your Malwarebytes program >> go to its Settings >> click Protection >> find Potential Threat Protection, change the settings for Potentially Unwanted Programs (PUPs) from Treat PUPs as malware (recommended) to Ignore Detection. Then reinstall our program from: http://www.majorgeeks.com/files/deta...emcare_10.html

 

Thanks.

 

is there a way instead to have MB just skip Iobit stuff?

 

thanks

[supertweaker]

Yes but honestly, it's not worth the hassle. Try Malware Figher. It won't detect anything (obviously) that is IObit's products.

[MontanaBob]

Copied below is the latest message addressed to me by the Root Admin of the Malwarebytes forum. As can seen, MBAM clearly has no intention of revising their policy of tagging AdvancedSystem Care as a PUP.

 

AdvancedSetup said: Our Research Team has been monitoring this application for some time and has decided to add detection based on triggers against our PUP detection criteria.

 

MontanaBob said: . . . and that, AdvancedSetup, is precisely the reason why, I will no longer, be using, recommending, nor installing Malwarebytes on any of my client's computers.

 

AdvancedSetup said: The detection is correct and not a false positive.

 

MontanaBob said: That, AdvancedSetup, may be your assessment, but it is not mine, the difference being that it is I who will make the ultimate decision. As I indicated previously, you are forcing me to select between ASC and MWB. ASC is infinitely more important to me, so the decision is a simple one.

 

AdvancedSetup said: We will continue monitoring this application and if we notice a change in the behavior we will review it again.

 

MontanaBob said: Should you decide to cease the policy of attacking competitors, let me know and I will reconsider.

 

AdvancedSetup said: If for whatever reason you want to continue using Advanced SystemCare, you can simply uncheck the detections and click Next after a scan with MBAM, and the prompt will ask you if you want to "Ignore Once" or "Ignore Always". If you Ignore Always it won't be detected anymore.

 

MontanaBob said: Tried that several times on different computers and it didn't work. The only option that I saw was to deactivate detection of all PUPs, which negates one of main reasons for using any anti-malware util.

 

AdvancedSetup said: You may contact either legal@malwarebytes.com or pup@malwarebytes.com if you have concerns about this detection, or ask for a no-questions asked refund from our Customer Support team.

 

MontanaBob said: You may process my refund forthwith. I have less than sixty days left on my suscription.

 

MontanaBob

 

MontanaBob

[supertweaker]

Good for you MontanaBob! This whole scandal by MBAM will get around the Internet very quickly. Advanced users will make the IObit Malware Fighter decision and average users will be asking techs in stores and online "what is gong on with my long-time security program, Malwarebytes?". Eventually people will move away from MBAM and use some other AV/AM.

 

In real-life I think the majority of people always pull for the underdog. And considering MBAM has gotten so many glowing reviews from most of us who have used it for several years, they slap us in the face and start ruining our customized Windows OSes. The underdog here is IObit but will emerge with a huge (I predict) client base after this debacle.