Announcement

Collapse
No announcement yet.

Avira antivirus incorrectly identifies ASC as Trojan

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Avira antivirus incorrectly identifies ASC as Trojan

    ASC notified me today that there was a new version of Flash Player. As soon as I clicked on 'update' Avira decided that virtually any files associated with ASC contained a Trojan TR/Decep.IObit.** and shoud be quarantined.
    I thought that something had infected ASC so I ran a full scan and then ran Malwarebytes which seemed to confirm my suspicions as it identified all ASC files as needing to be quarantined.
    **See seperate Post re Malwarebytes identifying ASC as a PUP in error.**
    Once I read the posts in this forum I realised that Avira was identifying a false positive. Unfortunately it is notoriously difficult to tell Avira that a file is OK. You can list it as an exception and it will still quarantine the file.
    So I swopped to Avast.
    This post is intended as a heads-up for anyone else experiencing the same problem and also for IObit so try and rectify.

  • #2
    +1 - exactly the same here, except I don't really want to go through the hassle of switching to Avast.

    Avira quarantined both ASC and Iobit Uninstaller.

    Iobit - please let us know if a fix is coming?

    Comment


    • #3
      Exactly the same for me 2 days ago.
      Even the free version re-installation failed immediately the same supected pattern was recognized by AVIRA.
      The PRO version of ASC 10.2 was a succès while installing but immediately 26 EXE's where put in quarantine.
      I has to disable temporarely the RT protection and put a new exception to be capable of running ASC 10.2
      I do'nt believe completely thsi is a false positive.
      Something in the coding must be repetitive to be detected by AVIRA (see attachment)
      I sended a possible false positive ti AVIRA.

      Jojoke
      Attached Files

      Comment


      • #4
        I am having just the same problem as above. I have been using Avira Pro for years and also ASC and Malware Fighter, IObit Uninstaller, Smart Defrag with no problems at all.

        I switched on my PC this morning and it took a lot longer than usual to boot. I went off for a moment, came back and found that Avira was running and told me that I had lots of TR/Decep.IObit.XX files on the system. I thought there might have been an error and re-ran Avira and got the same result.

        ASC 10 now does not run correctly and some components need to be downloaded, such as Winfix and Internet Booster, which when I try to download Avira flags them as containing harmful files and copies them to quarantine. However, some components do work. I have not checked them all.

        I have sent all these files to Avira and they all come back as correctly identified. I also looked at the Avira Virus Lab page here
        https://www.avira.com/en/support-virus-lab?vdl[first]=T and I see that they have suddenly started listing many (well, 13) TR/Decep.IObit.XX files as Trojans. Why now all of a sudden?

        If anyone can explain why this has started to happen and what can be done, I'd love to know. Screenshot is a partial view of my Avira quarantine older which now contains 71 items!

        Comment


        • #5
          Following my post above, just after sending it I received an email from Avira regarding one of the many file submissions I sent them. It says the file in the submission I made was 'KNOWN CLEAN'.

          Unfortunately I cannot determine from their email just what file they are referring to!

          This is what I received -

          Dear Sir or Madam,

          Thank you for your email to Avira's virus lab.
          Tracking number: INC02129774.
          We received the following archive files:
          File ID Filename Size (Byte) Result
          28974168 quarantine.zip 299.17 KB OK
          A listing of files contained inside archives alongside their results can be found below:
          File ID Filename Size (Byte) Result
          132373114 005b15c1.vir 590.78 KB KNOWN CLEAN
          Please find a detailed report concerning each individual sample below:
          Filename Result
          005b15c1.vir KNOWN CLEAN
          The file '005b15c1.vir' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content.
          Alternatively you can see the analysis result here:
          <Removed by Borborygmus>
          An overview of all your submissions can be found here:
          <Removed by Borborygmus>
          Please note: If you have specific questions, please visit our website http://www.avira.com/en/support for further details.

          Kind regards
          Avira Virus Lab

          ---------------------------------------------
          Avira Operations GmbH & Co. KG
          Kaplaneiweg 1, 88069 Tettnang, Germany
          Phone: +49 (0) 7542-500 0
          Fax: +49 (0) 7542-500 3000
          Internet: http://www.avira.com

          CEO: Travis Witteveen
          Headquarter: Tettnang
          Commercial register: AG Ulm HRB 630992
          ---------------------------------------------

          Comment


          • #6
            I'm having same problem. I have been using Avira PRO, ASC and Smart defrag for years.
            Approximately 1 to 2 weeks have passed since updating to ASC 10.
            Today, Avira pro is detect virus on all of IOBIT softwares.
            I am thinking very seriously about this problem. This software became untrustworthy.

            Comment


            • #7
              Originally posted by liebe4242 View Post
              I'm having same problem. I have been using Avira PRO, ASC and Smart defrag for years.
              Approximately 1 to 2 weeks have passed since updating to ASC 10.
              Today, Avira pro is detect virus on all of IOBIT softwares.
              I am thinking very seriously about this problem. This software became untrustworthy.
              I agree, but which software is maybe untrustworthy? Is it IOBit software or is it Avira software?

              And why would Avira suddenly start finding that almost every piece of IOBit software is suspect?

              My ASC Pro is due for renewal next month and I think I shall put that on hold until I get some answers from IOBit. Also my Avira Pro is due for renewal in June and I might delay that as well.

              As I typed the above, Avira popped up to tell me that two more incidents of malware have appeared in IOBit products,

              Then a window popped up from IOBit Uninstaller that there was an incomplete uninstall of Rogue Killer, a heavy duty malware removal tool. I did not ask for Rogue Killer to be removed so it looks as though some software has decided to do it without being told by me. This looks serious if maybe something by Avira is letting this happen. I think it would not be IOBit that would automatically remove anti-malware software.


              Comment


              • #8
                From another post I made in a different thread on here.

                There seems more to this issue than meets the eye, and it could be that we consumers may be the victims of spats and disputes between large software companies attempting to deny users the use of rival companies products, and in doing so, deny us the use of software we have legitimately paid for.

                I have managed to find more information on previous disputes between IOBit and MBAM, and it is well worth looking here - https://forums.malwarebytes.com/topi...tual-property/ for more details.

                What seems to be inferred in my searches is that some large AV companies may be colluding in adding other companies legitimate software to their PUP lists and that is not only to the detriment of the companies whose software is being denied, but also to the users who which only yo use what they have paid for.

                This seems very high-handed and even arrogant. From my point of view I will just stop using software which denies me the use of other software I have bought and paid for.

                Now that MBAM have issued their recent policy change to PUPs, other AV and anti-Malware companies just seems to be unquestioningly copying them and so there will be more and more of these programs 'taking over' your PC and disallowing access to software you have bought and paid for, and have been using without problems for years.

                Try reading these links and make your own minds up as to what seems to be happening.

                https://forums.malwarebytes.com/topi...tual-property/

                https://www.enigmasoftware.com/legal...-complaint.pdf This is a MUST READ

                http://forums.iobit.com/forum/advanc...-asc-as-trojan

                https://www.google.co.th/search?q=io...hrome&ie=UTF-8

                https://www.bleepingcomputer.com/for...iobit/?hl=+asc

                http://www.thewindowsclub.com/malwar...wanted-program

                https://forums.malwarebytes.com/topi...-up-my-pc-why/

                Comment


                • #9
                  Originally posted by Borborygmus View Post
                  From another post I made in a different thread on here.

                  There seems more to this issue than meets the eye, and it could be that we consumers may be the victims of spats and disputes between large software companies attempting to deny users the use of rival companies products, and in doing so, deny us the use of software we have legitimately paid for.

                  I have managed to find more information on previous disputes between IOBit and MBAM, and it is well worth looking here - https://forums.malwarebytes.com/topi...tual-property/ for more details.

                  What seems to be inferred in my searches is that some large AV companies may be colluding in adding other companies legitimate software to their PUP lists and that is not only to the detriment of the companies whose software is being denied, but also to the users who which only yo use what they have paid for.

                  This seems very high-handed and even arrogant. From my point of view I will just stop using software which denies me the use of other software I have bought and paid for.

                  Now that MBAM have issued their recent policy change to PUPs, other AV and anti-Malware companies just seems to be unquestioningly copying them and so there will be more and more of these programs 'taking over' your PC and disallowing access to software you have bought and paid for, and have been using without problems for years.

                  Try reading these links and make your own minds up as to what seems to be happening.

                  https://forums.malwarebytes.com/topi...tual-property/

                  https://www.enigmasoftware.com/legal...-complaint.pdf This is a MUST READ

                  http://forums.iobit.com/forum/advanc...-asc-as-trojan

                  https://www.google.co.th/search?q=io...hrome&ie=UTF-8

                  https://www.bleepingcomputer.com/for...iobit/?hl=+asc

                  http://www.thewindowsclub.com/malwar...wanted-program

                  https://forums.malwarebytes.com/topi...-up-my-pc-why/
                  I agree that there are many similar cases that this issue.

                  Actually, after I wrote other post, I confirmed some additional issue.
                  1. After updating ASC 10.2, a virus was detected. (Other laptops using ASC do not detected viruses because laptop have not yet updated.)
                  2. On a PC not using Avira AV, no virus was detected. (until now)

                  I can not concluded what kind of software is untrusted software.
                  However, I think there is a problem with IOBIT's response.
                  It is necessary to notify the consumer that the IOBIT software has no problem and to reassure the consumer using a quick update.

                  Comment


                  • #10
                    Then, what to do?
                    Is there any official IOBIT's response? Should I permanently remove Avira from my PC? I tired from rescue ASC from quarantine every 2 hours!

                    Comment


                    • #11
                      Hi everyone

                      Our programs are absolutely clean and so sorry about the detection by Avira. Currently, we are contacting them to remove the detection and our experts are diligently working on this issue.

                      To solve the issue temporarily before get it solved, please refer to the solution to add IObit programs into exceptions for Avira antivirus.
                      1. Launch Avira program and turn off Real-time Protection temporarily.
                      2. Download ASC from the link and reinstall it: http://www.majorgeeks.com/files/deta...emcare_10.html
                      3. Click the Settings icon behind Scan system on the main screen. Another window will pop-up.
                      4. Go to ‘PC Protection’, click on ‘Exceptions’under ‘Scan’. Here, please add the following items to be omitted by scanner.

                      1) Installation folder.
                      By default, the program is installed on Disk C: \ as following:
                      C:\Program Files\IObit\ (32bit computer)
                      C:\Program Files (x86)\ IObit\ (64bit computer)
                      Note: If your program is not installed on Disk C:, please right click on the desktop icon of the program and choose Open file location.

                      2) %appdata%\IObit
                      3) %programdata%\IObit
                      4. Click on ‘Real-Time Protection’, and select ‘Exceptions’ under ‘Scan’. Here, please also add the same items as above to be omitted by Real-time Protection.
                      Thanks for your understanding.
                      IObit Support Team --
                      If you're happy with our products, please tell your friends, families and colleagues about IObit and IObit products! We'd be very grateful!

                      Comment


                      • #12
                        hurry up!
                        "temporarily" solution is not a solution, cause Avira doesn't allow create exception with recursive subdirectories, and ASC has a great bunch of that...

                        Comment


                        • #13
                          Originally posted by myf View Post
                          hurry up!
                          "temporarily" solution is not a solution, cause Avira doesn't allow create exception with recursive subdirectories, and ASC has a great bunch of that...
                          Hi myf,

                          We are still working on this, which may take some time. Please try our detailed steps to add IObit programs into exceptions for Avira antivirus.

                          Much appreciated for your understanding.
                          IObit Support Team --
                          If you're happy with our products, please tell your friends, families and colleagues about IObit and IObit products! We'd be very grateful!

                          Comment


                          • #14
                            Hi everyone,

                            The false positive made by Avira has been removed in our latest version. Please re-install the latest version from the links below:

                            From MajorGeeks: http://www.majorgeeks.com/files/deta...emcare_10.html

                            From Download.com: http://download.cnet.com/Advanced-Sy...=dl&tag=button

                            Thanks.





                            IObit Support Team --
                            If you're happy with our products, please tell your friends, families and colleagues about IObit and IObit products! We'd be very grateful!

                            Comment


                            • #15
                              Can we combine these threads under one topic? Maybe name the topic: Security Software Effecting ASC

                              http://forums.iobit.com/forum/advanc...d-systemcare10

                              Comment

                              Working...
                              X