Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

False Positive - Please Whitelist [SOLVED by the release of ASC8]


Recommended Posts

Hello and thanks for helping to whitelist using the following information:

 

I am a tech support and Q/A Manager for SafeApp Software. I noticed that Adv. Sys. Care Pro 7 Free caught a small portion of one of our programs.

 

Used Advanced SystemCare 7.4.0.474 to check against our "Registry Helper" software that we offer to our customers.

 

I am on Windows 8.1 Pro with all updates and patches.

 

Here are the Virustotal links to the main setup file and the files in question:

 

RH Virustotal OK:

https://www.virustotal.com/en/file/4...is/1413855524/

 

Registry Helper Screen Saver.scr

https://www.virustotal.com/en/file/3...is/1413860823/

 

 

This .zip contains printscreens and the files in question along with the main Registry Helper Setup file:

RH SS.zip

 

Please whitelist as soon as possible and in the meantime, let me know what other information you need.

 

I would send a logfile from the program, but I can't find the location ...

 

Thanks!

 

Paul P.

 

SafeApp Software

 

Link to comment
Share on other sites

Hi safeapp, welcome to IObit Forum! :-)

 

Please wait for Cicely to respond.

 

I believe, the VirusTotal report and the uploaded files to Wikisend including the screenshot is enough for IObit to take the action.

 

Have you checked the logs @:

 

C:\Users\UserName\AppData\Roaming\IObit\Advanced SystemCare V7\Log

 

to see if the log includes the malware scan?

(They could also be reached by clicking on More Settings > Click on Settings... > Settings window > Click on Logs & Backup > Logs > Click on a Saved Log > Click View Log button)

 

 

@ markjustin, thanks for the guidance. 8:)

 

 

 

Cheers.

Link to comment
Share on other sites

Thank you. I realized I had to actually remove the detection. Here is the log from that action including the files in question:

 

Advanced SystemCare Log

====================================

Application Version: 7.4.0.474

Database Version: 53692

Scan Mode: Manual

x64 Bit:Yes

Windows 8

2014-10-21(21-29-37)

====================================

[Malware Scan]: 4 Threats Detected

------Details------

Deleted C:\Program Files (x86)\Angle Interactive

Deleted C:\Users\PaulP\AppData\Roaming\GetRightToGo

Deleted C:\Users\PaulP\Desktop\Registry Helper Screen Saver Setup.exe

Deleted C:\Users\PaulP\Desktop\Registry Helper Screen Saver.scr

Link to comment
Share on other sites

Hello safeapp,

 

Please follow the steps below and send us the requested file for our further investigation.

 

1. Download the demo from https://www.dropbox.com/s/7wi435lxfbeb7if/demo1.zip?dl=0, extract it and run GUI.exe.

 

2. When you open the application, click Start button and click save log when the scan is finished.

 

3. Go to disk C:\ , find and send us the file asc8MalwareScan.log under

 

 

 

Thank you very much:-). @ markjustin and @ enoskype

Link to comment
Share on other sites

Here it is, but it's just a bunch of cookies unrelated to my issue:

 

2o7.net| | 2o7.net=Cookie| COOKIE| Cookie.db| 500072|

accounts.youtube.com| | accounts.youtube.com=Tracking Cookie| COOKIE| Cookie.db| 506755|

accounts.youtube.com| | accounts.youtube.com=Tracking Cookie| COOKIE| Cookie.db| 506755|

ad.360yield.com| | ad.360yield.com=Tracking Cookie| COOKIE| Cookie.db| 506762|

adtechus.com| | adtechus.com=Tracking Cookie| COOKIE| Cookie.db| 506745|

advertising.com| | Advertising.com=Cookie| COOKIE| Cookie.db| 500334|

burstnet.com| | BurstNet.com=Tracking Cookie| COOKIE| Cookie.db| 501076|

casalemedia.com| | casalemedia.com=CasaleMedia| COOKIE| Cookie.db| 501136|

clickbank.net| | clickbank.net=Data Miner| COOKIE| Cookie.db| 501316|

contextweb.com| | contextweb.com=Tracking Cookie| COOKIE| Cookie.db| 501427|

contextweb.com| | contextweb.com=Tracking Cookie| COOKIE| Cookie.db| 501427|

doubleclick.net| | doubleclick.net=Double Click| COOKIE| Cookie.db| 501795|

doubleclick.net| | doubleclick.net=Double Click| COOKIE| Cookie.db| 501795|

eloqua.com| | eloqua.com=Tracking Cookie| COOKIE| Cookie.db| 501971|

go.com| | go.com=Tracking Cookie| COOKIE| Cookie.db| 502590|

go.com| | go.com=Tracking Cookie| COOKIE| Cookie.db| 502590|

googleadservices.com| | googleadservices.com=Tracking Cookie| COOKIE| Cookie.db| 502637|

imrworldwide.com| | imrworldwide.com.au=Red Sheriff| COOKIE| Cookie.db| 503053|

in.getclicky.com| | in.getclicky.com=Tracking Cookie| COOKIE| Cookie.db| 506734|

intellicast.com| | intellicast.com=Tracking Cookie| COOKIE| Cookie.db| 503119|

live.com| | pcwinlive.com=Rogue/FakeAlert| COOKIE| Cookie.db| 504349|

live.com| | pcwinlive.com=Rogue/FakeAlert| COOKIE| Cookie.db| 504349|

liveperson.net| | server.iad.liveperson.net=Data Miner| COOKIE| Cookie.db| 505113|

media6degrees.com| | media6degrees.com=Tracking Cookie| COOKIE| Cookie.db| 506716|

media6degrees.com| | media6degrees.com=Tracking Cookie| COOKIE| Cookie.db| 506716|

nbcuni.com| | nbcuni.com=Tracking Cookie| COOKIE| Cookie.db| 503962|

pixel.rubiconproject.com| | pixel.rubiconproject.com=Tracking Cookie| COOKIE| Cookie.db| 506670|

pro-market.net| | pro-market.net=AlmondNet| COOKIE| Cookie.db| 506878|

revsci.net| | revsci.net=Advertising| COOKIE| Cookie.db| 504771|

rubiconproject.com| | rubiconproject.com=Tracking Cookie| COOKIE| Cookie.db| 506667|

rubiconproject.com| | rubiconproject.com=Tracking Cookie| COOKIE| Cookie.db| 506667|

serving-sys.com| | serving-sys.com=Serving-Sys| COOKIE| Cookie.db| 506892|

statcounter.com| | statcounter.com=Data Miner| COOKIE| Cookie.db| 505415|

statse.webtrendslive.com| | statse.webtrendslive.com=Data Miner| COOKIE| Cookie.db| 505420|

t.co| | att.com=Tracking Cookie| COOKIE| Cookie.db| 500669|

tap.rubiconproject.com| | tap.rubiconproject.com=Tracking Cookie| COOKIE| Cookie.db| 506669|

tap.rubiconproject.com| | tap.rubiconproject.com=Tracking Cookie| COOKIE| Cookie.db| 506669|

trc.taboola.com| | demandmedia.trc.taboola.com=Tracking Cookie| COOKIE| Cookie.db| 506761|

trc.taboola.com| | demandmedia.trc.taboola.com=Tracking Cookie| COOKIE| Cookie.db| 506761|

turn.com| | eyereturn.com=Tracking Cookie| COOKIE| Cookie.db| 502097|

washingtonpost.com| | washingtonpost.com=Tracking Cookie| COOKIE| Cookie.db| 506162|

www3.addfreestats.com| | www3.addfreestats.com=Tracking Cookie| COOKIE| Cookie.db| 506751|

www3.addfreestats.com| | www3.addfreestats.com=Tracking Cookie| COOKIE| Cookie.db| 506751|

xe.com| | internetsecuritydeluxe.com=InternetSecurityDeluxe| COOKIE| Cookie.db| 503138|

 

Link to comment
Share on other sites

Not sure this worked either ....

 

HKEY_CLASSES_ROOT\CLSID\{43C06E5D-F685-4823-B3BE-07B2CDD628E2}| | Malware GUID| GUID| GUID.db| 403056|

HKEY_CLASSES_ROOT\CLSID\{723D2B3A-565C-4DC7-AFEF-5CC832283D00}| | Malware GUID| GUID| GUID.db| 405136|

HKEY_CLASSES_ROOT\CLSID\{D98ADED3-A95F-4008-B562-4894E555DF00}| | Malware GUID| GUID| GUID.db| 409530|

HKEY_CLASSES_ROOT\CLSID\{E78C57D0-1536-4DBD-889B-DF6FF5CA2310}| | Malware GUID| GUID| GUID.db| 410143|

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RegistryEngine15.RegistryEngine| | Unwanted.Registry Repair Pro| REG| Reg.db| 2004374|

 

Link to comment
Share on other sites

Hello safeapp,

 

Sorry for the late reply and thanks for the information you provided.

 

Good news is that we will fix the issue in our next release of Advanced SystemCare v8.

Please help verify if they are removed with the steps below:

 

1. Download the database file Def.dbd from http://www.wikisend.com/download/170222/Def.dbd

 

2. Copy and replace it the original file in Database foder of Advanced SystemCare 7 installation folder. Usual path: C:\Program Files (x86)\IObit\Advanced SystemCare 7\Database

 

3. Run a scan with Registry Fix to see if it solves the issue.

 

As a temporary solution, you can right click on the reported items and choose Ignore to add them into the Ignore List. In this way, they will not be skipped when scan with Registry Fix.

 

 

Cheers.

 

Link to comment
Share on other sites

Sorry, but the Def.dbd db update did not affect the detection. You mention the issue would be fixed in the next version of the program. Why would it not be included in the next definition update since it's a false detection? Do I have to wait for the program version to bump up? Sounds like that could be a while. Please advise ...

Link to comment
Share on other sites

Hello,

 

Our final release of ASC 8 will be in several days.

 

What do you mean by "the Def.dbd db update did not affect the detection"? Did you mean that your program was still scanned out after you replaced Def.dbd in the Database folder? If so, give us the screenshot of the scan.

 

Please post back asap so that we can update it to catch up with the final release.

 

 

 

Link to comment
Share on other sites

  • 1 month later...
  • 2 months later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...