[ASC.exe detected as a Trojan]

3 hours ago, Scannan said:

The reason it occurred after a month, is because Kapersky regularly updates their virus database and improve their detection algorithms.

This is a regular occurence with AV programs. False positives are common. However, you should always double check, as you have done.

Once you have removed ASC from quarantine, and included it in the ignore list, all should be well. If not, let us know.

As for the registry entries. Do not worry about them. Any necessary entries will be recreated again when you run ASC.

Registry entries are created all the time on your pc, as they are the instruction store for how windows deals with different functions/instructions.

Thanks, everything is back to normal now.

[ASC.exe detected as a Trojan]

On 10/24/2021 at 9:36 AM, Scannan said:

There are many,many posts in the Forum dealing with this issue. If you read them you will quickly see that it is

a false positive. This has been an ongoing issue between Iobit and other software suppliers and malwarebytes.

So...no you did not waste your money. You need to temporarily disable Malwarebytes while you install ASC.

Then you should include ASC in the Malwarebytes ignore list.

3 hours ago, Scannan said:

https://forums.iobit.com/topic/18485-why-does-malwarebytes-keeps-quarantining-advanced-systemcare-15-pro/#comment-117292

While the post refers to a different AV program, the issue is the same.

Thank you. While I also thought about a false positive, I've posted my case because of two issues, the second one being the most important and still unanswered:

1. In all logics (for what it's worth), if it was a false positive, it should have done this from day one when I 1st installed the software and tried to launch ASC.exe for the 1st time: it did this after about a month of regular use.
2. However, I'll take your word for it, recover ASC.exe from quarantine and include ASC'S folder into the exclusion list. But, What about those registry entries that got deleted: should I just leave this issue as is (are they unimportant or get created on the fly)? Or, should I recreate those entries, and if so along what key values? Or, should I uninstall and then reinstall the software?

[About the Included file recovery]

On 10/28/2021 at 11:34 PM, Cicely said:

Sorry for any issue you encountered. We are not very clear about it. Would you please provide us more details and the relevant screenshots? Thank you.

Have a nice day!

Sure. But first I'll have to resolve an issue that I've posted on another forum in regard to an AV Trojan detection, which deleted registry entries related to ASC (I finally bought a license about a month ago), along throwing the ASC.exe program into quarantine lol... When it'll get answered, I'll post a screen capture and more explanation (sorry about this).

[ASC.exe detected as a Trojan]

2 minutes ago, Scannan said:

Do you have a question or are you just sharing information?

Note: My ASC was the latest version since I bought a license a month ago; I'm using Kaspersky Antivirus (updated too).

My 2 questions are :

1. In regard to the deleted entries in Windows registry and ASC.exe that was put into quarantine, what should I do to resolve this problem ?
2. How come ASC.exe was detected as a Trojan, can this be addressed too?

Thanks in advance.

[ASC.exe detected as a Trojan]

I don't know if I'm posting this in the right form area, but here's my problem.

Today, suddenly and for the 1st time since I bought a license for the pro version about a month ago, when launching ASC (I wasn't even doing an AV scan), my AV blocked it and thrown it into quarantine (deleted the ASC.exe file), as some dubious activity was detected on its part.

Here are the entries I got in my report. They all relate to ASC.exe, along entries in Windows Registry which ended up being deleted by my AV:

Event: Malicious object detected
User: <MyPCName>\<MyUserName>
User type: Active user
Component: System Watcher
Result description: Detected
Type: Trojan
Name: PDM:Trojan.Win32.Generic
Threat level: High
Object type: Process
Object path: e:\program files (x86)\iobit\advanced systemcare

Event: Blocked
User: <MyPCName>\<MyUserName>
User type: Active user
Component: System Watcher
Result description: Blocked
Type: Trojan
Name: PDM:Trojan.Win32.Generic
Threat level: High
Object type: Process
Object path: e:\program files (x86)\iobit\advanced systemcare

Event: Malicious object detected
User: <MyPCName>\<MyUserName>
User type: Active user
Component: System Watcher
Result description: Detected
Type: Trojan
Name: PDM:Trojan.Win32.Generic.nblk
Threat level: High
Object type: Process
Object path: e:\program files (x86)\iobit\advanced systemcare
Object name: asc.exe
Reason: Databases
Databases release date: Yesterday, 12/2/2021 11:59:00 AM

Event: Process terminated
User: <MyPCName>\<MyUserName>
User type: Active user
Component: System Watcher
Result description: Terminated
Type: Trojan
Name: PDM:Trojan.Win32.Generic.nblk
Threat level: High
Object type: Process
Object path: E:\Program Files (x86)\IObit\Advanced SystemCare
Object name: ASC.exe

Event: Object deleted
User: <MyPCName>\<MyUserName>
User type: Active user
Component: System Watcher
Result description: Deleted
Type: Trojan
Name: PDM:Trojan.Win32.Generic.nblk
Threat level: High
Object type: File
Object path: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks
Object name: {7D238796-20E7-4990-8A64-2FCAEB86216D}

Event: Object deleted
User: <MyPCName>\<MyUserName>
User type: Active user
Component: System Watcher
Result description: Deleted
Type: Trojan
Name: PDM:Trojan.Win32.Generic.nblk
Threat level: High
Object type: File
Object path: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree
Object name: ASC_SkipUac_<MyUserName>

Event: Object deleted
User: <MyPCName>\<MyUserName>
User type: Active user
Component: System Watcher
Result description: Deleted
Type: Trojan
Name: PDM:Trojan.Win32.Generic.nblk
Threat level: High
Object type: File
Object path: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain
Object name: {7D238796-20E7-4990-8A64-2FCAEB86216D}

Event: Object deleted
User: <MyPCName>\<MyUserName>
User type: Active user
Component: System Watcher
Result description: Deleted
Type: Trojan
Name: PDM:Trojan.Win32.Generic.nblk
Threat level: High
Object type: File
Object path: C:\Windows\System32\Tasks
Object name: ASC_SkipUac_<MyUserName>

Event: Object deleted
User: <MyPCName>\<MyUserName>
User type: Active user
Component: System Watcher
Result description: Deleted
Type: Trojan
Name: PDM:Trojan.Win32.Generic.nblk
Threat level: High
Object type: File
Object path: %HOMEPATH%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
Object name: Advanced SystemCare.lnk

Event: Object deleted
User: <MyPCName>\<MyUserName>
User type: Active user
Component: System Watcher
Result description: Deleted
Type: Trojan
Name: PDM:Trojan.Win32.Generic.nblk
Threat level: High
Object type: Process
Object path: e:\program files (x86)\iobit\advanced systemcare
Object name: asc.exe

[About the Included file recovery]

I really like the file recovery UI that comes with ASC (downloaded for free when clicking on it). Unfortunately, the result UI itself is almost unusable : we can't expand the window in order to see more information like file path, and there's no way to sort by file type (video/picture/program/document/etc.), which makes up for a very poor usability.

[YOU SUCK I WANT MY MONEY BACK.]

I'm just passing by but I'm curious: what "sucks"? I use Smart Defrag without issue, but I'm not a pro in regard to defragmentation tools and market alternatives: is it a matter of performance? Software glitches ? Efficiency of the defragmentation ? ...? Could you please be more specific. On my part it works flawlessly...

[Seriously pissed off with IOBits colloboration with ITop]

On 9/6/2021 at 4:59 AM, Cicely said:

I have forwarded your concern to our product team and market team. They will consider this kind of marketing activities and make a better balance in future.

And you can always refuse to install it or you can remove it if you installed it accidently.

This is a serious matter, and I fully understand OP's concerns. In all respect, here are two scenarios that iObit, who's pretending to offer solutions that are part of fighting malware/spamware/spyware/viruses, should, or better said, must be aware of : what it should be; what it otherwise would be.

Since the advent of the Web, experiences of vendors and services alike having activities on the Web along a growing client base came up with ethical behaviors that makes the Web a better environment for everyone, for user as well or as for businesses. Some are not enforced by formal legislations while counting on everyone's good will, however they could become as such if they continue to get ignored.

What it should be

For free product versions, users understand they'd maybe have to endure advertisements for other products. Even from third parties, although this would be a tricky business for the provider as these products are then considered to be "adware" (and to some extent "spyware"). It's normal, they know the developer/vendor should get something in return. Some clever developers actually use these as bridges towards their flagship products asking for a paid license (their advertisement being their free  products): that's what iObit does btw.

What it otherwise would be

The aggravation rises when users pay for a product that keeps acting as if they'd never paid anything, in regard to your  advertisement activities/revenues: the common, justified and legitimate perception being that even though they've paid for a product, the company continues to consider them as their ow products for selling advertisements, as an asset for consolidating advertisement revenues or the object of whatever agreement iObit could come up with third parties! Your paying customers are people, as the word "customers" implies, not "assets" that can be sold out to advertising customers or third party partners.

Imagine if every business on the Web was acting like this : we'd go back something like 10-20 years ago when it became a real problem, and the main reason for installing spamware/malware/spyware/adware fighters 😉.

In short - it's not because something would allow you to make more money, that it's necessarily good: since you're dealing with human beings rather than mere "economical agents", there's a backdraft in the balance and to take into consideration. For instance, paying customers who stop to be paying customers (losing some grounds on your customer base), as the OP implies: it's a matter of mutual respect...

Simple Solutions

For paying customers, there could be two possibilities:

1. op-out from advertising e-mails;
2. when a customer leaves an advertised product like iTop VPN on the side (maybe they don't want a VPN or already have one), then iObit should STOP feeding them with such, permanently, unless the customer chooses to change that behavior from some option parameter.

 

Iobit makes great products that can speak for themselves, which is why I took the time to write this post, in all respect. Please, accept my best regards and have a good continuation.