ASC 7.1.0.399 Installation File Appears To Be Malware Infested

[Buddahfan]

1. I finally got around to downloading ASC 7.1.0.399 from the "Download" link at MajorGeeks provided in the News and What's New section of the IObit forum.

 

2. The "Express" install includes

A. IObit Apps Toolbar & Extension by Spigot

B. Make Yahoo your default search provider

C. Make Yahoo my home and startup page.

 

3. I chose the "Advanced" install and unchecked all three.

 

4. I then clicked "Install" amd Malwarebytes indentified

A. Two Backdoor.Bots

c:\Program Files (x86)\IObit\Start Menu8\StartMenu8_fmStartMenuLibrary.exe

c:\Users\xxxx\AppData\Local\Temp\is-PPOUQ.tmp\ToolbarAcceptRate.exe

B. One Trojan.FakeAV

c:\Program Files (x86)\IObit\Start Menu8\StartMenu8_About.exe

 

5. The install file is named "advanced-systemcare-setup.exe" and not "asc7-setup.exe" as privious ASC 7 install files have been named.

 

6. The install file indentifies itself as File Version 7.1.0.389 although the installed program says I have installed 7.1.0.399

 

7. The size of the install file is 36,162,360 bytes and size on the disk is 36,163,584 bytes

 

8. The signer of the file is IObit Information Technology

 

9. The signing time is Jan 8, 2014 12:28:08 AM

 

I had Malwarebyte delete the three files

 

10. The installation places a icon link on the Windows taskbar for W7, W8 and W8.1. I removed the icon link.

 

These IObit installer files keep getting worse and worse.:evil:

[enoskype]

Could they be FP by Malwarebytes?

 

Hi Buddahfan,

 

Did you check the concerned files in VirusTotal?

 

If not, please do it, so IObit can investigate them.

 

(I think re-installing on top will only change those concerned 3 files, so not much of a problem, I suppose. :lol:)

 

Other than your #4, the rest of your list is as is.

 

Cheers.

 

EDIT:

Both files are analyzed before without Malwarebytes in VirusTotal without any flag.

 

I can't find ToolbarAcceptRate.exe in my PC as temp files are constantly cleaned.

 

Here are the analysis of the files from ASC 7.1 from my PC:

 

StartMenu8_About.exe VirusTotal Report

 

SHA256 : 95eedbf1e886861b3459270f6aca4fe39c3ecdd0aa91ce5f9312fbb7e140beee

File name : StartMenu8_About.exe

Detection ratio : 1/50 =========================> 1 is only Malwarebytes

Analysis date : 2014-01-24 01:12:57 UTC ( 0 minutes ago )

---------------------------------------------------------------------------------------------------------

 

StartMenu8_fmStartMenuLibrary.exe VirusTotal Report

 

SHA256 : 50a189a2177826752d06cfc165e8d3e71e799e20794c45159fa6be94deaf35d1

File name : StartMenu8_frmStartMenuLibrary.exe

Detection ratio : 1/49 =========================> 1 is only Malwarebytes

Analysis date : 2014-01-24 01:17:29 UTC ( 3 minutes ago )

-------------------------------------------------------------------------------------------------------------

Malwarebytes says both are backdoor bots, so one of them is not Trojan.FakeAV as said in Malwarebytes analysis in your PC.?!?!?!?!?!

.

.

[Buddahfan]

Hi Buddahfan,

 

Did you check the concerned files in VirusTotal?

 

If not, please do it, so IObit can investigate them.

 

(I think re-installing on top will only change those concerned 3 files, so not much of a problem, I suppose. :lol:)

 

Other than your #4, the rest of your list is as is.

 

Cheers.

 

EDIT:

Both files are analyzed before without Malwarebytes in VirusTotal without any flag.

 

I can't find ToolbarAcceptRate.exe in my PC as temp files are constantly cleaned.

 

Here are the analysis of the files from ASC 7.1 from my PC:

 

StartMenu8_About.exe VirusTotal Report

 

SHA256 : 95eedbf1e886861b3459270f6aca4fe39c3ecdd0aa91ce5f9312fbb7e140beee

File name : StartMenu8_About.exe

Detection ratio : 1/50 =========================> 1 is only Malwarebytes

Analysis date : 2014-01-24 01:12:57 UTC ( 0 minutes ago )

---------------------------------------------------------------------------------------------------------

 

StartMenu8_fmStartMenuLibrary.exe VirusTotal Report

 

SHA256 : 50a189a2177826752d06cfc165e8d3e71e799e20794c45159fa6be94deaf35d1

File name : StartMenu8_frmStartMenuLibrary.exe

Detection ratio : 1/49 =========================> 1 is only Malwarebytes

Analysis date : 2014-01-24 01:17:29 UTC ( 3 minutes ago )

-------------------------------------------------------------------------------------------------------------

Malwarebytes says both are backdoor bots, so one of them is not Trojan.FakeAV as said in Malwarebytes analysis in your PC.?!?!?!?!?!

.

.

 

I had Malwarebytes delete them and have seen no ill effects from the deletions. Now while it is true that Malwarebytes is agressive with PUPs none of the three files were so identified by MBAM. While they could be FPs the backdoor.bot is especially worrisome given the privacy issues that are prevelant in today's computer world. See What is the Danger of the Backdoor.bot Worm? below.

 

Here is a definition of a backdoor.bot

 

 

What is the Backdoor.bot?

 

The backdoor.bot worm is known to spread slowly, but it does have damaging characteristics. The level of damage backdoor.bot causes is set at medium, but it does vary from computer to computer. When the file is packed, the usual file size is about 140KB. A large part of its affect is done on the total Internet bandwidth and your network activity. The backdoor.bot file is recognized as a worm that has spyware ability. The worm travels through the network, so it can easy move from one computer to the next.

 

What is the Danger of the Backdoor.bot Worm?

 

A large part of the backdoor.bot worm is that the attacker could connect to your computer and run commands on it. The attacker would be able to stop and start processes, read personal information, emails, run commands, view keystrokes and passwords. If you wish to remove or delete backdoor.bot, you will need your own copy of an antivirus program such as Malwarebytes or Bit Defender that are updated to remove the worm from your computer after a full virus scan.

 

Better to be safe than sorry when it comes to privacy.

 

Re StartMenu8_About.exe which I deleted. When I right click on SartMenu 8 and then click on "About" nothing happens. My guess is if you leave the file on the computer and click on "About" in StartMenu8 there could be an IObit anti-malware program that shows up with a suggestion to purchase it. Of course this is only a guess but would be consistant with the suggestion to purchase Smart Defrag Pro which you find when you click on the "Action Center" in ASC. Of course this is only a guess.

[enoskype]

I think you should discuss the VirusTotal reports of those files in MB forum, as there is a great probability that the flagging of them by MB is FALSE POSITIVE.

 

Also MB to flag one of the files with different definitions (on your PC and VirusTotal) is certainly questionable.

 

I have both of the files in my system and no such activity that you guess happens.

 

You are right to state that "Better to be safe than sorry when it comes to privacy", but IMHO, we should take care of the False Positives too. :wink:

In this specific case, as said in your quote, also behavior of Bit Defender should be considered. :idea:

 

Cheers.

[Xcom46]

Agreed Malwarebytes is giving a false positive with Trojan.FakeAV i have gotten that the first day i installed 7.1 ran a few more test and it was fine.

 

Where did you download ASC 7.1 from???

 

Just disable malwarebytes for the install and install it and then scan system again to see if it will pop up.

[aatr]

Do I have false positive?

 

Translated from Norwegian.

 

When I run ASC 7.1.0.399 Malware threats sometimes show Misleadning.FakeAV. When I search the internet I find that these are false positives. Bitdefender Total Security report nothing when I run it, it will also scan for Malware and false positives. What is false positive?

 

 

 

I also agree with Buddahfan that IObit installation files keep getting worse and worse, see below.

 

A. IObit Toolbar Apps & Extension by Spigot

B. Make Yahoo your default search provider

C. Make Yahoo my home page and startup.

 

Such as this does not belong in a serious program.

 

With each new update of ASC is added new features that make the program gets bigger and bigger and it's constantly complaining about bugs in the program.

 

ASC begins to resemble a Swiss knife over loaded with too many features, features that you might not need, and multiple application leads as known to more errors.

 

Cheers

[sunny staines]

all i can ay i on my computer with norton, SAS and MWAB none of these files were flagged up. I always decline the junk add on's like yahoo during install.