Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Advanced SystemCare Pro Review IObit Coupons A Good Utility Program From IObit IObit Driver Booster Pro Review IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs IObit Software Coupons & Promo Code

ASC.exe detected as a Trojan


Ulmwë
 Share

Recommended Posts

I don't know if I'm posting this in the right form area, but here's my problem.

Today, suddenly and for the 1st time since I bought a license for the pro version about a month ago, when launching ASC (I wasn't even doing an AV scan), my AV blocked it and thrown it into quarantine (deleted the ASC.exe file), as some dubious activity was detected on its part.

Here are the entries I got in my report. They all relate to ASC.exe, along entries in Windows Registry which ended up being deleted by my AV:

Event: Malicious object detected
User: <MyPCName>\<MyUserName>
User type: Active user
Component: System Watcher
Result description: Detected
Type: Trojan
Name: PDM:Trojan.Win32.Generic
Threat level: High
Object type: Process
Object path: e:\program files (x86)\iobit\advanced systemcare

Event: Blocked
User: <MyPCName>\<MyUserName>
User type: Active user
Component: System Watcher
Result description: Blocked
Type: Trojan
Name: PDM:Trojan.Win32.Generic
Threat level: High
Object type: Process
Object path: e:\program files (x86)\iobit\advanced systemcare

Event: Malicious object detected
User: <MyPCName>\<MyUserName>
User type: Active user
Component: System Watcher
Result description: Detected
Type: Trojan
Name: PDM:Trojan.Win32.Generic.nblk
Threat level: High
Object type: Process
Object path: e:\program files (x86)\iobit\advanced systemcare
Object name: asc.exe
Reason: Databases
Databases release date: Yesterday, 12/2/2021 11:59:00 AM

Event: Process terminated
User: <MyPCName>\<MyUserName>
User type: Active user
Component: System Watcher
Result description: Terminated
Type: Trojan
Name: PDM:Trojan.Win32.Generic.nblk
Threat level: High
Object type: Process
Object path: E:\Program Files (x86)\IObit\Advanced SystemCare
Object name: ASC.exe

Event: Object deleted
User: <MyPCName>\<MyUserName>
User type: Active user
Component: System Watcher
Result description: Deleted
Type: Trojan
Name: PDM:Trojan.Win32.Generic.nblk
Threat level: High
Object type: File
Object path: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks
Object name: {7D238796-20E7-4990-8A64-2FCAEB86216D}

Event: Object deleted
User: <MyPCName>\<MyUserName>
User type: Active user
Component: System Watcher
Result description: Deleted
Type: Trojan
Name: PDM:Trojan.Win32.Generic.nblk
Threat level: High
Object type: File
Object path: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree
Object name: ASC_SkipUac_<MyUserName>

Event: Object deleted
User: <MyPCName>\<MyUserName>
User type: Active user
Component: System Watcher
Result description: Deleted
Type: Trojan
Name: PDM:Trojan.Win32.Generic.nblk
Threat level: High
Object type: File
Object path: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain
Object name: {7D238796-20E7-4990-8A64-2FCAEB86216D}

Event: Object deleted
User: <MyPCName>\<MyUserName>
User type: Active user
Component: System Watcher
Result description: Deleted
Type: Trojan
Name: PDM:Trojan.Win32.Generic.nblk
Threat level: High
Object type: File
Object path: C:\Windows\System32\Tasks
Object name: ASC_SkipUac_<MyUserName>

Event: Object deleted
User: <MyPCName>\<MyUserName>
User type: Active user
Component: System Watcher
Result description: Deleted
Type: Trojan
Name: PDM:Trojan.Win32.Generic.nblk
Threat level: High
Object type: File
Object path: %HOMEPATH%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
Object name: Advanced SystemCare.lnk

Event: Object deleted
User: <MyPCName>\<MyUserName>
User type: Active user
Component: System Watcher
Result description: Deleted
Type: Trojan
Name: PDM:Trojan.Win32.Generic.nblk
Threat level: High
Object type: Process
Object path: e:\program files (x86)\iobit\advanced systemcare
Object name: asc.exe

Link to comment
Share on other sites

2 minutes ago, Scannan said:

Do you have a question or are you just sharing information?

Note: My ASC was the latest version since I bought a license a month ago; I'm using Kaspersky Antivirus (updated too).

My 2 questions are :

  1. In regard to the deleted entries in Windows registry and ASC.exe that was put into quarantine, what should I do to resolve this problem ?
  2. How come ASC.exe was detected as a Trojan, can this be addressed too?

Thanks in advance.

Edited by Ulmwë
Link to comment
Share on other sites

On 10/24/2021 at 9:36 AM, Scannan said:

There are many,many posts in the Forum dealing with this issue. If you read them you will quickly see that it is

a false positive. This has been an ongoing issue between Iobit and other software suppliers and malwarebytes.

So...no you did not waste your money. You need to temporarily disable Malwarebytes while you install ASC.

Then you should include ASC in the Malwarebytes ignore list.

3 hours ago, Scannan said:

Thank you. While I also thought about a false positive, I've posted my case because of two issues, the second one being the most important and still unanswered:

  1. In all logics (for what it's worth), if it was a false positive, it should have done this from day one when I 1st installed the software and tried to launch ASC.exe for the 1st time: it did this after about a month of regular use.
  2. However, I'll take your word for it, recover ASC.exe from quarantine and include ASC'S folder into the exclusion list. But, What about those registry entries that got deleted: should I just leave this issue as is (are they unimportant or get created on the fly)? Or, should I recreate those entries, and if so along what key values? Or, should I uninstall and then reinstall the software?
Edited by Ulmwë
Link to comment
Share on other sites

The reason it occurred after a month, is because Kapersky regularly updates their virus database and improve their detection algorithms.

This is a regular occurence with AV programs. False positives are common. However, you should always double check, as you have done.

Once you have removed ASC from quarantine, and included it in the ignore list, all should be well. If not, let us know.

As for the registry entries. Do not worry about them. Any necessary entries will be recreated again when you run ASC.

Registry entries are created all the time on your pc, as they are the instruction store for how windows deals with different functions/instructions.

Link to comment
Share on other sites

3 hours ago, Scannan said:

The reason it occurred after a month, is because Kapersky regularly updates their virus database and improve their detection algorithms.

This is a regular occurence with AV programs. False positives are common. However, you should always double check, as you have done.

Once you have removed ASC from quarantine, and included it in the ignore list, all should be well. If not, let us know.

As for the registry entries. Do not worry about them. Any necessary entries will be recreated again when you run ASC.

Registry entries are created all the time on your pc, as they are the instruction store for how windows deals with different functions/instructions.

Thanks, everything is back to normal now.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...