03-18-2017 , 09:58 PM
https://forums.malwarebytes.com/topic/19...m-care-10/
Advanced System Care 10
Started by Calico, Wednesday at 01:18 PM
Advanced System Care 10
Started by Calico, Wednesday at 01:18 PM
pup
10 posts in this topic
Calico
New Member
Topic Starter
Calico
Members
1 post
ID: 1 Posted Wednesday at 01:18 PM
Until this morning, I'd been using IoBit's Advanced System Care, and Malwarebytes as my primary protection against viruses and malware. But this morning, Malwarebytes quarantined the entire ASC programme on my desktop. Maybe it's a result of updating ASC to version 10 last night... but I'm not sure why it would flag on MB all the same, when it never has done before?
Is it actually malware? It's never caused a problem before? So is this just a false positive due to the update, or not? I don't know how to be sure because MB doesn't give you much information on why it's been flagged.
But right now, with the entire programme moved to quarantine, I only have one source of protection, and I relied on ASC to clean out my RAM since I do animation which puts it into high usage.
I'm not sure what to do now because I've not had this issue before?
karrstar
New Member
karrstar
Members
2 posts
ID: 2 Posted Wednesday at 01:27 PM
This has just happened to me this morning.
I had to restore and reboot computer to get it back. Why is this happening.
jd6699
New Member
jd6699
Members
1 post
ID: 3 Posted Wednesday at 01:38 PM
I have exactly the same issue. Full ASC10 Pro installation quarantined - product appears to have been defined as a PUP (PUP.Optional.AdvancedSystemCare) by MalwareBytes. Very strange without any explanation.
Novalee
New Member
Novalee
Members
1 post
ID: 4 Posted Wednesday at 01:45 PM
Same thing happened to me, I saved my log to a txt file too just in case.
Porthos
Elite Member
Porthos
Malware Hunters
1,464 posts
Location: San Antonio Texas
ID: 5 Posted Wednesday at 01:57 PM
On 3/15/2017 at 10:18 AM, Calico said:
Is it actually malware?
No it is a PUP. Programs like that one have "System Optimizing" functions that is why it is detected as a Potentially Unwanted Program (PUPs)
https://blog.malwarebytes.com/malwarebyt...r-on-pups/
DontBB
New Member
DontBB
Members
3 posts
ID: 6 Posted Wednesday at 04:09 PM
I had this problem to. What a nightmare. Crashed my PC and wouldn't let me sign in temporarily - had to do a profile fix in the registry. This need's to be removed, it is detecting about 50 files and is impossible to stop it, as it loops, you have to re-boot to make an exception/ restore the files, and then when you do it wants you to do the same thing again. Had to boot in safe mode and stop malwarebytes booting up so I could then go in and remove them.
DontBB
New Member
DontBB
Members
3 posts
ID: 7 Posted Wednesday at 04:31 PM
Here are all the files affected so far:
advanced systemcare.png
karrstar
New Member
karrstar
Members
2 posts
ID: 8 Posted Wednesday at 05:01 PM (edited)
On 3/15/2017 at 10:57 AM, Porthos said:
No it is a PUP. Programs like that one have "System Optimizing" functions that is why it is detected as a Potentially Unwanted Program (PUPs)
https://blog.malwarebytes.com/malwarebyt...r-on-pups/
So if I am reading that right, it is potentially, not absolutely, unwanted. Presumably, you would want to avoid what happened to DontBB. I nearly had that scenario in that I had to reboot, restore and then it still tried to quarantine ASC. It was not until I used the "Exclusions" tab to exclude the folder and contents that my PC was back to normal.
I understand that the vast majority of PUPs are totally unwanted but as ASC had shown no signs of creating anything untoward re my PC's operational ability, I am at a loss as to this dangerous occurrence. This was not just a PUP but 526+ files MWB quarantined as PUPs!
Hopefully given that I have used the "exclusion" facility, the next scan will not identify and quarantine the product again.
If ASC is as potentially dangerous as MWB thinks it is , then maybe MWB could give some further explanation as to why I should remove it. Happy to be convinced.
Cheers
Karr
Edited Wednesday at 05:01 PM by karrstar
Porthos
Elite Member
Porthos
Malware Hunters
1,464 posts
Location: San Antonio Texas
ID: 9 Posted Wednesday at 05:08 PM
On 3/15/2017 at 2:01 PM, karrstar said:
If ASC is as potentially dangerous as MWB thinks it is , then maybe MWB could give some further explanation as to why I should remove it. Happy to be convinced.
I'm sorry to say some people can never be convinced. It has the PUP classification because it has "optimizing,registry cleaning ect functionality.)
pbust
Staff
pbust
Staff
3,303 posts
Location: Earth
ID: 10 Posted Wednesday at 05:20 PM
Our Research Team has been monitoring this application for some time and has decided to add detection based on triggers against our PUP detection criteria.
https://blog.malwarebytes.com/malwarebyt...r-on-pups/
The detection is correct and not a false positive. We will continue monitoring this application and if we notice a change in the behavior we will review it again.
If for whatever reason you want to continue using Advanced SystemCare, you can simply uncheck the detections and click Next after a scan with MBAM, and the prompt will ask you if you want to "Ignore Once" or "Ignore Always". If you Ignore Always it won't be detected any more.
Advanced System Care 10
Started by Calico, Wednesday at 01:18 PM
Advanced System Care 10
Started by Calico, Wednesday at 01:18 PM
pup
10 posts in this topic
Calico
New Member
Topic Starter
Calico
Members
1 post
ID: 1 Posted Wednesday at 01:18 PM
Until this morning, I'd been using IoBit's Advanced System Care, and Malwarebytes as my primary protection against viruses and malware. But this morning, Malwarebytes quarantined the entire ASC programme on my desktop. Maybe it's a result of updating ASC to version 10 last night... but I'm not sure why it would flag on MB all the same, when it never has done before?
Is it actually malware? It's never caused a problem before? So is this just a false positive due to the update, or not? I don't know how to be sure because MB doesn't give you much information on why it's been flagged.
But right now, with the entire programme moved to quarantine, I only have one source of protection, and I relied on ASC to clean out my RAM since I do animation which puts it into high usage.
I'm not sure what to do now because I've not had this issue before?
karrstar
New Member
karrstar
Members
2 posts
ID: 2 Posted Wednesday at 01:27 PM
This has just happened to me this morning.
I had to restore and reboot computer to get it back. Why is this happening.
jd6699
New Member
jd6699
Members
1 post
ID: 3 Posted Wednesday at 01:38 PM
I have exactly the same issue. Full ASC10 Pro installation quarantined - product appears to have been defined as a PUP (PUP.Optional.AdvancedSystemCare) by MalwareBytes. Very strange without any explanation.
Novalee
New Member
Novalee
Members
1 post
ID: 4 Posted Wednesday at 01:45 PM
Same thing happened to me, I saved my log to a txt file too just in case.
Porthos
Elite Member
Porthos
Malware Hunters
1,464 posts
Location: San Antonio Texas
ID: 5 Posted Wednesday at 01:57 PM
On 3/15/2017 at 10:18 AM, Calico said:
Is it actually malware?
No it is a PUP. Programs like that one have "System Optimizing" functions that is why it is detected as a Potentially Unwanted Program (PUPs)
https://blog.malwarebytes.com/malwarebyt...r-on-pups/
DontBB
New Member
DontBB
Members
3 posts
ID: 6 Posted Wednesday at 04:09 PM
I had this problem to. What a nightmare. Crashed my PC and wouldn't let me sign in temporarily - had to do a profile fix in the registry. This need's to be removed, it is detecting about 50 files and is impossible to stop it, as it loops, you have to re-boot to make an exception/ restore the files, and then when you do it wants you to do the same thing again. Had to boot in safe mode and stop malwarebytes booting up so I could then go in and remove them.
DontBB
New Member
DontBB
Members
3 posts
ID: 7 Posted Wednesday at 04:31 PM
Here are all the files affected so far:
advanced systemcare.png
karrstar
New Member
karrstar
Members
2 posts
ID: 8 Posted Wednesday at 05:01 PM (edited)
On 3/15/2017 at 10:57 AM, Porthos said:
No it is a PUP. Programs like that one have "System Optimizing" functions that is why it is detected as a Potentially Unwanted Program (PUPs)
https://blog.malwarebytes.com/malwarebyt...r-on-pups/
So if I am reading that right, it is potentially, not absolutely, unwanted. Presumably, you would want to avoid what happened to DontBB. I nearly had that scenario in that I had to reboot, restore and then it still tried to quarantine ASC. It was not until I used the "Exclusions" tab to exclude the folder and contents that my PC was back to normal.
I understand that the vast majority of PUPs are totally unwanted but as ASC had shown no signs of creating anything untoward re my PC's operational ability, I am at a loss as to this dangerous occurrence. This was not just a PUP but 526+ files MWB quarantined as PUPs!
Hopefully given that I have used the "exclusion" facility, the next scan will not identify and quarantine the product again.
If ASC is as potentially dangerous as MWB thinks it is , then maybe MWB could give some further explanation as to why I should remove it. Happy to be convinced.
Cheers
Karr
Edited Wednesday at 05:01 PM by karrstar
Porthos
Elite Member
Porthos
Malware Hunters
1,464 posts
Location: San Antonio Texas
ID: 9 Posted Wednesday at 05:08 PM
On 3/15/2017 at 2:01 PM, karrstar said:
If ASC is as potentially dangerous as MWB thinks it is , then maybe MWB could give some further explanation as to why I should remove it. Happy to be convinced.
I'm sorry to say some people can never be convinced. It has the PUP classification because it has "optimizing,registry cleaning ect functionality.)
pbust
Staff
pbust
Staff
3,303 posts
Location: Earth
ID: 10 Posted Wednesday at 05:20 PM
Our Research Team has been monitoring this application for some time and has decided to add detection based on triggers against our PUP detection criteria.
https://blog.malwarebytes.com/malwarebyt...r-on-pups/
The detection is correct and not a false positive. We will continue monitoring this application and if we notice a change in the behavior we will review it again.
If for whatever reason you want to continue using Advanced SystemCare, you can simply uncheck the detections and click Next after a scan with MBAM, and the prompt will ask you if you want to "Ignore Once" or "Ignore Always". If you Ignore Always it won't be detected any more.