Перейти к содержимому


Фото
- - - - -

Flaging IOBit Malware software with "Move" and others


  • Please log in to reply
7 ответов в этой теме

#1 chuckenheimer

chuckenheimer

    Newbie

  • Posters
  • 4 Сообщений:

Отправлено 25 Ноябрь 2015 - 21:25

New user here. Thanks for this forum.

 

Just having run CureIt on my system, I see multiple instances of IOBit entries for files in their subdirectory. Not sure if this is a legitmate flag or not so I'm waiting for advice.

 

I also see other entries for various software and have included the CureIt.log file for someone more knowledgeable than me to review, if that is possible. Well, I see there is a 10MB file size limitation and need to know what I should do to upload this file.

 

Thanks for any assistance offered.

 

Charles


Charles

 


#2 Dmitry_rus

Dmitry_rus

    Massive Poster

  • Helpers
  • 2 700 Сообщений:

Отправлено 25 Ноябрь 2015 - 22:17

Dr. Web (CureIt) considers IObit as a potentially unwanted program, not a virus, because IObit misuse can cause serious problems. You may add IObit in the exceptions list of SpiderGuard/Scanner, if it bothers you.



#3 chuckenheimer

chuckenheimer

    Newbie

  • Posters
  • 4 Сообщений:

Отправлено 26 Ноябрь 2015 - 00:52

Dr. Web (CureIt) considers IObit as a potentially unwanted program, not a virus, because IObit misuse can cause serious problems. You may add IObit in the exceptions list of SpiderGuard/Scanner, if it bothers you.

Dmitry,

 

Thanks for responding so quickly.

 

I just downloaded the free CureIt program and it this one I am using and had concerns about. I saw an exclusion tab on the Settings preference page and added IOBit there and will rescan. I was curious more about Dr. Web's considering the IOBit software as unwanted program and suggested a move operation to resolve the issue but don't suppose it will be a problem henceforth but still was unsure about how their software can cause serious problems for me. Would it be the registry modifcations that it may make or what exactly?

Also know that I saw flags for DVDVideoSoft programs that I use to convert my .3gp files to .mpg files and was curious about Dr. Web's view of this software as well. Also some Corel software is flagged as well and these all together cause me to wonder why they are all being flagged. Is it that they, too, can cause serious problems to my system?

 

Finally, is it not possible to upload my CureIt.log file so someone with more knowledge can interact with me before I allow CureIt to neutralize any of their suggestions? I would appreciate being able to do this and feel more comfortable about following through with the suggested neutralization process.

 

Thanks again for any help you may provide.

 

Charles


Charles

 


#4 Dmitry_rus

Dmitry_rus

    Massive Poster

  • Helpers
  • 2 700 Сообщений:

Отправлено 26 Ноябрь 2015 - 21:58

still was unsure about how their software can cause serious problems for me. Would it be the registry modifcations that it may make or what exactly?
Registry modification, incorrect uninstall procedures, etc. If you're advanced user and you REALLY KNOW what you're doing - ignore CureIt's warnings and relax. :)

There are a lot of discussions about IObit.

https://malwaretips.com/threads/iobit-products-useless-and-obsolete.45161/

as an example.

Unfortunately, I can't say about DVDVideoSoft. Probably it installs adware/toolbars in your system/browser.

http://www.techspot.com/downloads/5490-dvdvideosoft-free-studio.html(see Security Notes).

If you think that these were false alarms, you may report about it:

https://vms.drweb.com/sendvirus/?lng=en

category False Detection.

And finally, what are you going to do with your cureit.log? Do you need advice on what to do with the threats detected?

If so, upload your log on any FileSharing service, and provide a link here.



#5 chuckenheimer

chuckenheimer

    Newbie

  • Posters
  • 4 Сообщений:

Отправлено 27 Ноябрь 2015 - 19:00

Dmitry,

 

I am somewhat knowledgable about the topics you related and consider myself up to the task but had decided to use CureIt as an alternative to the softwares I currently utilize for system protection. I have used Dr. Web in the not so distant past but am employing others at this time and the real reason for my concern, and thus the selection of CureIt for its assistance, is that I happened upon a couple of websites that were flagged as inappropriate but chose to enter them against the cautions. Afterwards, I happened upon an indication that there was a registry "run" instance of a screen recording and editing software that I know I had not installed and grew concerned that I may have been hit by a drive by web installation of some nefarious software and wanted to root out this software but was not able to see any indication of it in any of the normal places where I looked for it. None of my other software found this offending software - other than the one indication of which I was first warned - therefore I went searching for alternative free software and ran across CureIt.

 

However, after running CureIt I became again concerned about the software that was being flagged there and immediately came here to these forums for assistance. Resultingly I want someone with more experience with Dr. Web's software to review the remaining flagged software in the cureit.log file I have uploaded to Wikisend at the following link:

http://wikisend.com/download/785344/cureit.log

 

and would appreciate anyone helping me to determine how I should configure the software to avoid "neutralizing" software I want to retain. Also, having seen a few discussions about how CureIt flags the hosts file on most peoples machines, I wanted to make sure to have this file left alone and remain where it is. Hopefully, this is more explanatory of my desires and why I am here to begin with.

 

Again, thanks for your continued assistance and I will await responses at this time.


Сообщение было изменено chuckenheimer: 27 Ноябрь 2015 - 19:02

Charles

 


#6 Dmitry_rus

Dmitry_rus

    Massive Poster

  • Helpers
  • 2 700 Сообщений:

Отправлено 28 Ноябрь 2015 - 13:26

I've looked your logs carefully.

Most of your threats are NOT viruses. A lot of entries in the log are about IObit/ASC software. IMHO, it's "fake" and useless software, which simulates rough activity (no doubt, it impresses newbies), but real useful results are about 0 (except wasting your disk).

Independent experts and computer scientists have studied the effectiveness of the software. They concluded that the software practically does NOT improve your PC, compared with the standard system maintenance programs. Defrag procedures are "built-in" in Win 7, including boot-time defrag (BTW, defrag in Win 7 IS smart, so SmartDefrag from IObit goes to Trash...). Registry fragmentation has almost no effect on performance, so defragmenting the registry every time - meaningless waste of time. DriverBooster can't boost your drivers... Should I continue? :)

Speaking shortly, all your threats are divided into 3 categories: riskware (program.unwanted, mostly from IObit), adware (Toolbars) and hacktools (from Panda).

All of these programs are not "real" viruses/trojans. Dr.Web/CureIt warns you about these programs, because it can be dangerous under certain conditions. For example, Panda_URL_Filtering.exe - is hacktool program Tool.InstallToolbar.176 (entry from your log). So, it installs Toolbar. Is it dangerous? No, if it's expected behavior (you run the program on their own and know what it does/should do).

Except 2 cases:

1. C:\Extracted\TorrentProv313ph4nt0mapk__11652_il89127.exe - infected with Trojan.Amonetize.11368

Check this file on VirusTotal.com

2. C:\Program Files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini - infected with Win32.HLLW.Gavir.ini

Programs from Lenovo create these strange files for some (unknown) reasons. It's false alarm.

So, CureIt just informs you on detection of a malicious object and prompts to neutralize threats by applying suitable actions. These actions are suggested in accordance with the settings on the tab Settings -> Actions.

You may select Ignore for your riskware/adware/hacktools. It instructs CureIt to skip these objects without performing any action or displaying a notification.

Then about the registry and HOSTS. CureIt is just "scanner-on-demand", it does not provide "real-time" protection. Unlike CureIt, Dr.Web provides realtime protection for critical areas of the registry. If CureIt detects changes in your HOSTS (for example, HOSTS has been modified by trojans/you), it prompts you to reset HOSTS to default. If you for some reasons use your own HOSTS, add this file in the Exclusions list.

 

Thanks for your questions. Hope, my tips will help to clarify the situation.


Сообщение было изменено Dmitry_rus: 28 Ноябрь 2015 - 13:30


#7 chuckenheimer

chuckenheimer

    Newbie

  • Posters
  • 4 Сообщений:

Отправлено 28 Ноябрь 2015 - 18:46

I've looked your logs carefully.

Most of your threats are NOT viruses. A lot of entries in the log are about IObit/ASC software. IMHO, it's "fake" and useless software, which simulates rough activity (no doubt, it impresses newbies), but real useful results are about 0 (except wasting your disk).

Independent experts and computer scientists have studied the effectiveness of the software. They concluded that the software practically does NOT improve your PC, compared with the standard system maintenance programs. Defrag procedures are "built-in" in Win 7, including boot-time defrag (BTW, defrag in Win 7 IS smart, so SmartDefrag from IObit goes to Trash...). Registry fragmentation has almost no effect on performance, so defragmenting the registry every time - meaningless waste of time. DriverBooster can't boost your drivers... Should I continue? :)

Speaking shortly, all your threats are divided into 3 categories: riskware (program.unwanted, mostly from IObit), adware (Toolbars) and hacktools (from Panda).

All of these programs are not "real" viruses/trojans. Dr.Web/CureIt warns you about these programs, because it can be dangerous under certain conditions. For example, Panda_URL_Filtering.exe - is hacktool program Tool.InstallToolbar.176 (entry from your log). So, it installs Toolbar. Is it dangerous? No, if it's expected behavior (you run the program on their own and know what it does/should do).

Except 2 cases:

1. C:\Extracted\TorrentProv313ph4nt0mapk__11652_il89127.exe - infected with Trojan.Amonetize.11368

Check this file on VirusTotal.com

2. C:\Program Files\Lenovo\Lenovo Solution Center\Microsoft Fix it\FixitUi\_desktop.ini - infected with Win32.HLLW.Gavir.ini

Programs from Lenovo create these strange files for some (unknown) reasons. It's false alarm.

So, CureIt just informs you on detection of a malicious object and prompts to neutralize threats by applying suitable actions. These actions are suggested in accordance with the settings on the tab Settings -> Actions.

You may select Ignore for your riskware/adware/hacktools. It instructs CureIt to skip these objects without performing any action or displaying a notification.

Then about the registry and HOSTS. CureIt is just "scanner-on-demand", it does not provide "real-time" protection. Unlike CureIt, Dr.Web provides realtime protection for critical areas of the registry. If CureIt detects changes in your HOSTS (for example, HOSTS has been modified by trojans/you), it prompts you to reset HOSTS to default. If you for some reasons use your own HOSTS, add this file in the Exclusions list.

 

Thanks for your questions. Hope, my tips will help to clarify the situation.

Stellar! Thanks for confirming my suspicions. You are a very helpful resource here for Dr. Web software and I truly appreciate your taking the time to assist. Now I'm off to make certain changes which you have suggested and feeling much more confident about my system's integrity.


Charles

 


#8 Dmitry_rus

Dmitry_rus

    Massive Poster

  • Helpers
  • 2 700 Сообщений:

Отправлено 29 Ноябрь 2015 - 02:40

However, it is NOT recommended to ignore the whole category entirely: if you happen to catch a malicious program in the future, CureIt not warn you about this. Results can be disastrous. If you've decided to continue using such software, add files/pathes in the Exclusions. Every known good program - separately. Yes, it takes more time, but the protection will not suffer in this case.




Читают тему: 0

0 пользователей, 0 гостей, 0 скрытых