dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1857
art22gg
Premium Member
join:2005-02-16
Courtenay, BC

art22gg

Premium Member

Auslogics Disk Defrag (free) ...FP or???

I just finished DL the latest version (4.4.2.0) setup installer,and as I usually do scanned it with Jotti and Virus Total..
Eset,s NOD32 is reporting that it has Win32/OpenCandy.A in it...All other scanners are saying it is clean....
Has anyone else seen this?...Don,t use Nod32 myself,so don,t know whether I can upload it to them..
The file in question was DL directly from Auslogics web site...

lordpuffer
Legalize It Joe!
Premium Member
join:2004-09-19
Old Town, ME
Nokia XS-110G-A
Linksys Velop MX5300

1 edit

lordpuffer

Premium Member

I have 4.4.2.0 installed. I just ran a "Quick Scan" with the latest version of Avast Pro Antivirus, ran full scans with both Malwarebytes and Superantispyware after updating to 4.4.2.0, nothing detected.

My guess is a FP. Check their forum to make sure.

dib22
join:2002-01-27
Kansas City, MO

1 recommendation

dib22 to art22gg

Member

to art22gg
If you mean this website:

»www.auslogics.com/en/sof ··· -defrag/

You will notice it is using download.com.

The download I get from download.com flags as a InstallMonetizer which is pretty normal (sadly) for download.com.
art22gg
Premium Member
join:2005-02-16
Courtenay, BC

art22gg

Premium Member

said by dib22:

If you mean this website:

»www.auslogics.com/en/sof ··· -defrag/

No..Not that one!.I never DL from there...underneath is a site where it says to alternatively DL from there site..(Auslogics)
art22gg

art22gg to lordpuffer

Premium Member

to lordpuffer
I have checked with exactly the same programs as you,and I concur with you that they show "clean"...Have submitted the file to Eset,but they say it usually takes at least 2 days for any reply,so am going to hold off on installing....Don,t need "Open Candy"if indeed it is in there...

lordpuffer
Legalize It Joe!
Premium Member
join:2004-09-19
Old Town, ME

lordpuffer

Premium Member

That's a good idea, and a safe one.

I'm trying to remember if I downloaded this from Auslogics' site or from download.com. Unfortunately, I don't remember.

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

Blackbird to art22gg

Premium Member

to art22gg
said by art22gg:

said by dib22:

If you mean this website:

»www.auslogics.com/en/sof ··· -defrag/

No..Not that one!.I never DL from there...underneath is a site where it says to alternatively DL from there site..(Auslogics)

Interesting. When I go to: »www.auslogics.com/en/sof ··· -defrag/, the site download originates from C/Net, and there are no alternates listed on the page. Perhaps some regional filtering at work?

dib22
join:2002-01-27
Kansas City, MO

dib22

Member

said by Blackbird:

the site download originates from C/Net, and there are no alternates listed on the page.

Same here. Wonder if he is suffering from an injection attack?
Expand your moderator at work

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

1 recommendation

Name Game to art22gg

Premium Member

to art22gg

Re: Auslogics Disk Defrag (free) ...FP or???

When time to update it..I only use filehippo to get it..all others seem to want first to give you crap..

»www.filehippo.com/downlo ··· _defrag/

You also might like to try wise disk cleaner which has a built in defrag and much more to clean up a PC..have used it on a versions of windows from winxp to win8 and never had a hickup with it.

I always download it from majorgeeks site

»www.majorgeeks.com/files ··· ner.html

But never had a problem yet getting it from here
»www.wisecleaner.com/wise ··· ree.html

sbconslt
join:2009-07-28
Los Angeles, CA

sbconslt

Member

defrag c: /u /v /h

dib22
join:2002-01-27
Kansas City, MO

dib22 to Anon

Member

to Anon
said by sbconslt:

There's a direct link here:

Interesting I do see OpenCandy via Eset on that direct link!

MD5 hash:
78d0e9be22ec30b85607531b8b79e039

the one from cnet (in which I see InstallMonetizer) has MD5 of:
17c90b287476b5e2c9eca9757317a94c

the one from FileHippo shows InstallMonetizer and has MD5 of:
17c90b287476b5e2c9eca9757317a94c

Interesting that eset is the only one hitting on both versions.

sbconslt
join:2009-07-28
Los Angeles, CA

2 recommendations

sbconslt

Member

OpenCandy is in a grey area as far a threats go, so use your judgment. It's not necessarily bad to run an installer packed with OpenCandy as long as you decline the offer. In some cases you won't see anything from it (such as if mvps hosts file is present, blocking OpenCandy domains). It does not drop a persistent or malicious payload. It's a privacy and performance risk.

Because of being in this ambiguous part of the threat scape some AV vendors don't detect OpenCandy at all. Others classify it in a different bucket than malicious threats. So that is why you were seeing a mix of results on virus total. On the other hand, installer bundlers are a massive and underappreciated security concern. I often think that users should organize against the practice by demanding clean installers or voting with their feet.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game to dib22

Premium Member

to dib22
Click for full size
Bummer ..have to take that back on filehippo being clean..had not updated auslogic defrag for a while and now that I install this new version 4.4.2.0, I have to decline the junk

dib22
join:2002-01-27
Kansas City, MO

dib22

Member

said by Name Game:

Bummer ..have to take that back on filehippo being clean.

Well looks like I incorrectly blamed cnet, but since both places have this installer (installmonitizer) it looks like it is squarely in auslogics court.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game

Premium Member

That is what I am thinking this go around
Jrb2
Premium Member
join:2001-08-31

1 recommendation

Jrb2 to art22gg

Premium Member

to art22gg
For your info:
There is a very recent thread at Wilders about the same thing:
"Warning about Auslogic Defrag Free"
»www.wilderssecurity.com/ ··· t=358815

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

1 recommendation

Name Game

Premium Member

Thanks Jan..really like that tool..but the wise disk cleaner also seems to do a nice job so I might start telling friend to use it instead.
art22gg
Premium Member
join:2005-02-16
Courtenay, BC

art22gg

Premium Member

This is the site where I made the initial DL...link..»www.auslogics.com/en/sof ··· ownload/

Notice right under where you can DL from CNET,where it says you can "alternatively" get it from there website!!

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

Blackbird

Premium Member

said by art22gg:

This is the site where I made the initial DL...link..»www.auslogics.com/en/sof ··· ownload/
Notice right under where you can DL from CNET,where it says you can "alternatively" get it from there website!!

That's fascinating... the two URLs give you two entirely different-looking pages, with differing download options:

h ttp://www.auslogics.com/en/software/disk-defrag/
h ttp://www.auslogics.com/en/software/disk-defrag/download/
(links deliberately broken to illustrate the full URLs here)

That, of itself, I find troubling. It reminds me of that old shell game... guess which of the 3 shells the pea is under. Too many "games" are being played with this product's distribution, and that has to be with the consent of the maker, so I'll remember to give it a wide berth from here on...

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline to art22gg

Premium Member

to art22gg
Most flag something or another - what flagged via FileHippo

lordpuffer
Legalize It Joe!
Premium Member
join:2004-09-19
Old Town, ME
Nokia XS-110G-A
Linksys Velop MX5300

lordpuffer to art22gg

Premium Member

to art22gg
I found that I had downloaded 4.4.2.0 from the direct link on Auslogics' site. So, even though no scan detects it, I probably got OpenCandy with it.

I read the thread at Wilders, and it seams that it may only be just adware, as has been posted above. I don't want it on my system (if it's even there), but I guess it can't hurt anything by having it there.
art22gg
Premium Member
join:2005-02-16
Courtenay, BC

1 recommendation

art22gg

Premium Member

I received this E-Mail from ESET this AM..(very fast response after submitting file yesterday)...

Quote: "Hello,
the detection is correct. The installation package contains OCSetupHlp.dll which is detected as a potentially unsafe application. Detection of potentially unsafe applications is disabled by default and it's at users' discretion whether they want to detect them or not.

Regards,

ESET Malware Response Team

I probably will not be using Auslogics products again until this is corrected by them..Big Shame...

lordpuffer
Legalize It Joe!
Premium Member
join:2004-09-19
Old Town, ME
Nokia XS-110G-A
Linksys Velop MX5300

lordpuffer

Premium Member

said by art22gg:

I received this E-Mail from ESET this AM..(very fast response after submitting file yesterday)...

Quote: "Hello,
the detection is correct. The installation package contains OCSetupHlp.dll which is detected as a potentially unsafe application. Detection of potentially unsafe applications is disabled by default and it's at users' discretion whether they want to detect them or not.

Regards,

ESET Malware Response Team

I probably will not be using Auslogics products again until this is corrected by them..Big Shame...

Just for informational purposes, I did a search for OCSetupHlp.dll on my Win 7 64 bit Home Premium machine that has Auslogics Disk Defrag 4.4.2.0 on it, and it didn't find it (that does not mean that it is not there).

I did download 4.4.2.0 directly from Auslogics site. I found many OCSetup entries from 2010, which was before I bought the machine.

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline to art22gg

Premium Member

to art22gg
Thanks art22gg See Profile

Based on what ESET replied - the software is now bundled with OpenCandy

This should not be construed as an official statement from ESET.

For those that may wish to submit samples to ESET as Art did.

lordpuffer
Legalize It Joe!
Premium Member
join:2004-09-19
Old Town, ME
Nokia XS-110G-A
Linksys Velop MX5300

lordpuffer to art22gg

Premium Member

to art22gg
Click for full size
Eset Online Scan
As I posted above, I downloaded 4.4.2.0 directly from Auslogics' site. I no longer have the installation file, for I deleted that after the install. I just ran the above Eset online scan and it found nothing.

If OpenCandy is detected by Eset in the installation file, wouldn't it pick it up with the scan that I ran, since it must be somewhere on my system?

sbconslt
join:2009-07-28
Los Angeles, CA

2 recommendations

sbconslt

Member

Like I mentioned earlier it doesn't drop a persistent payload. It drops OCSetupHlp.dll to %temp% for a short time but it cleans up after it finishes doing its thing. Or that has been my experience with it anyway.

OpenCandy is detected as "possibly unwanted", "potentially unsafe", etc. because it's advertising, not because it's malicious in the direct sense. Distributors of garbage software packages, perhaps having business models based around advertising or the sale of your information, which you wouldn't want and should not install on your system, pay OpenCandy to get offered by the OpenCandy bundler after you finish installing the primary thing you were installing. Then OpenCandy pays a portion of the money to the purveyor of the primary, presumably legitimate software you're trying to install to get attached to their installer.

None of this is done with your best interests in mind as the user, hence the classification by some detection engines. The only positive externality OpenCandy throws off is it might help fund the development of useful software by small developers (the primary thing you downloaded and actually wanted). But mostly it's about a profit margin that inures to the benefit of its operators.

lordpuffer
Legalize It Joe!
Premium Member
join:2004-09-19
Old Town, ME
Nokia XS-110G-A
Linksys Velop MX5300

1 recommendation

lordpuffer

Premium Member

Thanks for the great info. I only use my PC once in a while, and when I do, it's mostly for music or media. I'm usually on a Mac.

I don't have an image of my hard drive (my bad), so I'll just leave it alone for now and see how it behaves. If I need to reformat at some point, then that's fine, for it's been over a year since I reformatted the last time.
art22gg
Premium Member
join:2005-02-16
Courtenay, BC

1 recommendation

art22gg to lordpuffer

Premium Member

to lordpuffer
The reason the online scanner never picked it up according to ESET is ......"The application is detected as a potentially unsafe application (an OpenCandy dll is often bundled with free software). This detection is disabled by default."

From there forums