art22gg Premium Member join:2005-02-16 Courtenay, BC |
art22gg
Premium Member
2014-Jan-20 6:02 pm
Auslogics Disk Defrag (free) ...FP or???I just finished DL the latest version (4.4.2.0) setup installer,and as I usually do scanned it with Jotti and Virus Total.. Eset,s NOD32 is reporting that it has Win32/OpenCandy.A in it...All other scanners are saying it is clean.... Has anyone else seen this?...Don,t use Nod32 myself,so don,t know whether I can upload it to them.. The file in question was DL directly from Auslogics web site... |
|
lordpufferLegalize It Joe! Premium Member join:2004-09-19 Old Town, ME Nokia XS-110G-A Linksys Velop MX5300
1 edit |
I have 4.4.2.0 installed. I just ran a "Quick Scan" with the latest version of Avast Pro Antivirus, ran full scans with both Malwarebytes and Superantispyware after updating to 4.4.2.0, nothing detected.
My guess is a FP. Check their forum to make sure. |
|
|
dib22 join:2002-01-27 Kansas City, MO
1 recommendation |
to art22gg
If you mean this website: » www.auslogics.com/en/sof ··· -defrag/You will notice it is using download.com. The download I get from download.com flags as a InstallMonetizer which is pretty normal (sadly) for download.com. |
|
art22gg Premium Member join:2005-02-16 Courtenay, BC |
art22gg
Premium Member
2014-Jan-20 7:01 pm
No..Not that one!.I never DL from there...underneath is a site where it says to alternatively DL from there site..(Auslogics) |
|
art22gg |
to lordpuffer
I have checked with exactly the same programs as you,and I concur with you that they show "clean"...Have submitted the file to Eset,but they say it usually takes at least 2 days for any reply,so am going to hold off on installing....Don,t need "Open Candy"if indeed it is in there... |
|
lordpufferLegalize It Joe! Premium Member join:2004-09-19 Old Town, ME |
That's a good idea, and a safe one. I'm trying to remember if I downloaded this from Auslogics' site or from download.com. Unfortunately, I don't remember. |
|
BlackbirdBuilt for Speed Premium Member join:2005-01-14 Fort Wayne, IN |
to art22gg
said by art22gg:No..Not that one!.I never DL from there...underneath is a site where it says to alternatively DL from there site..(Auslogics) Interesting. When I go to: » www.auslogics.com/en/sof ··· -defrag/, the site download originates from C/Net, and there are no alternates listed on the page. Perhaps some regional filtering at work? |
|
dib22 join:2002-01-27 Kansas City, MO |
dib22
Member
2014-Jan-20 7:42 pm
said by Blackbird:the site download originates from C/Net, and there are no alternates listed on the page. Same here. Wonder if he is suffering from an injection attack? |
|
your moderator at work
hidden : Other reason hidden : Other reason
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI
1 recommendation |
to art22gg
Re: Auslogics Disk Defrag (free) ...FP or???When time to update it..I only use filehippo to get it..all others seem to want first to give you crap.. » www.filehippo.com/downlo ··· _defrag/You also might like to try wise disk cleaner which has a built in defrag and much more to clean up a PC..have used it on a versions of windows from winxp to win8 and never had a hickup with it. I always download it from majorgeeks site » www.majorgeeks.com/files ··· ner.htmlBut never had a problem yet getting it from here » www.wisecleaner.com/wise ··· ree.html |
|
|
defrag c: /u /v /h
|
|
dib22 join:2002-01-27 Kansas City, MO |
to Anon
said by sbconslt:There's a direct link here: Interesting I do see OpenCandy via Eset on that direct link! MD5 hash: 78d0e9be22ec30b85607531b8b79e039 the one from cnet (in which I see InstallMonetizer) has MD5 of: 17c90b287476b5e2c9eca9757317a94c the one from FileHippo shows InstallMonetizer and has MD5 of: 17c90b287476b5e2c9eca9757317a94c Interesting that eset is the only one hitting on both versions. |
|
2 recommendations |
OpenCandy is in a grey area as far a threats go, so use your judgment. It's not necessarily bad to run an installer packed with OpenCandy as long as you decline the offer. In some cases you won't see anything from it (such as if mvps hosts file is present, blocking OpenCandy domains). It does not drop a persistent or malicious payload. It's a privacy and performance risk.
Because of being in this ambiguous part of the threat scape some AV vendors don't detect OpenCandy at all. Others classify it in a different bucket than malicious threats. So that is why you were seeing a mix of results on virus total. On the other hand, installer bundlers are a massive and underappreciated security concern. I often think that users should organize against the practice by demanding clean installers or voting with their feet. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
to dib22
Bummer ..have to take that back on filehippo being clean..had not updated auslogic defrag for a while and now that I install this new version 4.4.2.0, I have to decline the junk |
|
dib22 join:2002-01-27 Kansas City, MO |
dib22
Member
2014-Jan-20 9:06 pm
said by Name Game:Bummer ..have to take that back on filehippo being clean. Well looks like I incorrectly blamed cnet, but since both places have this installer (installmonitizer) it looks like it is squarely in auslogics court. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
That is what I am thinking this go around |
|
Jrb2 Premium Member join:2001-08-31
1 recommendation |
to art22gg
For your info: There is a very recent thread at Wilders about the same thing: "Warning about Auslogic Defrag Free" » www.wilderssecurity.com/ ··· t=358815 |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI
1 recommendation |
Thanks Jan..really like that tool..but the wise disk cleaner also seems to do a nice job so I might start telling friend to use it instead. |
|
art22gg Premium Member join:2005-02-16 Courtenay, BC |
art22gg
Premium Member
2014-Jan-20 9:25 pm
This is the site where I made the initial DL...link..» www.auslogics.com/en/sof ··· ownload/Notice right under where you can DL from CNET,where it says you can "alternatively" get it from there website!! |
|
BlackbirdBuilt for Speed Premium Member join:2005-01-14 Fort Wayne, IN |
Blackbird
Premium Member
2014-Jan-20 10:25 pm
That's fascinating... the two URLs give you two entirely different-looking pages, with differing download options: h ttp://www.auslogics.com/en/software/disk-defrag/ h ttp://www.auslogics.com/en/software/disk-defrag/download/ (links deliberately broken to illustrate the full URLs here) That, of itself, I find troubling. It reminds me of that old shell game... guess which of the 3 shells the pea is under. Too many "games" are being played with this product's distribution, and that has to be with the consent of the maker, so I'll remember to give it a wide berth from here on... |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
to art22gg
Most flag something or another - what flagged via FileHippo |
|
lordpufferLegalize It Joe! Premium Member join:2004-09-19 Old Town, ME Nokia XS-110G-A Linksys Velop MX5300
|
to art22gg
I found that I had downloaded 4.4.2.0 from the direct link on Auslogics' site. So, even though no scan detects it, I probably got OpenCandy with it.
I read the thread at Wilders, and it seams that it may only be just adware, as has been posted above. I don't want it on my system (if it's even there), but I guess it can't hurt anything by having it there. |
|
art22gg Premium Member join:2005-02-16 Courtenay, BC
1 recommendation |
art22gg
Premium Member
2014-Jan-21 10:01 am
I received this E-Mail from ESET this AM..(very fast response after submitting file yesterday)... Quote: "Hello, the detection is correct. The installation package contains OCSetupHlp.dll which is detected as a potentially unsafe application. Detection of potentially unsafe applications is disabled by default and it's at users' discretion whether they want to detect them or not. Regards, ESET Malware Response Team I probably will not be using Auslogics products again until this is corrected by them..Big Shame... |
|
lordpufferLegalize It Joe! Premium Member join:2004-09-19 Old Town, ME Nokia XS-110G-A Linksys Velop MX5300
|
said by art22gg:I received this E-Mail from ESET this AM..(very fast response after submitting file yesterday)...
Quote: "Hello, the detection is correct. The installation package contains OCSetupHlp.dll which is detected as a potentially unsafe application. Detection of potentially unsafe applications is disabled by default and it's at users' discretion whether they want to detect them or not.
Regards,
ESET Malware Response Team
I probably will not be using Auslogics products again until this is corrected by them..Big Shame... Just for informational purposes, I did a search for OCSetupHlp.dll on my Win 7 64 bit Home Premium machine that has Auslogics Disk Defrag 4.4.2.0 on it, and it didn't find it (that does not mean that it is not there). I did download 4.4.2.0 directly from Auslogics site. I found many OCSetup entries from 2010, which was before I bought the machine. |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
to art22gg
Thanks art22gg Based on what ESET replied - the software is now bundled with OpenCandyThis should not be construed as an official statement from ESET.For those that may wish to submit samples to ESET as Art did. |
|
lordpufferLegalize It Joe! Premium Member join:2004-09-19 Old Town, ME Nokia XS-110G-A Linksys Velop MX5300
|
to art22gg
Eset Online Scan |
As I posted above, I downloaded 4.4.2.0 directly from Auslogics' site. I no longer have the installation file, for I deleted that after the install. I just ran the above Eset online scan and it found nothing. If OpenCandy is detected by Eset in the installation file, wouldn't it pick it up with the scan that I ran, since it must be somewhere on my system? |
|
2 recommendations |
Like I mentioned earlier it doesn't drop a persistent payload. It drops OCSetupHlp.dll to %temp% for a short time but it cleans up after it finishes doing its thing. Or that has been my experience with it anyway.
OpenCandy is detected as "possibly unwanted", "potentially unsafe", etc. because it's advertising, not because it's malicious in the direct sense. Distributors of garbage software packages, perhaps having business models based around advertising or the sale of your information, which you wouldn't want and should not install on your system, pay OpenCandy to get offered by the OpenCandy bundler after you finish installing the primary thing you were installing. Then OpenCandy pays a portion of the money to the purveyor of the primary, presumably legitimate software you're trying to install to get attached to their installer.
None of this is done with your best interests in mind as the user, hence the classification by some detection engines. The only positive externality OpenCandy throws off is it might help fund the development of useful software by small developers (the primary thing you downloaded and actually wanted). But mostly it's about a profit margin that inures to the benefit of its operators. |
|
lordpufferLegalize It Joe! Premium Member join:2004-09-19 Old Town, ME Nokia XS-110G-A Linksys Velop MX5300
1 recommendation |
Thanks for the great info. I only use my PC once in a while, and when I do, it's mostly for music or media. I'm usually on a Mac. I don't have an image of my hard drive (my bad), so I'll just leave it alone for now and see how it behaves. If I need to reformat at some point, then that's fine, for it's been over a year since I reformatted the last time. |
|
art22gg Premium Member join:2005-02-16 Courtenay, BC
1 recommendation |
to lordpuffer
The reason the online scanner never picked it up according to ESET is ......"The application is detected as a potentially unsafe application (an OpenCandy dll is often bundled with free software). This detection is disabled by default."
From there forums |
|