Jump to content

GomPlayer & Systweak Advanced System Protector


Giovy77

Recommended Posts

Hello!
Since last week Malwarebyte's antimalware detected "GOM PLAYER" and "Systweak Advanced System Protector" as malware (PUP.Optional.OpenCandy; PUP.Optional.AdvancedSystemProtector.A)
I believe that these warnings are just False Positive detections as they both refer to very popular and reliable software.

Here is the VirusTotal report concerning GOMPLAYER:

https://www.virustotal.com/it/file/3033d2ed9355236eb0446145c88539cde72399e0e8a51084d40b1b3c1e2d8334/analysis

So I would be very grateful if you could please fix this issue as soon as possible.

I enclosed two logfiles (first scan + "mbam.exe /developer" scan) plus the GOMPLAYER exe file as requested.

Waiting for your feedback.

Cheers.
 

mbam-log-2013-09-02 (23-52-22).txt

mbam-log-2013-09-03 (06-03-30).txt

Link to post
Share on other sites

  • Staff

Hi,

 

This gomplayer is bundled with OpenCandy, an advertising software module - hence why we detect this, since most people aren't aware they are installing this (also because of the prechecked module in it).

We detect as PUP, which means, Potentially Unwanted Program, so we don't list it as malware here, but potentially unwanted.

If you are aware of this program and don't have problems with the Opencandy advertising module (which is often also categorized as Adware http://en.wikipedia.org/wiki/OpenCandy), then you can ignore detection in MBAM (since it's not preselected by default for removal).

In case you were not aware of the OpenCandy advertising module and don't want it, then you can have mbam remove it.

 

Also see here regarding PUP detections: http://forums.malwarebytes.org/index.php?showtopic=130207

Link to post
Share on other sites

Ok, many thanks for your clarification.

Now my question is: in practical terms, what kind of impact OPENCANDY may have in my system? I'm asking you this (probably silly) question, because VT report shows that only Malwarebyte and ESET detected this kind of Adware in the GomPlayer .exe file and I wonder why!!

After all there are tons of FREEWARE out there giving you an option to install additional recommended software during installation, aren't there??

This is a way for helping developers keep their apps FREE of charge by displaying app recommendations (ads) around their downloads, but honestly I can't see anything wrong in this since users are usually given an option to accept or decline them.

And it looks like OpenCandy does not permanently install anything on PC users even when they accept app recommendations, since it's designed to run periodically but only for a few days in order to verify if the recommended apps were activated or not and then it deletes itself automatically. But to clear things once and for all, it's also possible to clean any possible OpenCandy hidden remnant traces sitting in users' system, by using this FREE app:

http://oclink.us/occleanup

Link to post
Share on other sites

  • Staff

Hi,

We changed our policies regarding PUP detections since recently, read here the official statement: http://blog.malwarebytes.org/news/2013/07/malwarebytes-adopts-aggressive-pup-policy/

This is because this was a huge request by our users since a lot of these freeware apps use deceptive ways to install the bundled software that comes with it anyway (prechecked, or often showed as recommended or/and both), where the user ends up with a lot of applications/toolbars/advertising modules they never wanted in the first place - hence the PUP (Potentially Unwanted Software).

 

I am not familiar with the OCCleaner tool so I cannot answer that question.

Link to post
Share on other sites

  • Staff

It's also a PUP detection which implies it's potentially unwanted by the user - especially since this is often bundled in installwrappers.

Systweak Advanced System Protector also often shows false positives and urges the user to buy a licence - at least - that was the evaluation we made upon own research and users feedback.

Users unfortunately also refer to this often as a virus: https://www.google.com/search?name=f&hl=en&q=Systweak+Advanced+System+Protector+virus - because they have no clue where it came from, how it was installed and why it is running.

This also qualifies to list something as PUP

Link to post
Share on other sites

Oh yes, I totally agree with your new policy and I'm also aware of the risk to install crapware usually bundled with freeware, but this should only regard those free apps out there that automatically install unwanted third party tools (toolbars, plugins etc...) without users' consent.
But if users are given an option to decline them, why consider this as Adware?

 

As for the OpenCandy issue have a look at here:

http://www.opencandy.com/faqs

 

Cheers.

Link to post
Share on other sites

  • Staff

"But if users are given an option to decline them, why consider this as Adware?"

We don't consider it Adware, we consider it PUP, because even though the user has the option to decline the additional install, if it is prechecked during install routines, or prechecked by default as "recommended", you can see that most users don't opt this out at all (because they believe this is indeed the default install), and end up with software they might not want anyway.

It would be a whole lot different if this all wasn't prechecked by default nor worded as the recommended setting/option. ;)

In such cases, we wouldn't even detect as PUP, because if the user then checks the additional bundles, then we might safely assume they really wanted this (as opposed to prechecked boxes and "recommended" wording)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.