Sunday, March 19, 2017

What is PUP detection criteria: one example is here

Why Malwarebytes recognizes PC Pitstop as Potentially Unwanted

Posted December 22, 2016 by Marcin Kleczynski

At Malwarebytes, we take awesome pride in the way that we're securing clients – not simply from malware – but rather from a developing and troubling danger known as PUPs, or Potentially Unwanted Programs. We as of late fortified our PUP identification criteria because of PUP sellers turning out to be more forceful while in the meantime utilizing more cleaned terrify strategies to push clients into obtaining their items. One organization that we began examining was PC Pitstop. With straightforwardness being critical to us at Malwarebytes, the plan of this blog is to make the certainties open.

PC Pitstop makes a few items including PC Matic, PC Magnum, Optimize, Driver Alert, and Disk MD. Starting at half a month back, we identify these items as PUP.Optional: the initial segment speaking to a Potentially Unwanted Program and the second your optionality, which means we trust it is undesirable by the dominant part of clients but then we need it to be certain that it is your circumspection as a client to expel it.

PC Pitstop set off a few of our PUP criteria, which I've included beneath.

Guaranteeing that registry cleaning is important

A few projects offer to clean or change your PC's registry. In fundamental terms, your Windows registry contains data and settings for projects and equipment introduced on clients working frameworks.

As indicated by Microsoft, registry cleaners are a bit much. Actually, Microsoft itself does not prescribe the utilization of registry cleaners. Items that utilization registry cleaning and advancement as a component to drive deals are viewed as Potentially Unwanted by Malwarebytes.

PC Pitstop's Optimize and PC Matic items utilizes registry cleaning as one of its primary components. They will indicate registry issues, even on a fresh out of the box new PC. It states there are fourteen registry records which "may bring about shameful operation of a few applications." Based on guidelines from Microsoft, we trust this to be a forceful strategy to drive deals.


Figure 1: PC Pitstop's Optimize indicating issues on a fresh out of the box new machine and provoking clients to "Purchase Now!" with a specific end goal to "settle the issues distinguished."


Figure 2: PC Matic registry cleaning suggestions.

Asserting that transitory documents are risky

Another of our PUP identification criteria is hailing transitory documents made by the working framework or Internet program as high hazard issues or critical fixes for a non-insightful client. Transitory documents are typical curios of the working framework and program and are not the slightest bit signs of an issue with the PC or an issue that is earnest. These discoveries are typically joined by a red speck or hazard slider.

PC Pitsop's PC Matic indicates impermanent records as earnest issues to the client, even on a shiny new PC.

examine comes about

Figure 3: PC Pitstop's PC Matic indicating brief records, default Operating System settings and circle discontinuity as "issues with your PC" on a fresh out of the plastic new machine and provoking clients to purchase to "Settle All."

Guaranteeing that treats are risky

Program treats are a necessary piece of how programs function. For instance, when you purchase something on the web, the shopping basket is probably determined by program treats. Hailing program treats as an issue that requires prompt consideration is a forceful strategy utilized by numerous Potentially Unwanted Programs.

No working trial

Amid examination of PC Pitstop items, we were incited ordinarily (in the wake of showing the previously mentioned issues!) to purchase the product. There is no working trial and the cost of the item was up to $150. High costs without the capacity to trial the product add to our criteria around Potentially Unwanted Programs.

Noiseless evacuation of fundamental applications

A standout amongst the most stunning practices of PC Matic was the incite to expel important applications, for example, Google Chrome's updater, Java's updater, and the sky is the limit from there. Expelling these segments really puts the machine at hazard as both said are fixing basic vulnerabilities.

Figures 4 and 5: PC Matic prompts to expel essential parts that stay up with the latest.


Figure 6: PC Matic demonstrating the Google Chrome Media Router module as "Terrible". This module sends as a matter of course with the standard establishment of Google Chrome.


Figure 7: PC Matic debilitating the Google Update administrations, leaving the machine possibly powerless and outdated.

Noiselessly handicapping the Windows Defragmentation Service

As appeared above in figure 2, PC Matic distinguishes plate discontinuity on a fresh out of the box new PC and prompts the client to buy the item. We have found that amid establishment of PC Matic, one of the primary activities it performs is noiselessly impairing the Windows Defragmentation Service. The issue is that Windows Defragmentation Service is no longer only a defragmenter is to a greater extent a week by week low-level cleanup of the hard drive for things the working framework hurls around. Microsoft exceptionally proposes allowing this to sit unbothered for Windows 8 or more. Indeed, Microsoft says that halting this administration can accomplish more mischief than great.

Once the inherent Windows Defragmentation Service is crippled, PC Matic advances its "SSD Optimization" include that demonstrates the Scheduled Defragmentation benefit as impaired.


Figure 8: PC Matic impairing the Windows Defragmentation Service


Figure 9: PC Matic's "SSD Optimization" comprises of impairing the Microsoft defragment benefit which Microsoft prompts against.

Quietly performing other possibly hazardous activities

There are different changes made to the machine running PC Matic fixes that could be possibly perilous, for example, noiselessly including an authoritative client.


Figure 10: PC Matic noiselessly adding an authoritative client record to the machine.

High hazard security vulnerabilities

On top of the greater part of the practices recorded above, Malwarebytes has found a progression of basic vulnerabilities in PC Pitstop's items that can permit any assailant to take control of your machine. We exhort all PC Pitstop clients to quickly uninstall all PC Pitstop items from their PCs until the defenselessness is settled. We have sent points of interest of the vulnerabilities found to PC Pitstop so they can address them promptly.

We utilize our best judgment and a rundown of criteria we've seen mishandled in the past to figure out if programming ought to be hailed as Potentially Unwanted for our clients. No organization and no product is immaculate, Malwarebytes included. We trust PC Pitstop makes a move to remediate the issues recorded above, and soon thereafter we will quickly quit hailing their items for potential expulsion. We are lowered that our clients confide in us to keep them safe and we will forcefully guard our position against the identification of PC Pitstop's items until that time.


We are eager to report that Malwarebytes is no longer recognizing PC Pitstop's item, PC Matic, as possibly undesirable programming. PC Pitstop has not just quit utilizing alarm strategies against potential clients, they have gone the extent that expelling registry cleaning from their item as a matter of course.

retrieved from

No comments:

Post a Comment