Author Topic: Defraggler Malware or not?  (Read 784 times)

Offline patrice58

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 826
Defraggler Malware or not?
« on: November 16, 2017, 07:33:28 PM »
Defraggler https://www.piriform.com/defraggler downloading it opens CIS with the option of cleaning the file via sending it to the sandbox or running it without. ApplicUnwnt[at]#290od3alopvy2 Database version 28059.
Vista Home Premium 32 bit (user account) CISC 4.1.150349.920 + CAV (On Access) + Sandbox,V-Engine 2.7.0.37, SpywareBlaster 4.3, SAS (free), a-squared (free) MBAM (free) Finjan Secure Browsing, Windows Defender (scanner only), Zemana AntiLogger 1.9.2.206,

Offline Qiuhui.Wang

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 2099
Re: Defraggler Malware or not?
« Reply #1 on: November 16, 2017, 07:46:00 PM »
Hi patrice58,

Thank you for reporting this.
We'll check it and get back to you soon.

SHA1:40cdd1188cfc0b474b66a22ce8ddb280a38eadfd *dfsetup221.exe

Best regards
Qiuhui.Wang

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 577
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: Defraggler Malware or not?
« Reply #2 on: November 16, 2017, 07:59:39 PM »
I do not want to anticipate anyone , but In my opinion , the assessment of Comodo is justified .

The Defraggler Installer spawns the same "Google-Spy-Software" as the normal CCleaner Installer . So for me it´s an Unwanted Application !!!!

I recommend to use the portable version >>>  https://www.piriform.com/defraggler/builds

Spawned process "GoogleUpdateSetup_1.3.21.169.exe" with commandline "/silent /install "appguid={F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}&appname=Google%20Toolbar&needsadmin=True&brand=PRFD&usagestats=0" /appargs "appguid={F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}&installerdata=d%3Dask%26h%3Dask2""
Spawned process "GoogleUpdate.exe" with commandline "/silent /install "appguid={F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}&appname=Google%20Toolbar&needsadmin=True&brand=PRFD&usagestats=0" /appargs "appguid={F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}&installerdata=d%3Dask%26h%3Dask2""
Spawned process "GoogleUpdate.exe" with commandline "/regsvc"
Spawned process "GoogleUpdate.exe" with commandline "/regserver"


A good explanation for this topic from "greyghost" :

"Piriform "Defraggler" is openly packaged with GoogleToolbar, offerring to install Google Chrome as your default Browser.
- Google Toolbar is a pest (if you don't want it) … the threat reported by ESet is not a false-positive
- but IMO nor is Defraggler sneakware nor is Google Toolbar a threat, it is for some a pest.
During installation the install Wizard clearly displays an opt out ( a very colorful window, leaving no doubt that they are offering Google Chrome)
- unchecking the offer is not rocket science .
( Short objection from me ) : >>> " Only If you know exactly what to choose or not ! "  ;)

Rushing to the VirusTotal bad vote is paranoid and naive reaction
- do your homework about the reported "threat" with any search engine, I chose to use independant https://duckduckgo.com/
- I have installed and unstalled "Defraggler" installer twice in the last 30 minutes, I opted out of the google offering … no problems, the sky has not fallen in.

If you still dont trust Defraggler installer there is also the portable version at https://www.piriform.com/defraggler/builds

Piriform (developers of Defraggler) are not a charity, so you are getting a first class program for FREE,
- if Piriform make money from encouraging us to install Google Toolbar, good luck to them
- my choice is, (and yours might be) to avoid Google phoning home….
- if you are smart enough to be here on VirusTotal, you should be smart enough to learn how to research any program and recognise Piriform's need to finance FREE "Defraggler" and some of the other free apps they provide."

So as I've often said , sometimes it's just a question of definite .

« Last Edit: November 16, 2017, 08:30:32 PM by pio »
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline Qiuhui.Wang

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 2099
Re: Defraggler Malware or not?
« Reply #3 on: November 16, 2017, 08:36:36 PM »
Hi patrice58,

This is to inform you that the reported file is not a false positive<PUA>.
If you intent to use it further,you can add it to exclusion list.

SHA1:40cdd1188cfc0b474b66a22ce8ddb280a38eadfd *dfsetup221.exe

Best regards
Qiuhui.Wang

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 577
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: Defraggler Malware or not?
« Reply #4 on: November 16, 2017, 08:37:57 PM »
Hi patrice58,

This is to inform you that the reported file is not a false positive<PUA>.
If you intent to use it further,you can add it to exclusion list.

SHA1:40cdd1188cfc0b474b66a22ce8ddb280a38eadfd *dfsetup221.exe

Best regards
Qiuhui.Wang

 :-TU :-TU :-TU  ;)
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline patrice58

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 826
Re: Defraggler Malware or not?
« Reply #5 on: November 18, 2017, 09:33:49 PM »
After all the madness I excluded the program. (Which reminds me why is the option to check/delete exclusions, not in the AV section of the firewall, why is it is the weirdly named advanced protection section.) After doing all that and downloading it, I then remembered that I can't use it as I have an SSD. Ah well.
« Last Edit: November 18, 2017, 09:38:43 PM by patrice58 »
Vista Home Premium 32 bit (user account) CISC 4.1.150349.920 + CAV (On Access) + Sandbox,V-Engine 2.7.0.37, SpywareBlaster 4.3, SAS (free), a-squared (free) MBAM (free) Finjan Secure Browsing, Windows Defender (scanner only), Zemana AntiLogger 1.9.2.206,

Offline pio

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 577
  • I like CIS , Kali Linux , IDA Pro & Fl Studio ;)
Re: Defraggler Malware or not?
« Reply #6 on: November 20, 2017, 02:01:13 PM »
After all the madness I excluded the program. (Which reminds me why is the option to check/delete exclusions, not in the AV section of the firewall, why is it is the weirdly named advanced protection section.) After doing all that and downloading it, I then remembered that I can't use it as I have an SSD. Ah well.

Is not that bad , but good that we have talked about it here !  ;)
*** Paranoid Bastard since CIS 3.5 ! Independent - NON Profit Malware Analyst ***

Offline patrice58

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 826
Re: Defraggler Malware or not?
« Reply #7 on: November 20, 2017, 04:43:58 PM »
Definitely thanks ever so much for your help.  :)
Vista Home Premium 32 bit (user account) CISC 4.1.150349.920 + CAV (On Access) + Sandbox,V-Engine 2.7.0.37, SpywareBlaster 4.3, SAS (free), a-squared (free) MBAM (free) Finjan Secure Browsing, Windows Defender (scanner only), Zemana AntiLogger 1.9.2.206,

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek