Main Area and Open Discussion > General Software Discussion
Auslogics Disk Defrag Portable is suddenly malicious?
Deozaan:
I've had a portable .exe of Auslogics Disk Defrag Portable sitting in a folder on my PC for years, and frequently used it. The most recent time I used it a few days ago, out of nowhere Windows Defender marked it as malicious. I went into Windows Security center and told it to allow/restore it, but after I rebooted my computer today for the most recent Windows Update, it's gone! That leads me to two questions:
#1: Is it feasible that this portable app has had some hidden trojan all these years and only now is it being properly picked up by anti-virus scanners, or is it most likely just a sudden false positive? I uploaded the file to Jotti and VirusTotal before it disappeared, and there were several AVs flagging it as malicious. So it's not just Windows Defender acting up. Again, this is a file I've had for years. It's not like I just downloaded a new or updated version that changed the code.
#2: Does anyone know how to restore a file that Windows Defender got rid of? I don't see the usual "allow" or "restore" options in Windows Security. In fact, Windows Security tells me that it failed to remediate the problem. I'm attaching relevant screenshots if it helps to see what I'm seeing.
Auslogics Disk Defrag Portable is suddenly malicious?
Auslogics Disk Defrag Portable is suddenly malicious?
EDIT: Nevermind about #2. I had a backup in my Dropbox folder.
Shades:
A good example for applying the 3-2-1 rule when back-upping.
For those unfamiliar with that rule:
You should have 3 copies of your data (your production data and 2 backup copies) on two different media (disk and tape) with one copy off-site for disaster recovery.
And a reasonably interesting blog post on why this rule sucks... ;)
Deozaan:
A good example for applying the 3-2-1 rule when back-upping.
-Shades (March 11, 2021, 10:34 PM)
--- End quote ---
After I found the backup in my Dropbox folder, I immediately made an extra copy on a thumb drive. I didn't even know 3-2-1 was a thing and I unintentionally started following that strategy after this incident. :Thmbsup:
KodeZwerg:
My guess why AntiVirus tools cry: "Portable-Edition" (RarSfx)
Programs that extract programs to run them are in general "bad" for scanning tools.
It looks like Windows Defender does not like your program extras (the *.bpl files, those are Delphi binary packages).
How-To-Fix: Extract *.exe Rar-file and play with extracted :-)
Deozaan:
My guess why AntiVirus tools cry: "Portable-Edition" (RarSfx)
Programs that extract programs to run them are in general "bad" for scanning tools.
It looks like Windows Defender does not like your program extras (the *.bpl files, those are Delphi binary packages).
How-To-Fix: Extract *.exe Rar-file and play with extracted :-)
-KodeZwerg (March 12, 2021, 01:22 AM)
--- End quote ---
Oh! It makes so much sense now. I didn't realize the RarSfx meant self-extracting RAR. It seems so obvious in retrospect! I extracted the files manually and I see there are some Google Analytics related files. And since there doesn't appear to be any way to turn off analytics in the settings, I deleted the GoogleAnalyticsHelper.dll and GASender.exe yet the main executable still seems to work just fine without them.
Speaking of the main executable, now when I run the extracted .exe file it opens so much faster!
But those Delphi packages are still causing trouble:
vclie160.bpl on VirusTotal
AxComponentsRTL.bpl on VirusTotal
Most AVs just give them the generic "potentially unwanted" label, which is a pretty good indicator that it's likely a false positive. But one of them specifically labels it as adware/virus, which is a little concerning. However, I don't think I've ever seen a random ad, inside or outside of the application, in all the years I've been using this program. So I think I'll chalk this one down to a false positive until/unless I get more information that convinces me otherwise.
Navigation
[0] Message Index
[#] Next page
Go to full version