Jump to content

Eset Online scanner detected 3 PUPs, are they false positive?


Recommended Posts

Hello, I use Avast, roguekiller, malwarebytes, and mbar for virus detection, none of other programs detected anything, but Eset Online Scanner did. Note that I use EOS because I find it superior to classic Eset program (had better experience with detecting things).

Anyways, I scanned my computer yesterday and it detected nothing. Today I messed with magix vegas, it had problems playing certain videos, so I tried installing K-Lite codec pack from codecguide.com ,installed the standard version. I also installed Handbrake for video conversion. I uninstalled both. I downloaded .net framework (dotnet SDK) from official website and Divx from official website, but both installers I only launched, not installed anything. So, if Eset detects anything, it must be from either of those programs, my suspicion is K-Lite codec pack and that detection is only false positive. From the looks of it, the first PUP is .net framework thingy, other two maybe K-Lite codec pack IMO. I tend to visit only safe websites and download stuff also from safe and official websites (and not other sources).

Is this false positive please? I am attaching report from EOS for analysis. Thank you. Have a nice day.

eset report 3 august 2021.txt

Link to comment
Share on other sites

  • Administrators

Basically potentially unwanted applications are never false positivies since they exactly detect applications that had been carefully already analyzed by ESET and it turned out they met criteria for PUA detection.

Link to comment
Share on other sites

Posted (edited)
10 minutes ago, Marcos said:

Basically potentially unwanted applications are never false positivies since they exactly detect applications that had been carefully already analyzed by ESET and it turned out they met criteria for PUA detection.

 

And are they harmful? At least ones from my report?

I downloaded Divx from: https://www.divx.com/

K-Lite Codec Pack from: https://codecguide.com/download_kl.htm

Handbrake from: https://handbrake.fr/

And .net SDK from: https://dotnet.microsoft.com/download/dotnet/5.0

 

These should be official sources.

This is what was detected:

DotSetupSDK[1].dll    a variant of MSIL/DotSetupIo.B potentially unwanted application    cleaned by deleting

dxa7C56.tmp    a variant of Win32/DivX.C potentially unwanted application    cleaned by deleting

dxa7D33.tmp    a variant of MSIL/DotSetupIo.B potentially unwanted application    cleaned by deleting

Edited by Salenai
Link to comment
Share on other sites

  • Most Valued Members
Posted (edited)
53 minutes ago, Salenai said:

 

And are they harmful? At least ones from my report?

I downloaded Divx from: https://www.divx.com/

K-Lite Codec Pack from: https://codecguide.com/download_kl.htm

Handbrake from: https://handbrake.fr/

And .net SDK from: https://dotnet.microsoft.com/download/dotnet/5.0

 

These should be official sources.

This is what was detected:

DotSetupSDK[1].dll    a variant of MSIL/DotSetupIo.B potentially unwanted application    cleaned by deleting

dxa7C56.tmp    a variant of Win32/DivX.C potentially unwanted application    cleaned by deleting

dxa7D33.tmp    a variant of MSIL/DotSetupIo.B potentially unwanted application    cleaned by deleting

A potentially unwanted application (PUA) is a program that contains adware, installs toolbars, or has other unclear objectives. There are some situations where a user may feel that the benefits of a potentially unwanted application outweigh the risks.

https://support.eset.com/en/kb2629-what-is-a-potentially-unwanted-application-or-potentially-unwanted-content

You can switch DivX with VLC Media Player , you would get rid of those detections , VLC is safe and without adwares/toolbars.

Edited by Nightowl
Link to comment
Share on other sites

9 minutes ago, Nightowl said:

A potentially unwanted application (PUA) is a program that contains adware, installs toolbars, or has other unclear objectives. There are some situations where a user may feel that the benefits of a potentially unwanted application outweigh the risks.

https://support.eset.com/en/kb2629-what-is-a-potentially-unwanted-application-or-potentially-unwanted-content

You can switch DivX with VLC Media Player , you would get rid of those detections , VLC is safe and without adwares/toolbars.

So, if any of those programs installed anything, even a thing such as a toolbar, when Eset removed them, does that mean that they have literally been uninstalled/removed?

Link to comment
Share on other sites

  • Most Valued Members
17 minutes ago, Salenai said:

So, if any of those programs installed anything, even a thing such as a toolbar, when Eset removed them, does that mean that they have literally been uninstalled/removed?

ESET can possible quarantine/remove the whole file and also can possibly try to clean it , but mostly when files get cleaned , they will eventually break somehow if I am not mistaken , anyway I don't like to install software on my devices that request to install other things like toolbars or another free softwares etc..

Link to comment
Share on other sites

Eset's definition of a PUA:

Quote

Grayware or Potentially Unwanted Application (PUA) is a broad category of software, whose intent is not as unequivocally malicious as with other types of malware, such as viruses or trojan horses. It may however install additional unwanted software, change the behavior of the digital device, or perform activities not approved or expected by the user.

Categories that may be considered grayware include: advertising display software, download wrappers, various browser toolbars, software with misleading behavior, bundleware, trackware, crypto-miners, registry cleaners (Windows operating systems only) or any other borderline software, or software that uses illicit or at least unethical business practices (despite appearing legitimate) and might be deemed undesirable by an end user who became aware of what the software would do if allowed to install.

https://help.eset.com/glossary/en-US/unwanted_application.html

Edited by itman
Link to comment
Share on other sites

1 hour ago, Salenai said:

So, if any of those programs installed anything, even a thing such as a toolbar, when Eset removed them, does that mean that they have literally been uninstalled/removed?

My experience using Eset is its PUA detection is for the app download. If one proceeds to exclude Eset's PUA detection and run the app installer, etc. unimpeded, don't expect Eset to block installation of the undesirable PUA elements.

Link to comment
Share on other sites

  • Most Valued Members
6 hours ago, Salenai said:

Hello, I use Avast, roguekiller, malwarebytes, and mbar for virus detection, none of other programs detected anything, but Eset Online Scanner did. Note that I use EOS because I find it superior to classic Eset program (had better experience with detecting things).

Anyways, I scanned my computer yesterday and it detected nothing. Today I messed with magix vegas, it had problems playing certain videos, so I tried installing K-Lite codec pack from codecguide.com ,installed the standard version. I also installed Handbrake for video conversion. I uninstalled both. I downloaded .net framework (dotnet SDK) from official website and Divx from official website, but both installers I only launched, not installed anything. So, if Eset detects anything, it must be from either of those programs, my suspicion is K-Lite codec pack and that detection is only false positive. From the looks of it, the first PUP is .net framework thingy, other two maybe K-Lite codec pack IMO. I tend to visit only safe websites and download stuff also from safe and official websites (and not other sources).

Is this false positive please? I am attaching report from EOS for analysis. Thank you. Have a nice day.

eset report 3 august 2021.txtUnavailable

Just curious what your experience was with the desktop version of Eset as the online version uses the same databases but desktop has extra features so should be far better security wise 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...