Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2

Author Topic: Smart Defrag - Caution! Installs Malware!  (Read 19780 times)

sheddyian

  • Kitizen
  • ****
  • Posts: 1159
    • My Shed Blog
Smart Defrag - Caution! Installs Malware!
« on: February 13, 2014, 08:51:46 PM »

My favourite Windows defrag program is MyDefrag, which is amazing at improving program startup and access times, especially on older computers.

However, it doesn't defrag some system files, and I found that Smart Defrag can do this at boot time if you ask it to, so I occasionally use this program.

Today I ran it to do that very thing, and after a minute or so the program disappeared, and I saw a notice telling me I'd been automatically upgraded to version 3.  I clicked the OK button and then saw lots of other things appearing.

It had installed Advance System Care, A Browser Toolbar, changed my default search engine to Yahoo (with a spigot referrer), installed several Spigot Programs, and 3 browser plugins for Ebay, Amazon and DNS lookup failure redirect!

I uninstalled the programs, reset the settings, ran Malwarebytes on the system and it found several other things in the temp folder, including one it reckoned was a Fake antivirus program.  These all had date and time of when I'd run Smart Defrag.

Curious now, I did the same on another computer that also had Smart Defrag version 2 installed, and lo, after a minute or so it quit and presented me with the screen shown in the attachment.

I now realise I hadn't noticed the tick boxes the first time around, and so had agreed to have all that junk installed on my computer at the same time.  I think this is really sneaky, I'm usually pretty good at noticing things like this, but I hadn't asked for the update, it just went ahead with it.

I unticked the boxes and let the installation of SmartDefrag 3 complete.

When it had done so, I looked at my installed programs, and found that despite unticking the options, SmartDefrag had also installed Spigot Search Protection.  It had also left a file in the temp folder that MalwareBytes says is a Fake Anti Virus application  (file called Resource_AcceptRate.exe)

My search engine in IE and Chrome has also been changed to Yahoo, with a referall to Spigot.  The start page has been similarly changed.

These things happened on the 2nd PC despite unticking all the options presented to me in the screen shown in the attachment

So, given the way this is forced on you, my advice would be to avoid SmartDefrag and uninstall it if you're using it.

Ian

« Last Edit: February 13, 2014, 08:54:04 PM by sheddyian »
Logged

HPsauce

  • Helpful
  • Kitizen
  • *
  • Posts: 2606
Re: Smart Defrag - Caution! Installs Malware!
« Reply #1 on: February 13, 2014, 11:42:45 PM »

Hmmm...............
I have used Smartdefrag quite a lot and never seen this.
Are you sure you downloaded it from the IObit site?

Of course their downloads may have been compromised.  :-[
Logged

sheddyian

  • Kitizen
  • ****
  • Posts: 1159
    • My Shed Blog
Re: Smart Defrag - Caution! Installs Malware!
« Reply #2 on: February 13, 2014, 11:48:39 PM »

Hmmm...............
I have used Smartdefrag quite a lot and never seen this.
Are you sure you downloaded it from the IObit site?

I got version 2 from their site some time ago.  Today, without asking me, it automatically updated to version 3 as I was running version 2, and suddenly I had malware with the date and time of the update to version 3.  On a 2nd PC, when I tried the same thing but unticked the forced malware options, I still ended up with malware dated and timed from when I was running Smartdefrag.

I'd be interested to know what happens when you run your copy - does it update? Does it install malware & change browser search engine?

It's troubling how much software now comes with an installer that dumps other malware on your computer that you don't want, but if I'm right in this instance, it's much worse as you don't get the chance to opt out.

Ian
Logged

HPsauce

  • Helpful
  • Kitizen
  • *
  • Posts: 2606
Re: Smart Defrag - Caution! Installs Malware!
« Reply #3 on: February 14, 2014, 09:30:26 AM »

Offhand I'm not likely to run it in the near future, I think it's only installed on a now little-used PC that is dual-boot Vista/XP.
So, if I do need it I'll be extra cautious.

I've only really used it on older XP systems anyway and they are slowly disappearing.

My "collection" now only has one "native" XP system, a Toshiba laptop whose "purpose in life" has just been migrated to a W7 system (legacy app, actually using XP run in a virtual machine). I'll probably retire that soon.
Logged

renluop

  • Kitizen
  • ****
  • Posts: 3326
Re: Smart Defrag - Caution! Installs Malware!
« Reply #4 on: February 14, 2014, 09:35:43 AM »

Whether it is a good safeguard, I don't know, but nowadays I use custom installs. That way I lessen the chance of downloading unwanted extras.
Logged

sheddyian

  • Kitizen
  • ****
  • Posts: 1159
    • My Shed Blog
Re: Smart Defrag - Caution! Installs Malware!
« Reply #5 on: February 14, 2014, 01:02:22 PM »

An update :

Having completely uninstalled it yesterday, today I downloaded V3 from the IObit website (which redirects to Cnet download) and also from the Majorgeeks download site.  These files were bit identical, and scanned clean for malware and viruses with malwarebytes and Virustotal.

I then scanned my PC for malware with Malwarebytes, and installed Smart Defrag.  I opted out of the "advanced systemcare" but was not offered any malware-like programs.

Upon checking and rescanning, the computer was still free of anything suspicious.

So, this is good news, and puzzling.  A clean install of Smart Defrag V3 is, well, clean.

Yet on two separate computers (both running Windows 7) I was upgraded from V2 to V3 without being asked or even prompted, and ended up with malware that wasn't there before.  In the 2nd instance, DEFINITELY wasn't there before, because I scanned for it, then started Smart defrag, it forced it's update, and then I had malware.

If I can work out a way, I'll see if I can recreate the auto update from v2 to v3 again and watch carefully to see what happens and try to understand what was going on.

Ian
Logged

HPsauce

  • Helpful
  • Kitizen
  • *
  • Posts: 2606
Re: Smart Defrag - Caution! Installs Malware!
« Reply #6 on: February 14, 2014, 01:08:51 PM »

Maybe the update site is different and has been compromised in some way?
(That's why I asked earlier about where you downloaded the update from)
Most intriguing......  :graduate:
Logged

sheddyian

  • Kitizen
  • ****
  • Posts: 1159
    • My Shed Blog
Re: Smart Defrag - Caution! Installs Malware!
« Reply #7 on: February 14, 2014, 01:24:42 PM »

That's the thing - I didn't originally download any update, I was using V2 of Smart Defrag that had been on the PCs for some time, and hadn't given me any problems before, then I had an update forced on me without any chance to stop it.

Which is why I want to try installing V2 again and seeing what happens, or seeing if I've got any other computer lying around that has v2 still on it (don't think I have though)

Ian
Logged

sheddyian

  • Kitizen
  • ****
  • Posts: 1159
    • My Shed Blog
Re: Smart Defrag - Caution! Installs Malware!
« Reply #8 on: March 11, 2014, 04:29:00 PM »

An interesting, and not very savoury ps on this one.

One of my Windows XP machines that previously had Smart Defrag on it just popped up this next to the clock (see attachment)

Task manager shows a suspicious process I'm not familiar with, running promote-upx.exe

A search finds this file in C:\Documents and Settings\Owner\Local Settings\Temp

With a date and timestamp of when I logged in earlier.

File properties show it as version 1.4.0.202, description "Reminder" and company... IObit, the makers of SmartDefrag!

What's much more annoying is I uninstalled Smart defrag after the issues I had above.  There are no Iobit products shown in my add/remove programs list  >:(

It's left an advert popup program behind.  :-\

Interestingly, a scan with Malwarebytes didn't pick anything up.  I will take a copy of it before I eradicate it, see if it gets detected later on.

Modified to add :

In the 28Mb of stuff in program files that the uninstaller left behind, there seems to be no other viable programs remaining (excepting some dlls) except a progam called "UninstallPromote.exe"

So it seems that leaving this advert popup program behind after uninstalling your IObit software is intentional, and that you've got to manually locate this to remove the adverts left behind.

Not impressed!

From a quick look around, it's not obvious where it's starting up from though.

Ian

« Last Edit: March 11, 2014, 04:37:50 PM by sheddyian »
Logged

renluop

  • Kitizen
  • ****
  • Posts: 3326
Re: Smart Defrag - Caution! Installs Malware!
« Reply #9 on: March 11, 2014, 05:29:23 PM »

Ihad ASC on my comp some while ago and found it did not completely uninstall. Iwas told to use a special uninstaller, but cannot recall ATM whre advice came from ( still looking). However I found this and pass it on in case it may be of use.
Logged

sheddyian

  • Kitizen
  • ****
  • Posts: 1159
    • My Shed Blog
Re: Smart Defrag - Caution! Installs Malware!
« Reply #10 on: March 11, 2014, 05:43:37 PM »

Well, UninstallPromote.exe wasn't helpful, nothing (appears to) happen when you run it.

I found that an iobit updater was running as a service (and remember, I unsintalled all iobit programs via control panel about a month ago).  I've removed this service, and renamed the IOBIT folder it was running from - lets see what happens now.

renluop : I think I've just read the thing you're talking about, it's on the iobit forums and they advise installing another of their products, advanced uninstaller, in order to uninstall their own software!

I also see a few threads on there about malware and popup ads, and an update from v2 to v3 of SmartDefrag being forced upon the user without chance to opt out.

Even more unimpressed  >:(

Ian
Logged

renluop

  • Kitizen
  • ****
  • Posts: 3326
Re: Smart Defrag - Caution! Installs Malware!
« Reply #11 on: March 11, 2014, 08:06:23 PM »

Well that would have been it, and it worked for me. I recall doing a thorough as I could of any likely name registry search and there was no trace whatsoever.
Logged

DSpencer

  • Just arrived
  • *
  • Posts: 1
Re: Smart Defrag - Caution! Installs Malware!
« Reply #12 on: July 08, 2014, 06:35:30 PM »

I have installed and used Smart Defrag off and on over the last few years. However, as you have discovered, when you install it (and this I know happened before version 3 as well) you had/have to be careful to avoid getting other crap (which I also consider malware) that is Spigot garbage dumped onto your computer.
You cannot (as far as I know) download the 'free' Smart Defrag directly from IObit, but only from CNET or Major Geeks (and I have found some other CNET downloads with surprise "extras"). If you are manually installing Smart Defrag and are wise you check the "Custom" install. If the update is automatic then you by default get the "Express" install, which makes 3 changes to your Windows. What I find despicable is that IObit has decided to partner with Spigot, and a quick Google of "Spigot" will tell you what that means. The 3 things added (if you foolishly or accidentally leave the "Express" clicked) are the IObit Apps Toolbar and Extensions (which are Spigot garbage), you get what they claim to be Yahoo! as your default search provider (which is a lie, because what you get is a Spigot overlay of Yahoo! search which then starts to insert adware crap into your browser), and the third change you get is that your browser(s) start/home page becomes hijacked by a Spigot overlayed/modified Yahoo! page.
What really ticks me off, and by my standards qualifies all this Spigot junk as malware, is that neither IObits nor Spigot provide a true, full uninstaller of all the junk. To get your computer back to the pre-Smart Defrag install conditions requires a lot of stupid messing around in the web browsers it has infected, plus other bits of manual fiddling, before you can be sure you have purged your computer of all of the Smart Defrag Spigot payload.
Recently Smart Defrag informed me that there was an new version (3, I was running 2), I downloaded the installer, started the installer, then remembered the process from getting bitten by this in the past, and I stopped the upgrade and also uninstalled Version 2 of Smart Defrag as well (or think I have uninstalled it).
IObit has every right to offer only paid or maybe trialware (time or feature-limited) versions of Smart Defrag but to package the "free" version of Smart Defrag with that Spigot crapware is stupid and a very poor practice and in my opinion unacceptable.
Logged

renluop

  • Kitizen
  • ****
  • Posts: 3326
Re: Smart Defrag - Caution! Installs Malware!
« Reply #13 on: July 08, 2014, 09:47:31 PM »

I am adverse to CNET because of their bad habits, and always try to find another source.
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33879
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Smart Defrag - Caution! Installs Malware!
« Reply #14 on: July 18, 2014, 09:51:36 PM »

I am adverse to CNET because of their bad habits, and always try to find another source.

Im ashamed to admit that last week I was sorting someone win8 laptop and I installed a copy of some software from CNET because I couldnt find it elsewhere.  I was trigger happy with the install because it was a program that I knew was ok.    But before I knew it I'd installed their stupid CNET downloader and associated junk carp.    :-X
Luckily I was easily able to clean it out before returning laptop to the owner.   :-\
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker
Pages: [1] 2