Close to two dozen anti-viruses including Windows Security think UserBenchmark is malware

CyberTech

Level 37
Thread author
Verified
Top poster
Well-known
Nov 10, 2017
2,605
Anti-viruses are not infallible and often detect false positives. Such is the case for UserBenchmark too, it seems, as the popular free benchmarking tool has been flagged as malware by close to two dozen sites as per VirusTotal.

UserBenchmark is a light freeware that tests your CPU, GPU, memory, storage drives (SSDs and/or HDDs), and USB drives. Some of the recent versions of the software have also included a "Skill Bench" that basically benchmarks the user too.

But as mentioned above, currently, close to two dozen anti-viruses, 23 to be precise, are flagging the software as malware, with the vast majority of these identifying it as a Trojan (image below). The issue isn't completely new as cases such as this are reported by users on forums online.

The rest
 

plat1098

Level 27
Verified
Top poster
Well-known
Sep 13, 2018
1,653
I use this software now and then, what happened? HitmanPro flags it also and if I rely on Jotti alone, it's enough to dissuade me from installing it for the time being. Let me keep an eye on this--it already has a bad rep for a supposed anti-AMD bias. I will post in the HitmanPro thread at Wilders to see what the devs have to say about any whitelisting.

hmp user benchmark.png

jotti scan user benchmark.png

Link to post.

Edit: HitmanPro's Bitdefender Engine flagged it so it's not surprising, given the above VT and Jotti findings.
 
Last edited:

The_King

Level 12
Verified
Top poster
Well-known
Aug 2, 2020
560
Those detection are not wrong at all.




@plat1098 Add this site and their software to your ublock filter list and forget it ever existed!.

 

plat1098

Level 27
Verified
Top poster
Well-known
Sep 13, 2018
1,653
Those detection are not wrong at all.
Big Wow, The_King. I knew about the rep, it's common knowledge by now sadly. Despite UserBenchmark's attempts to make its algorithms less biased, it's never going to shake that, I think.

But I am not sure why the numerous flags as outright malware. Sometimes, very new versions trigger these things but this seems overwhelming. The closest whiff of suspicious behavior when I downloaded it earlier today was that it was already active in my Task Manager without my having launched the installer from my Downloads folder.

I'm interested in what HitmanPro devs say about it because they have the most pragmatic, realistic approach to these things that I have seen. Notice Sophos didn't flag it. But BitDefender's engine did, as did Microsoft's.

I don't intend to use UserBenchmark again as any bias is an instant turn-off, even for an Intel/NVIDIA user. This latest just adds some fuel to that decision.
 

Nightwalker

Level 23
Verified
Helper
Top poster
Content Creator
Well-known
May 26, 2014
1,288
Those detection are not wrong at all.




@plat1098 Add this site and their software to your ublock filter list and forget it ever existed!.


Yes, they are wrong, just because the software is crappy doesnt necessarily mean that it is malicious, in the worst case it should be detected as a PUP or something similar, not as a Trojan.

All I see is the same behavior that I observed years ago and I even made a thread about here on MalwareTips, there are very few vendors that actually does real malware analysis, the rest most of the time are just auto copycats, in this case they are copying BitDefender false positive.

Because BitDefender had a detection and so Microsoft (machine learning "signature" that is false positive prone) the rest automatically give the faulty signature/detection a green light.

Pay attention that ESET and Kaspersky isnt detecting the file ...



Ps: Of course I can be wrong here, but this all make clear that most antivirus solutions just suck.


Kaspersky Lab in the past even baited some competitors that were automatically copying their detections to have a huge number of false positives, ethics apart it was a very interesting experiment.

Edit: Here are the links, I even remember reading some articles in Kaspersky's blog about false positives and copycats (2012 era), but this all become lost after some former Kaspersky employees told a more "sinister" history.


Edit 2: I founded more info, too bad that detailed articles and reports were lost:

The company did note that it had performed one test in collaboration with a computer magazine, assigning clean files a fake threat level in order to show how such false positives are adopted without further testing by the security community. That test, the company said, was publicly documented shortly thereafter and discussed with competitors in order to prevent such an occurrence from actually happening.

Source: Kaspersky Lab Denies Report It Sabotaged Competitors
 
Last edited:

The_King

Level 12
Verified
Top poster
Well-known
Aug 2, 2020
560
But I am not sure why the numerous flags as outright malware. Sometimes, very new versions trigger these things but this seems overwhelming. The closest whiff of suspicious behavior when I downloaded it earlier today was that it was already active in my Task Manager without my having launched the installer from my Downloads folder.
😲
I just downloaded it now to test it myself.

Can you post some screenshot of what was running in your task manager?
 

The_King

Level 12
Verified
Top poster
Well-known
Aug 2, 2020
560
Because BitDefender had a detection and so Microsoft (machine learning "signature" that is false positive prone) the rest automatically give the signature a green light.
I am running BTS and it allowed me to download and install the userbenchmark.exe file without any issues.
 

plat1098

Level 27
Verified
Top poster
Well-known
Sep 13, 2018
1,653
Can you post some screenshot of what was running in your task manager?
Bizarrely, I downloaded the exe again and there was no sign of it in Task Manager this time. Figures! It was deleted from Downloads without incident this time b/c it didn't need to be stopped in Task Manager. Wow, I'm a little ticked at me for not capturing an image of it. But I stick to what I said about it.

HitmanPro still "detects" it. So it's still of interest why all these vendors seem to think this is malware--unless of course, they're copy-catting Bitdefender as Nightwalker says. Would Microsoft follow BT like that though? Even if it's "machine-learning"? :unsure:

VERY interesting thread. I'll be watching...
 

Nightwalker

Level 23
Verified
Helper
Top poster
Content Creator
Well-known
May 26, 2014
1,288
Bizarrely, I downloaded the exe again and there was no sign of it in Task Manager this time. Figures! It was deleted from Downloads without incident this time b/c it didn't need to be stopped in Task Manager. Wow, I'm a little ticked at me for not capturing an image of it. But I stick to what I said about it.

HitmanPro still "detects" it. So it's still of interest why all these vendors seem to think this is malware--unless of course, they're copy-catting Bitdefender as Nightwalker says. Would Microsoft follow BT like that though? Even if it's "machine-learning"? :unsure:

VERY interesting thread. I'll be watching...

No, Microsoft just had an "innocent" false positive because of the tecnology used, machine learning is prone to that and it isnt a huge deal considering how greatly it improves the detection in real malware samples.

In my observations ESET, BitDefender, Kaspersky and Microsoft are the real deal of the industry, they rarely blindly add detections, actually I think other vendors have some sort of algorithm to automatically detect what those security vendors are detecting (and no, they are not just copying the detection name).

Edit: Aha! I found more info about this copycat practice, ESET made a blog post years and years ago about that Kaspersky experiment:

 
Last edited:

plat1098

Level 27
Verified
Top poster
Well-known
Sep 13, 2018
1,653
Here is HitmanPro scan done just a few minutes ago--you'd think it would be whitelisted by now but it's not.

hmp usbm2.png

Same for Defender, just a few min. ago. And the name of the threat changed from prev. post. Hmmm.

defrescan userbn.png

It's been some hours now, actually almost half a day. Let's see what the status is come tomorrow.
 

Nightwalker

Level 23
Verified
Helper
Top poster
Content Creator
Well-known
May 26, 2014
1,288
Here is HitmanPro scan done just a few minutes ago--you'd think it would be whitelisted by now but it's not.


Same for Defender, just a few min. ago. And the name of the threat changed from prev. post. Hmmm.


It's been some hours now, actually almost half a day. Let's see what the status is come tomorrow.

Nice find, the name changed, but it is still a machine learning detection.
 

Nightwalker

Level 23
Verified
Helper
Top poster
Content Creator
Well-known
May 26, 2014
1,288
Yesterday F-Secure, because of Avira engine, was detecting the file as malware, today they whitelisted the file, I forgot about this company, F-Secure is pretty good too and make part of the "real" security vendors.

Before - 24 detections :
YKZxeim.jpg


Now - 22 detections:

1bthZcR.jpg


Ps: Avira is not detecting it anymore, but F-Secure removed the detection first.
 
Last edited by a moderator:

The_King

Level 12
Verified
Top poster
Well-known
Aug 2, 2020
560
21 detections now, Microsoft fixed it as expected.
Perfect karma for these guys.

I'm sure weeks, months even years from now someone on some forum will say don't use userbench its filled with malware.

They 1000% deserve this. Initially I thought the detection's had to do with their websites bad rep but after testing saw this was not the case.

My personal opinion on the matter has not changed. Block the website and boycott the software. (They still have those BIAS reviews up on their site)
 
  • Like
  • Applause
Reactions: plat1098 and Nevi

plat1098

Level 27
Verified
Top poster
Well-known
Sep 13, 2018
1,653
Fully 24 hours later and Bitdefender has not whitelisted UserBenchmark. 15 vendors still flag this on VirusTotal. Jotti scan still isn't pretty. As stated before by Nightwalker, Microsoft whitelisted this and a Quick Scan on here was clean with the UBM exe in my downloads, but all things considered, this is very slow to get completely legit. I'm so curious now! :D No self-respecting software would settle for this, right?

ubm11232021.png
hitmanproubm11232021.png
 

Nightwalker

Level 23
Verified
Helper
Top poster
Content Creator
Well-known
May 26, 2014
1,288
Fully 24 hours later and Bitdefender has not whitelisted UserBenchmark. 15 vendors still flag this on VirusTotal. Jotti scan still isn't pretty. As stated before by Nightwalker, Microsoft whitelisted this and a Quick Scan on here was clean with the UBM exe in my downloads, but all things considered, this is very slow to get completely legit. I'm so curious now! :D No self-respecting software would settle for this, right?


Bitdefender finally fixed the false positive (along with other solutions that use its engine), the rest will probably follow later on.
 
Last edited: