Advice Request KerishDoctor.A potentially unwanted application

Please provide comments and solutions that are helpful to the author of this topic.

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,863
ESET detects many such programs as PUA and PUA is not enabled by default.
If you want to keep using Kerish Doctor then you may create a detection exclusion for it in ESET which would make ESET not to detect anything with this signature.
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Did you download Kerish from the official site? You can upload the .exe to VirusTotal.

VirusTotal

This is ESET's stand on PUAs.


ESET will prob. not figure this as a false-positive so if you are comfortable with Kerish, tell ESET via the UI to exclude it from scanning.
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,715
I just received a warning from ESET Smart Security Premium - C:\Program Files (x86)\Kerish Doctor\kerishdoctor.exe - a variant of Win32/KerishDoctor.A potentially unwanted application
Eset wants to delete it? anyone have any advice?
WOW I had the same popup this morning, although my Kerish file was in compressed .rar file on e:\\ miscellaneous storage drive. something to do with a variant of win32. I didn't need .rar so I wiped it. Curious that ESET scanned it, unless it automatically scanned all the ssd overnight. :unsure:
 

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
I've never really got on with Kerish Doctor. I've downloaded it a few times when I've seen it offered for free and a couple of times at least my AV at the time (probably F-Secure SAFE/Emsisoft AM, sorry I can't remember which) its been flagged as suspicious so I've just got rid of it. There seems to be a history of AVs not trusting Kerish Doctor. Perhaps someone else here can add more detail.
 

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,714
I've never really got on with Kerish Doctor. I've downloaded it a few times when I've seen it offered for free and a couple of times at least my AV at the time (probably F-Secure SAFE/Emsisoft AM, sorry I can't remember which) its been flagged as suspicious so I've just got rid of it. There seems to be a history of AVs not trusting Kerish Doctor. Perhaps someone else here can add more detail.
Unless there was recent change in Kerish Doctor. It’s most likely a false positive.

I kinda feel that some vendors don’t actually bother to accurate detect all the time if a sample is malicious or “potentially” unsafe

Btw, roger made detailed post about the product
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,863
Guys don't overthink it and no need to to contact support over this.
Firstly, this is not a false positive. Just look at the detection name. ESET now considers Kerish Doctor as a PUA. ESET adds PUA detection for many such apps and they won't remove this detection. The creation of this kind of exact detection is a concise choice from them.
I have a portable version of a downloader named, EagleGet which I use on rare occasions. ESET suddenly added a similar named PUA detection for it in the middle of last year. Since I use it, I created a signature exclusion for it in my ESET. Now ESET would never detect any EagleGet files with this exact EagleGet signature on my system. I trust this app so it's safe.
The case of Kerish Doctor is the same. ESET has now created a PUA detection for it, as they did in the past for IOBIT, AusLogics, Microsoft Bing Wallpaper, Avast installer, uTorrent, etc many other apps. It's normal for them. Nothing to be panicked/surprised about it. If you trust it, and want to use it then create an exclusion. ESET gives you the option of many types of exclusions like file based, folder based, signature based and hash based.
 

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,714
A possible reason was given here


It has been classified some days ago by AE as a deceptor app (AppEsteem - Deceptor List), so several vendors will start detecting it as PUA. Reasons why they classified it as a deceptor can be found on that page.
 

Divine_Barakah

Level 33
Verified
Top Poster
Well-known
May 10, 2019
2,289
A possible reason was given here

According to the link you provided, Kerish is detected as PUP for the following reasons.

The application exaggerates missing, invalid empty registry keys and non-critical items known as junks like caches and outdated temp files as "Problems", misleading or scaring user to take action.
The application exaggerates invalid empty registry keys as "Problems", and requires customer to purchase the app in order to complete the fix for the non-permanent issues.
The install does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy. The app does not display links to the EULA or Terms of Service, Returns and Cancellation Policy, Privacy Policy.
The application's has no mention of a 30 days refund policy.
The application elevates its consumer trust level by displaying a unverifiable five star awards from multiple software reviewers on its landing page.

While I agree with what is mentioned above, Kerish Doctor does provide users with useful stuff such as the driver updater (which I personally use). At the end, it is up to the user to decide whether they need it or not.
 

Shadowra

Level 37
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,617
F-Secure also works on my mother's PC. (detection coming from Avira)

And the last VT is not glorious... (Panda Dome, Fortinet, Symantec / Norton & co)

Capture d’écran 2023-01-21 184249.png

 

KerishProducts

From Kerish
Verified
Developer
Nov 25, 2019
3
Hello, we are Kerish Products - system software developer.
Due to the incident, we would like to make an official statement.

First of all, we want to say that we are unpleasantly surprised by the false detection of our Kerish Doctor product as potentially unwanted software.

We have been developing our Kerish Doctor product for 18 years since 2005. Kerish Doctor is a classic Shareware product. Our product has a trial period of work and free of charge services the computer within 15 days. After that, if the user is satisfied with the work of the program and wants to continue working with it, then he has the right to buy a license key and use it to activate the program for further work.

Over the past 18 years, our product has been doing the following:
  • Defragments HDD drives when the computer is idle.
  • Monitors the temperature of PC devices as well as S.M.A.R.T disk information
  • Updates device drivers and software to the latest version from our server (monthly updated driver database)
  • Removes remnants of uninstalled apps if present
  • Cleans PC from junk (like CCleaner)
  • Protects PC from malware (daily updated threat database)
  • Fixes corrupt entries in the system registry
  • File recovery on NTFS
And much more that is already available in the trial version.

On January 19, appesteem_com site suddenly published a series of claims about our product.

Claim-01.png

Claim-02.png


Based on this information, several antiviruses began to falsely detect our software as potentially unwanted application.
This causes the application to stop working for thousands users of Kerish Doctor.
In fact, this antiviruses is permanently removing the ability to use our software for all of our users who have the misfortune of having both of these products on a PC.
In addition, we have an unfair blow to our reputation.

We have already solved all the claims of site appesteem_com, although we do not agree with them.
We also contacted them and provided evidence of the correction of their claims.
We hope that all unfair accusations of our product will be removed as soon as possible.


Claim-Fixed-01.png


Claim-Fixed-02.png


We are ready to provide any support that will help resolve this conflict.
We are ready to answer any questions about the operation and functioning of our product.
 

Ink

Administrator
Verified
Jan 8, 2011
22,490
Well decided to uninstall, thanks for the input.
Good choice.

All software cleaners that advertise absurb claims are scams. Having stopped using them since 2015, my systems have been more stable than ever.

CCleaner claims to:
  • get up to 34% more speed and 30% more battery life from your PC
  • improves things like your PC's visuals, sound, and internet connectivity while preventing software bugs, hardware problems, and crashes
  • analyzes your PC and recommends quick fixes, then automatically tunes and updates it so it starts and runs faster, and is more secure
  • cleans up these files, temporarily freezes apps when you're not using them, and updates software drivers to make your PC faster
  • registry cleaner clears out this clutter to make your PC more stable, and Driver Updater helps you keep on top any unruly, out-of-date drivers
  • speed up your PC's boot time by letting you disable unneeded programs
Kerish Doctor claims to:
  • boost your computer's speed up to 50%
  • clean up to 500 MB of garbage per day
  • reduce the risk of crashes by up to 30%

If you want a more faster and powerful PC, you will need to upgrade the physical hardware or components to the latest technology standards. Software cannot do that.

Use your search engine and type in the products names, and see what is promoted as their description. Most claim to speed up you PC.
 

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
If you want a more faster and powerful PC, you will need to upgrade the physical hardware or components to the latest technology standards. Software cannot do that.

Use your search engine and type in the products names, and see what is promoted as their description. Most claim to speed up you PC.

Just installed windows 10 over windows 8 on friends computer. 4gb ram, old intel 5 @ 2,1ghz and integrated gpu... first thing i saw was ccleaner freezing the whole computer up. Now its much faster laptop without ccleaner and windows 10 made it live a new life for real(y)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top