Assigned Zemana caught XDM as Trojan

This thread is being handled by a member of the staff.
Status
Not open for further replies.

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
hi everybody ,
i thought that i might be infected by a malware as my machine became very slow
so i used Zamana Anti-malware as an on demand scanner to scan my laptop
i was surprised that it caught XDM (xtreme download manager) as a Trojan.
so i want to know if it is a false positive or it is actually a Trojan and delete it.

more details copied from Zemana:
Trojan:Win32/Poweliks
Status : Scanned
Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\XDM
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Malware
Cleaning Action : Delete
Related Objects :
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\XDM = "C:\Program Files (x86)\XDM\jre\bin\javaw.exe" -Xmx1024m -jar "C:\Program Files (x86)\XDM\xdman.jar" -m

Malwarebyte results:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/25/18
Scan Time: 4:40 PM
Log File: dfb2645c-a874-11e8-9857-1c3e842aa1b4.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.6505
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mohamed-PC\Mohamed

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 254439
Threats Detected: 29
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 18 min, 15 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 4
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, No Action By User, [3807], [398206],1.0.6505
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, No Action By User, [3807], [380353],1.0.6505
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, No Action By User, [3807], [380352],1.0.6505
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, No Action By User, [3807], [396386],1.0.6505

Module: 7
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, No Action By User, [3807], [398206],1.0.6505
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, No Action By User, [3807], [380353],1.0.6505
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, No Action By User, [3807], [380352],1.0.6505
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, No Action By User, [3807], [396386],1.0.6505
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, No Action By User, [3807], [396386],1.0.6505
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, No Action By User, [3807], [396386],1.0.6505
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, No Action By User, [3807], [396386],1.0.6505

Registry Key: 7
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC11_PerformanceMonitor, No Action By User, [3807], [380341],1.0.6505
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EE4D954A-F31E-4776-823C-42341686008B}, No Action By User, [3807], [380341],1.0.6505
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{EE4D954A-F31E-4776-823C-42341686008B}, No Action By User, [3807], [380341],1.0.6505
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASC11_SkipUac_Mohamed, No Action By User, [3807], [380341],1.0.6505
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A72F188F-C461-45AE-A911-B2C13B980967}, No Action By User, [3807], [380341],1.0.6505
PUP.Optional.AdvancedSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{A72F188F-C461-45AE-A911-B2C13B980967}, No Action By User, [3807], [380341],1.0.6505
PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService11, No Action By User, [3807], [380352],1.0.6505

Registry Value: 1
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-3173155449-446945268-500677902-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE 11, No Action By User, [3807], [380353],1.0.6505

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 10
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_PerformanceMonitor, No Action By User, [3807], [380341],1.0.6505
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC11_SkipUac_Mohamed, No Action By User, [3807], [380341],1.0.6505
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, No Action By User, [3807], [398206],1.0.6505
PUP.Optional.AdvancedSystemCare, C:\USERS\MOHAMED\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\USER PINNED\TASKBAR\Advanced SystemCare 11.lnk, No Action By User, [3807], [380340],1.0.6505
PUP.Optional.AdvancedSystemCare, C:\USERS\PUBLIC\DESKTOP\Advanced SystemCare 11.lnk, No Action By User, [3807], [380338],1.0.6505
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, No Action By User, [3807], [380353],1.0.6505
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, No Action By User, [3807], [380352],1.0.6505
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, No Action By User, [3807], [396386],1.0.6505
PUP.Optional.AdvancedSystemCare, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Advanced SystemCare 11.lnk, No Action By User, [3807], [396386],1.0.6505
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASC.EXE, No Action By User, [3807], [396386],1.0.6505

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)



Note: the setup executable file was downloaded from source forge website as it is an open source software
Update: i scanned with Malwarebytes antimalware which doesnot caught it (it caught Advanced system care as PUP)

Thanks in advance

 

Attachments

  • 1535205880544.png
    1535205880544.png
    44 KB · Views: 532
Last edited:
  • Like
Reactions: Sunshine-boy

DDE_Server

Level 22
Thread author
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
i am also had giveaway from shareware on sale but still donot use it when Emsisoft Antimalware licence expire (has only 90 day ) i will use it beside WSA which i think will be good combo @BryanB
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Zemana was very agressive, maybe that makes it good?

But on other side that gave me only false positives, and even submitted those fps to them nothing has changed so i ended to remove whole software
 

KevinYu0504

Level 5
Verified
Well-known
Mar 10, 2017
227
Zemana's customer services is still alive ,
you can send a email or using their official website's " live chat " to report the false positive ,
they will try to reanalysis it .

However just like other member says , Zemana already stop upgrade for very long time ,
something must bad happen on their company .
 
Last edited:
  • Like
Reactions: DDE_Server
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top