Browser Cleanup saying WinPatrol's setup is "Yontoo"

[ky331]

This morning, when I ran Browser Cleanup, it warned me that
"Browser Cleanup has detected one or more toolbar protectors on your system:
 - Yontoo
It is strongly recommended to completely remove them from your system, otherwise Browser Cleanup may not be able to remove the unwanted toolbars.
Do you want to completely remove these protectors?"

Opening up the Avast-Browser-Cleanup.log , I found the following allegation:
Protector found:     "Yontoo" : [ "c:\\progra~3\\instal~1\\{6a206~1\\setup.exe" ]

Sifting through my directory structure, I was able to reveal the full path/filename as
C:\ProgramData\InstallMate\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}\setup.exe
which is part of the WinPatrol 32.0.2014.5 installer/uninstaller:
Copyright © 2014 Ruiware, LLC

The files in this folder are required for a clean update or removal
of the above product. Please do not delete them.


Someone needs to confirm and correct this!

[Asyn]

-> https://forum.avast.com/index.php?board=54.0

[Pondus]

Someone needs to confirm and correct this!

and you have of course checked that installer at VT ....

[ky331]

Pondus:   Clean --- 0/55 --- from VirusTotal  https://www.virustotal.com/en/file/28f6f2d682cdc26088c5780b142033d42e88e3b8a3e5b4d35a7fb5b08d243dbf/analysis/1437746383/

Asyn:   Thanks.   For anyone searching, I have re-posted this topic in the Browser Cleanup Tool sub-forum:   https://forum.avast.com/index.php?topic=174075.0

[Asyn]

You're welcome.

[Pondus]

Pondus:   Clean --- 0/55 --- from VirusTotal  https://www.virustotal.com/en/file/28f6f2d682cdc26088c5780b142033d42e88e3b8a3e5b4d35a7fb5b08d243dbf/analysis/1437746383/

Asyn:   Thanks.   For anyone searching, I have re-posted this topic in the Browser Cleanup Tool sub-forum:   https://forum.avast.com/index.php?topic=174075.0

if you click the Additional Information tab and scroll down to the bottom

Advanced heuristic and reputation engines  detected by ClamAV and Symantec as suspicious

however the file is very old at VT .... so yes should be clean
First submission 2013-04-18 02:22:41 UTC ( 2 years, 3 months ago )

[ky331]

Pondus,

I'll grant what you're saying... for what it's worth, Symantec notes that "Suspicious.Insight is a detection for files that have not yet developed a strong reputation among Symantec’s community of users".  If that's all they have against it...

Clicking on the File Detail tab, we see that the file is signed, counter-signed, and verified.

Clicking on the Comments tab, we have personal confirmation from WinPatrol's developer Bill Pytlovany that the file is indeed from WinPatrol, that it's used by InstallMate, and that removing it will prevent the user from uninstalling WinPatrol.   

If you choose to believe that WinPatrol is a PUP, you're certainly entitled to your opinion.   But millions of satisfied WinPatrol users will beg to differ.

[Eddy]

1]
There is no need to start multiple threads about the same thing.

2]

But millions of satisfied WinPatrol users will beg to differ.

Sure, and the same millions of people are also keep running malware because they like the application(s).

3]

Clicking on the File Detail tab, we see that the file is signed, counter-signed, and verified.

I can write malware and sign it. But that doesn't mean it isn't malware.

[Pondus]

Clicking on the File Detail tab, we see that the file is signed, counter-signed, and verified.

This you will see on many PUP as PUP are not malicious programs

PUP / PUA = Possible Unwanted Program / Application
So for some it can be a annoyware and for others not

If you choose to believe that WinPatrol is a PUP, you're certainly entitled to your opinion.   But millions of satisfied WinPatrol users will beg to differ.

I dont use it but think it is okay .... unless they have started bundling it with something extra?
i think it may have a new owner / developer now?  https://forum.avast.com/index.php?topic=150549.0


anyway you may report it to avast lab and see what they say

[ky331]

I had no intention to double-post.   The only reason why I did was that, upon posting here, Asyn replied, directing me to the other board as being the appropriate place for posting this topic.   I was simply following his/her directions.

Yes, WinPatrol has changed ownership.   But I'm still using an old version on this particular system, so I don't see it as plausible that anything has been newly added to this old installer, which has resided on my PC for well-over a year.   I've run the Avast Browser Cleanup (from within the main Avast UI) occasionally during that time, and it never picked-up on this particular detection/file until today.

Gentlemen:   I have reported this here as a courtesy to other avast/WinPatrol users who may be impacted as well.   Perhaps I'm being overly sensitive, but in my opinion, all I've gotten back is a lot of "attitude" and "sarcasm" from some (but not all) of the responders.   If you want to take offense to my saying this, be my guest.   I've done my job here and will not be replying to this thread again.

Have a good day.