Malwarebytes flagging EaseUS Partition Master

Page 1 of 2 12 LastLast
  1. Ztruker's Avatar
    Posts : 8,481
    Windows 10 Pro X64 1903 189362.439
       #1

    Malwarebytes flagging EaseUS Partition Master


    EaseUS Partition Master installer, epm.exe is being flagged by Malwarebytes as a PUP. It contains OpenCandy which is used to install other, non-wanted software. It also blocks Outbound connection attempts to dpd.securestudies.com and is considered Riskware.

    I've uninstalled EaseUS Partition Master for now, even though I like and have used it in the past.
      My ComputersSystem Spec

  2.    #2

    It's also flagging Auslogics Disk Defragger as a pup.
      My ComputerSystem Spec

  3. Ztruker's Avatar
    Posts : 8,481
    Windows 10 Pro X64 1903 189362.439
    Thread Starter
       #3
      My ComputersSystem Spec

  4.    #4

    Malwarebytes flagged EaseUS on my PC about 6 months back. I too deleted it, as I didn't use it much, secondly I trust Malwarebytes.
      My ComputerSystem Spec

  5.    #5

    Thanks...but I've seen all that already....and no matter what malwarebytes suggest to add it to the excluded section, it still returns it as a PUP on every scan. The PITA of having to untick it after every scan sucks....but it is what it is. I've even sent a a few support tickets....and the help given is just some generic stamped responses as suggested from your link. Which never works. Then comes the emails on how was there support help. WTFE!!!!!!!
      My ComputerSystem Spec

  6. ThrashZone's Avatar
    Posts : 5,070
    3-Win-7Prox64 2-Win10Prox64
       #6

    Hi,
    Where's the download coming from cnet ?
      My ComputersSystem Spec


  7.    #7

    ThrashZone said: View Post
    Hi,
    Where's the download coming from cnet ?
    I download it directly from Malwarebytes website, where I always download it. It's the paid version.
    Free Antivirus Replacement & Anti-Malware Tool | Malwarebytes
      My ComputerSystem Spec

  8.    #8

    Malwarebytes has flagged a few of my software as well. .uTorrent, (it even flagged Chrome). And i downloaded both from their actual websites. I had to add them to the exclusions. There was no way around it.
      My ComputersSystem Spec

  9. TairikuOkami's Avatar
    Posts : 3,806
    Home 1903 x64 10.0.18362.267
       #9

    Indeed. Either add it to exclusions, or get rid of that junk, meaning Malwarebytes.
      My ComputerSystem Spec

  10. Callender's Avatar
    Posts : 1,417
    Windows 10 Home 1809 32-bit
       #10

    If OpenCandy is detected you clean install by dropping the installer onto the windows opened by the batch file referenced here:

    Looking for freeware to burn bin/cue other than imgburn - Page 2 - Windows 7 Help Forums

    This download scans clean:

    Download EaseUS Partition Master Free 12.9 - FileHippo.com

    Click image for larger version. 

Name:	pestudio 8.79 - Malware Initial Assessment.jpg 
Views:	1 
Size:	89.0 KB 
ID:	197540

    Installed via batch file

    Click image for larger version. 

Name:	Installer.jpg 
Views:	46 
Size:	37.5 KB 
ID:	197541

    Blocked connections in firewall:

    Click image for larger version. 

Name:	COMODO Advanced Settings.jpg 
Views:	45 
Size:	34.6 KB 
ID:	197542

    Click image for larger version. 

Name:	COMODO View Logs.jpg 
Views:	1 
Size:	40.4 KB 
ID:	197543

    Code:
    =======================================================
    ** Sunday 29/07/2018 12:30:00 **
    Important Executables and Driver Files
    Files Added :-
    c:\windows\system32\EuEpmGdi.dll -  Size=21,088  Date=Tue Nov 18 14:46:56 2014  Attributes=---A-
    =======================================================
    ** Sunday 29/07/2018 12:30:10 **
    Important Executables and Driver Files
    Files Added :-
    c:\windows\system32\BootMan.exe -  Size=3,291,792  Date=Fri Mar 02 10:02:54 2018  Attributes=---A-
    c:\windows\system32\setupempdrv03.exe -  Size=122,000  Date=Fri Dec 01 16:32:10 2017  Attributes=---A-
    =======================================================
    ** Sunday 29/07/2018 12:30:18 **
    Important Executables and Driver Files
    Files Added :-
    c:\windows\system32\epmntdrv.sys -  Size=31,296  Date=Wed Jan 17 00:00:08 2018  Attributes=---A-
    c:\windows\system32\EPMVolFlt.sys -  Size=28,776  Date=Thu Nov 23 11:47:40 2017  Attributes=---A-
    c:\windows\system32\EuGdiDrv.sys -  Size=10,208  Date=Mon Jul 11 10:01:24 2016  Attributes=---A-
    =======================================================
    ** Sunday 29/07/2018 12:30:23 **
    Important Executables and Driver Files
    Files Added :-
    c:\windows\system32\drivers\EPMVolFlt.sys -  Size=28,776  Date=Thu Nov 23 11:47:40 2017  Attributes=---A-
    =======================================================
    ** Sunday 29/07/2018 12:30:40 **
    Low-level Drivers and Services
    Registry Key hkey_local_machine\system\ControlSet001\services
    Subkey epmntdrv has been added
    Subkey EPMVolFlt has been added
    Subkey EuGdiDrv has been added
    =======================================================
    ** Sunday 29/07/2018 12:30:52 **
    Low-level Drivers and Services
    Registry Key hkey_local_machine\system\CurrentControlSet\services
    Subkey epmntdrv has been added
    Subkey EPMVolFlt has been added
    Subkey EuGdiDrv has been added
    =======================================================
    ** Sunday 29/07/2018 12:31:00 **
    Additional Security
    Registry Key hkey_local_machine\system\ControlSet001\control\safeboot\minimal
    Subkey epmntdrv has been added
    Subkey EuGdiDrv has been added
    =======================================================
    ** Sunday 29/07/2018 12:31:03 **
    Additional Security
    Registry Key hkey_local_machine\system\CurrentControlSet\control\safeboot\minimal
    Subkey epmntdrv has been added
    Subkey EuGdiDrv has been added
    =======================================================
    ** Sunday 29/07/2018 12:31:07 **
    Additional Security
    Registry Key hkey_local_machine\system\ControlSet001\control\safeboot\network
    Subkey epmntdrv has been added
    Subkey EuGdiDrv has been added
    =======================================================
    ** Sunday 29/07/2018 12:31:11 **
    Additional Security
    Registry Key hkey_local_machine\system\CurrentControlSet\control\safeboot\network
    Subkey epmntdrv has been added
    Subkey EuGdiDrv has been added
    =======================================================
    ** Sunday 29/07/2018 12:31:14 **
    Launched TrayTipAgentE.exe[4728]
    epm0.exe[4108]
    Main.exe[10040]  epm0.exe[4108]
    Run Keys and Startup Files
    Registry Key hkey_local_machine\software\microsoft\windows\currentversion\run
    Value EaseUS EPM Tray Agent (S) will be a new value with data
    "C:\Program Files\EaseUS\EaseUS Partition Master 12.9\bin\TrayPopupE\TrayTipAgentE.exe"
    =======================================================
    ** Sunday 29/07/2018 12:31:16 **
    Change Accepted
    Last edited by Callender; 29 Jul 2018 at 06:56. Reason: add info
      My ComputerSystem Spec


 
Page 1 of 2 12 LastLast

Related Threads
I'm rebuilding my computer (clean install). I used to have a free copy of EaseUS Partition Manager - but I deleted the installation file and tried to download the latest version. However, the latest version appears to be a TRIAL only. How can I...
Unlimited Giveaway - EaseUS Partition Master Professional 12.5 - 24 hours | MalwareTips.com Page is in German- installer will run in appropriate language. Just worked for me at 6:14 in the UK
Hi, an advice. For partition I always used Gparted but lately (the last years) I used EaseUs Partition Master Free because is works INSIDE the OS and not like a live-cd. Since I have the need again to use a software like that in my new PC,...
Hey guys, I'm having problems here. Here's my situation: i have 60GB SSD and two SATA disks with Windows 10 on the SSD disk. But because the small 60GB SSD was always running full, i've bought a 250GB SSD yesterday. So, i disconnected one of the...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 07:10.
Find Us