Malwarebytes flagging EaseUS Partition Master

Ztruker · 28 Jul 2018

EaseUS Partition Master installer, epm.exe is being flagged by Malwarebytes as a PUP. It contains OpenCandy which is used to install other, non-wanted software. It also blocks Outbound connection attempts to dpd.securestudies.com and is considered Riskware.

I've uninstalled EaseUS Partition Master for now, even though I like and have used it in the past.

Plankton · 28 Jul 2018

It's also flagging Auslogics Disk Defragger as a pup.

Ztruker · 28 Jul 2018

See this: https://forums.malwarebytes.com/topi...cdefrag-a-pup/

Stitch194 · 28 Jul 2018

Malwarebytes flagged EaseUS on my PC about 6 months back. I too deleted it, as I didn't use it much, secondly I trust Malwarebytes.

Plankton · 28 Jul 2018

Ztruker said:

See this: https://forums.malwarebytes.com/topi...cdefrag-a-pup/

Thanks...but I've seen all that already....and no matter what malwarebytes suggest to add it to the excluded section, it still returns it as a PUP on every scan. The PITA of having to untick it after every scan sucks....but it is what it is. I've even sent a a few support tickets....and the help given is just some generic stamped responses as suggested from your link. Which never works. Then comes the emails on how was there support help. WTFE!!!!!!!

ThrashZone · 28 Jul 2018

Hi,
Where's the download coming from cnet ?

Plankton · 29 Jul 2018

ThrashZone said:

Hi,
Where's the download coming from cnet ?

I download it directly from Malwarebytes website, where I always download it. It's the paid version.
Free Antivirus Replacement & Anti-Malware Tool | Malwarebytes

JAM83 · 29 Jul 2018

Malwarebytes has flagged a few of my software as well. .uTorrent, (it even flagged Chrome). And i downloaded both from their actual websites. I had to add them to the exclusions. There was no way around it.

TairikuOkami · 29 Jul 2018

Indeed. Either add it to exclusions, or get rid of that junk, meaning Malwarebytes.

Callender · 29 Jul 2018

If OpenCandy is detected you clean install by dropping the installer onto the windows opened by the batch file referenced here:

Looking for freeware to burn bin/cue other than imgburn - Page 2 - Windows 7 Help Forums

This download scans clean:

Download EaseUS Partition Master Free 12.9 - FileHippo.com

Malwarebytes flagging EaseUS Partition Master-pestudio-8.79-malware-initial-assessment.jpg

Installed via batch file

Malwarebytes flagging EaseUS Partition Master-installer.jpg

Blocked connections in firewall:

Malwarebytes flagging EaseUS Partition Master-comodo-advanced-settings.jpg

Malwarebytes flagging EaseUS Partition Master-comodo-view-logs.jpg

Code:

=======================================================
** Sunday 29/07/2018 12:30:00 **
Important Executables and Driver Files
Files Added :-
c:\windows\system32\EuEpmGdi.dll -  Size=21,088  Date=Tue Nov 18 14:46:56 2014  Attributes=---A-
=======================================================
** Sunday 29/07/2018 12:30:10 **
Important Executables and Driver Files
Files Added :-
c:\windows\system32\BootMan.exe -  Size=3,291,792  Date=Fri Mar 02 10:02:54 2018  Attributes=---A-
c:\windows\system32\setupempdrv03.exe -  Size=122,000  Date=Fri Dec 01 16:32:10 2017  Attributes=---A-
=======================================================
** Sunday 29/07/2018 12:30:18 **
Important Executables and Driver Files
Files Added :-
c:\windows\system32\epmntdrv.sys -  Size=31,296  Date=Wed Jan 17 00:00:08 2018  Attributes=---A-
c:\windows\system32\EPMVolFlt.sys -  Size=28,776  Date=Thu Nov 23 11:47:40 2017  Attributes=---A-
c:\windows\system32\EuGdiDrv.sys -  Size=10,208  Date=Mon Jul 11 10:01:24 2016  Attributes=---A-
=======================================================
** Sunday 29/07/2018 12:30:23 **
Important Executables and Driver Files
Files Added :-
c:\windows\system32\drivers\EPMVolFlt.sys -  Size=28,776  Date=Thu Nov 23 11:47:40 2017  Attributes=---A-
=======================================================
** Sunday 29/07/2018 12:30:40 **
Low-level Drivers and Services
Registry Key hkey_local_machine\system\ControlSet001\services
Subkey epmntdrv has been added
Subkey EPMVolFlt has been added
Subkey EuGdiDrv has been added
=======================================================
** Sunday 29/07/2018 12:30:52 **
Low-level Drivers and Services
Registry Key hkey_local_machine\system\CurrentControlSet\services
Subkey epmntdrv has been added
Subkey EPMVolFlt has been added
Subkey EuGdiDrv has been added
=======================================================
** Sunday 29/07/2018 12:31:00 **
Additional Security
Registry Key hkey_local_machine\system\ControlSet001\control\safeboot\minimal
Subkey epmntdrv has been added
Subkey EuGdiDrv has been added
=======================================================
** Sunday 29/07/2018 12:31:03 **
Additional Security
Registry Key hkey_local_machine\system\CurrentControlSet\control\safeboot\minimal
Subkey epmntdrv has been added
Subkey EuGdiDrv has been added
=======================================================
** Sunday 29/07/2018 12:31:07 **
Additional Security
Registry Key hkey_local_machine\system\ControlSet001\control\safeboot\network
Subkey epmntdrv has been added
Subkey EuGdiDrv has been added
=======================================================
** Sunday 29/07/2018 12:31:11 **
Additional Security
Registry Key hkey_local_machine\system\CurrentControlSet\control\safeboot\network
Subkey epmntdrv has been added
Subkey EuGdiDrv has been added
=======================================================
** Sunday 29/07/2018 12:31:14 **
Launched TrayTipAgentE.exe[4728]
epm0.exe[4108]
Main.exe[10040] « epm0.exe[4108]
Run Keys and Startup Files
Registry Key hkey_local_machine\software\microsoft\windows\currentversion\run
Value EaseUS EPM Tray Agent (S) will be a new value with data
"C:\Program Files\EaseUS\EaseUS Partition Master 12.9\bin\TrayPopupE\TrayTipAgentE.exe"
=======================================================
** Sunday 29/07/2018 12:31:16 **
Change Accepted