Infected Defrag EXE

a sort of DISCLAIMER:
I want to share with you my record of an infection discovery incident, yet I wish more so to AVOID the defamation of IObit, as I feel fortunate to have benefited from many uses of their freeware sys optimization product.

I suspect that the occurrence of infection I experienced was unrelated to the defragmentation software itself, yet I must question (rhetorically): is this an isolated incident, or was the infection due to a vulnerability in the defrag software routine?

I've been a relatively long-time-fan of IOBit Advanced Windows Care Personal edition-- since... '05-ish. A Freeware download, it has served me far more than I expected.

Having earned my trust, i decided to bite on IOBit's SmartDefrag solicitation and likewise have used it for approx 11 months or more. Recently, Avast! Home Ed. [my antifungal crotch-cream of choice] discovered a virus in SmartDefrag.exe

Please see the attached image, illustrating the location and name of the file, etc.

Again, this is mostly an FYI, but i'm curious of your feedback as well.
For what it's worth, I decided to try the "Lite" DKeepr i found here. didn't know about that one, but it sure works for me! thanks, majorgeeks!

 

Hi, Halo. thanks for your prompt reply!

yea, i know about the false-positive issue [was almost going to throw it into the mix, but felt my rhetoric was ambiguous to begin with... so i decided to abstain.. hehe..]

but weird thing is... i mean, i've had the two there workin' together for a while. why the sudden -- 'oh, hey-- there's a virus... let's pick out this app as a virus, even though we've scanned it as "okay" hundreds of times over'.?

well, i'm certainly no expert on _mal_ware and anti-_mal_ware

so, going w/ what you've advised, Halo, is it basically an issue of-- the def's they [Alwil] released that day, probably contained some heuristics which turned-on smartdefrag.exe, fingering it falsely? is that how that would work?

an infection was spotted in an iframe [i think] as i was browsing a few weeks ago which, when reported at the Avast! forum, the general consensus there too was 'false-positive'. i guess this is the price we pay for security. ha!-- almost a reflection of crap we have to deal with outside of the world of 1's and 0's, eh? hehe... [Sir, you've got long hair, nasty gas, and dumpy draws! i'm going to have to ask you to empty your pockets so the Gimp can give you a once-over... uh with the metal-detector here...]

but seriously, thanks for the FAST feedback. i have some other Q's i might post here too then if i can ever find the dan time!
;-)

 

cool. good to see some hands in the crowd, in agreement on this.

EDIT: i just noticed something about the semantics of that screencap (my first post). it reads ".. Sign of [XYZ virus] in [ ABC app]..."

Are we to assume that "Sign of", by default, is not necessarily the same as "Virus Detected"? hmm....

[shet, i didn't mean to drag this topic out cause i know there's others out there w/ more important issues, but... ]

so-- what should one do then-- as one is want to panic, and fiddle about-- just unbearable the thought of letting it sit there, ya know?

don't get me wrong-- i want to do the right thing. and, i can handle the concept of the false positive.... err... uh... can't i? :confused

i guess, it's best to do as Halo said? send to the URL http://virusscan.jotti.org/ ... and be as patient as can be, eh?
i think the cats at Alwil told me to do the same for the iframe false-pos i received. but gawl-diggitty if i can't find the time sometimes-- it's like all day, this stuff, you know-- @Halo, i don't know how you do it! (assuming y'all have day jobs, or at least, your own gig outside of here dev'ing stuff... etc.). [::sigh!:: ... ADD sufferer here-- it's like NOTHING ever is accomplished here. doesn't help that i can't stop typing. but i can't. it's that, or... erase it all, start over. but-- still, time has gone by-- even if you don't have to suffer through reading it!]

anyway-- anyone have any 'temporary-quarantine' tricks?
for example-- instead of taking Revo Uninstall to the safely "quarantined" defrag utility... could I have left it in there, and-- what, just un-quarantine it? [never done that, hence the inquiry]
is that "how it's done". man, i'm ashamed to ask that... but i am inexperienced in the 'false-positive' / un-quarantine dept.

thanks, guys and gals for all of your generous help here at Forums.MajorGeeks.com !!
i must remark that i'm pleased by the friendly atmosphere so far!