• Content count

  • Joined

  • Last visited

About markemg

  • Rank
  • Birthday
  1. I don't know if anyone else has mentioned this - but under Windows XP if you go to My Computer you can see the disk drive icon. If I right-click on the icon SAS does not have a way to scan the disk drive. Instead, I have to open the disk drive, select everything, and then select the "Scan all selected files" which is VERY scary because it would be very - very - very easy to accidentally select the "Secure DELETE" that is right below the first option. So I'd like to make two suggestions. 1. Change the menu for the right-click so when looking at an icon of a disk drive you can scan it with SAS. 2. Remove (or at least put some white space between) the option to scan all selected files and the option to delete all selected files so there is less of a chance to do so. To further let you guys know my concern over this - I have a weebly-woobly mouse wheel that has a mind of its own. Luckily it doesn't automatically do the clicking of the mouse. But I have had it move the option I'm about to select to another option. The mouse is like 10 years old and I have a new one on order. But there have been a few "OH SH*T!" times lately when the mouse wheel has tried to get me to do all sorts of things as it scrolls up or down the screen with a mind of its own. So a bit of white space would be appreciated so the delete mechanism is not jamb up against the scan request. Thanks for considering these changes. Mark PS: Or if you happen to have a spare sonic screwdriver laying around - I could use that too.
  2. I made sure i had the latest update and what is happening now is - when I compile that script (or any other for that matter) with AutoIt I can compile it. HOWEVER! When I actually run the script - SAS still pops up and says it is a virus. It stops it from running and then it deletes the file! So some progress - but it is still treating it as if it was a trojan. Do I just report this to them via the same method as before? Also, I just bought the program perl2exe so I can compile perl programs. SAS does not report perl2exe as a trojan. But when I compiled the win32 gui from CPAN - SAS is saying the DLL that gets created is a trojan (Trojan.Agent/Gen-Zbot). I'm going to send that to the malware team also. I really don't think CPAN would allow (or want) a trojan in their code base. It makes me wonder if there isn't something in the gcc compiler that has changed and that now generates code that is fairly close to the code that trojan's use as I think AutoIt is compiled via the gcc compiler also. Someone on the AutoIt forum said that these detections began after a certain version (3.18 I think). It makes me wonder what changed. In any event - they are looking in to this problem also to see if something happened on their end. More as I know more.
  3. GuiltySpark: SUPERAntiSpyware has been updated several times but nothing yet on the false positive. Any idea if they have even looked at the problem yet? The people at AutoIt have a post with several replies about other false positives they've had in the past. I added SUPERAntiSpyware on to their list of programs that do this. One of the posters said that earlier versions did not have this problem so I may revert back to an earlier version. But it would be nice to know what is going on with the current version. I even completely removed AutoIt and its compiler, redownloaded, and reinstalled the software. Same thing happens. :-/
  4. Here is the scan log (just in case you need it): SUPERAntiSpyware Scan Log Generated 03/22/2013 at 12:00 PM Application Version : 5.6.1014 Core Rules Database Version : 10163 Trace Rules Database Version: 7975 Scan type : Complete Scan Total Scan Time : 00:00:04 Operating System Information Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600) Administrator Memory items scanned : 0 Memory threats detected : 0 Registry items scanned : 0 Registry threats detected : 0 File items scanned : 1 File threats detected : 1 Trojan.Agent/Gen-Bifrose C:\DOCUMENTS AND SETTINGS\MARK\MY DOCUMENTS\MY PROGRAMS\AUTOIT\FIXSYSTEM\FIX.EXE It has been reported. I had not seen the button for reporting before. Nice touch.
  5. I didn't think I had. I made a mistake trying to sign up and I obviously still made a mistake because now I'm markemg instead of just markem. Ugh. I'll see what I can do about uploading it via the built-in function in SUPERAntiSpyware. Sorry for the long reply wait. My contract was ending and I was very busy trying to get things done. Not to mention the lawsuit we are involved in, convention we went to, and I was busy helping others get rid of viruses, malware, and restoring completely deleted hard drives. So I've been a bit busy. I'll get that posted as soon as I finish posting this message.
  6. I wrote a small Autoit program. Here is the code: ; ; A short Autoit program to fix everything. ; RegWrite( "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore", "DisableSR", "REG_DWORD", 1 ); RegWrite( "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice", "Start", "REG_DWORD", 4 ); run( "net localgroup _ISW_RESTRICTED_GROUP_ /delete" ); RegWrite( "HKEY_LOCAL_MACHINE Key: SYSTEM\CurrentControlSet\Services\LanManServer", "AutoShareServer", "REG_DWORD", 0 ); RegWrite( "HKEY_LOCAL_MACHINE Key: SYSTEM\CurrentControlSet\Services\LanManServer", "AutoShareWks", "REG_DWORD", 0 ); I compiled the program and then when I went to run it SUPERAntiSpyware said it was a Trojan called Gen-Bifrose. I'm attaching the compile program. Please let me know if it really is a trojan because that would mean the Autoit compiler must have the trojan in it. If the compiler has the trojan in it - then why didn't SUPERAntiSpyware find it when I scanned my system? One way or the other - there is a definite problem here. Since we got hacked last week and the above program was to help keep our systems clean - it doesn't make me very happy to have SUPERAntiSpyware say AutoIt is putting trojans into compiled programs. And before someone says something - yes. I am turning off System Restore (because most viruses insert themselves into the system restore point and when you restore - you just restore the virus. And yes - I am turning off file sharing also. The hacker set things up so we shared everything with him via the Offline files and file sharing. Since we don't normally share files here where I am - I'm turning that off. Once I've figured out how to turn off Offline Files permanently - that is going into the program too. I'm even planning on expanding the program to make it automatically log in to our router and update the passwords on them as well as our access to them internally. If need be I will make the program do this every hour on the hour if that will keep hackers et al out of our systems. (Can you tell I'm not a happy camper? ) Mark