Sign in to follow this  
Followers 0
greengrocer

False SAS

7 posts in this topic

My son has SAS on his desktop. He hasn't used it for a while. When he did a full scan, up popped a 'Critical' which I believe stated 'False SAS'. He immediately allowed SAS to delete it.

I also have SAS and even on full scans I haven't seen this Critical item. Is his machine till infected and what is

'False SAS' ?

Any responses gratefully received for his and my peace of mind.

Share this post


Link to post
Share on other sites

Yes he did indeed update everything before scan. However further to my query, I have just done a full scan (high boost) on my own machine and guess what popped up? tTe same Critical!. It is actually Heur.agent/Gen-FakeSAS. It appears to be a Trojan. I wonder why SAS didn't find it before it hit my machine.

Share this post


Link to post
Share on other sites

Here is a copy of SCAN Log from my machine as requested. (it's quite short and sweet!!). Unfortunately I dont have access to my sons logs. However hardlyy any of his programs tare the same as installed on my machine. He even uses different browsers..

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 12/24/2011 at 05:16 PM

Application Version : 5.0.1142

Core Rules Database Version : 8087

Trace Rules Database Version: 5899

Scan type : Complete Scan

Total Scan Time : 01:00:47

Operating System Information

Windows XP Home Edition 32-bit, Service Pack 2 (Build 5.01.2600)

Administrator

Memory items scanned : 547

Memory threats detected : 0

Registry items scanned : 39172

Registry threats detected : 0

File items scanned : 75686

File threats detected : 19

Adware.Tracking Cookie

C:\Documents and Settings\Mike\Cookies\mike@ad.yieldmanager[2].txt [ /ad.yieldmanager ]

C:\Documents and Settings\Mike\Cookies\mike@adtech[2].txt [ /adtech ]

C:\Documents and Settings\Mike\Cookies\mike@apmebf[1].txt [ /apmebf ]

C:\Documents and Settings\Mike\Cookies\mike@atdmt[2].txt [ /atdmt ]

C:\Documents and Settings\Mike\Cookies\mike@bs.serving-sys[1].txt [ /bs.serving-sys ]

C:\Documents and Settings\Mike\Cookies\mike@c.atdmt[2].txt [ /c.atdmt ]

C:\Documents and Settings\Mike\Cookies\mike@clickfuse[1].txt [ /clickfuse ]

C:\Documents and Settings\Mike\Cookies\mike@doubleclick[1].txt [ /doubleclick ]

C:\Documents and Settings\Mike\Cookies\mike@fastclick[2].txt [ /fastclick ]

C:\Documents and Settings\Mike\Cookies\mike@h.atdmt[2].txt [ /h.atdmt ]

C:\Documents and Settings\Mike\Cookies\mike@invitemedia[2].txt [ /invitemedia ]

C:\Documents and Settings\Mike\Cookies\mike@matalan.122.2o7[1].txt [ /matalan.122.2o7 ]

C:\Documents and Settings\Mike\Cookies\mike@mediaplex[2].txt [ /mediaplex ]

C:\Documents and Settings\Mike\Cookies\mike@serving-sys[1].txt [ /serving-sys ]

C:\Documents and Settings\Mike\Cookies\mike@specificclick[1].txt [ /specificclick ]

C:\Documents and Settings\Mike\Cookies\mike@tracking.onefeed.co[1].txt [ /tracking.onefeed.co ]

C:\Documents and Settings\Mike\Cookies\mike@zedo[1].txt [ /zedo ]

Heur.Agent/Gen-WhiteBox

C:\DOWNLOADS\4_ELEMENTS-SETUP.EXE

Heur.Agent/Gen-FakeSAS

C:\WINDOWS\INSTALLER\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\ICONCDDCBBF1.EXE

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0