Jump to content
Sign in to follow this  
jgt1942

SUPERAntiSpyware Item removal Progress (8037/8037)

Recommended Posts

jgt1942   

I have a ton of stuff that SUPERAntiSpyware has detected but I DO NOT want it removed at this time. However when I returned to my PC this evening the SAS window stated that 8037 items had been removed, see the attached image, and a reboot was required. I'm not sure what kicked off the removal process, I've not been working on my PC for 19 hours.During my absence a SAS scan was completed and the removals was kicked off. Had I seen the screen that SAS found 8037 items I would have said NO to the removal. My plan was to break the scan down into several smaller scan that I could much more easily manage. How do I reverse the removal? At this time I have NOT rebooted my system. I can restore my C drive but I suspect that stuff was found on my other 10 drives. I do have backups of the other drives but they are mirror images thus if SAS has removed something from these drives the mirror  backup would just mirror the removal. My plan was to note the items found by SAS in the smaller scans and possibly delete the entire folder containing the found item. In that I have not rebooted at this time is there a reversal process?

2017 1105 Removal.png

Share this post


Link to post
Share on other sites

It's very difficult to know what was detected without moving that overlay box to see if it was mostly tracking cookies or if they were genuine threats (malware related), but SAS does / should have a Quarantine folder with a list of removed items so they can be restored, maybe???

 www.superantispyware.com/supportfaqdisplay.html?faq=57 check the link for more info.

Share this post


Link to post
Share on other sites
jgt1942   

Sorry but now I do now see the window as I did when I captured the image. I now see the default window. 

In the link you put in your post I see "
The Restore... button allows you to restore quarantined items back onto the disk and/or registry location(s) where they were originally detected. Restore... can be used to un-quarantine items that have been incorrectly detected by SUPERAntiSpyware as malware. Note that most users will never need to use the Restore... functionality. If a legitimate malware threat is un-quarantined, you could be putting your system at risk. "

However in the image I posted I do not see a Restore button nor do I see a Restore button in the SAS window when I now open SAS.

I just scanned my system (using the search tool Everything) for SuperAntiSpyware and found four folders related to SAS

C:\Program Files\SUPERAntiSpyware This is the install folder and did not contain the quarantined items

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware, this is the start menu and of course did not contain any quarantined items

C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware In the AppLogs (C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs) I see several files with the extension of SDB. Possibly this might be helpful.

C:\Users\jgt\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware BINGO, here I do see a Quarantine folder and it contains "quarantine.db" however I have no idea how to use it.

I'm going to do more research.

 

Share this post


Link to post
Share on other sites
jgt1942   

I just found SUPERAntiSpyware Scan Log - 11-05-2017 - 08-16-29.log in the C:\Users\jgt\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs folder, it is too large to attach.

My system is now responding rather weirdly, normally I would reboot but I really fear that if I do then the removal by SAS will be irreversible.

I now see the SAS Quarantine file via SAS. When I expand the folder in SAS I see two sub folders

Adware.Tracking Cookie, this contains 17 entries for cookies

Trojan.Agent/Generic, this contains 2 entries and identify folders in my backup. I will delete the root folders identified

At this point I'm totally confused and know not what to do other than more research.

 

Share this post


Link to post
Share on other sites

With such a large number I suspect that the detections you are seeing marked for removal are just cookies.  Cookies are not blocked by SUPERAntiSpyware because they are required for most web functionality.  Cookies will come back every time you surf the web, and can be cleaned by running a Quick or Complete Scan.  If you'd like to learn more about cookies, check out this link:

http://www.allaboutcookies.org/

Just click reboot later.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×