Jump to content
Sign in to follow this  
Diane P.

Question about SAS Popup Notification

Recommended Posts

Diane P.   

I use ighome.com as my home page. This AM i received the notice of "heuristic.backdoor.process". As recommended, I ran a complete scan and SAS came up with 14 cookies and nothing else. The browser I was using was Opera, the latest version. So, I opened Firefox to the same homepage and nothing popped up. I tried Google Chrome and nothing popped up either.

I looked at the scan log and it showed  the heuristic.backdoor. process located at C:\users\....\appdata\local\temp\explorer.exe. I looked in that folder and interestingly enough, I found an "Opera Crash report" for today at the same time I rec'd the SAS popup. I opened the crash report and it was empty. There's nothing else in the users folder with today's date and time. I ran scans with the other security software on my system and found nothing.

I am not smart enough to know if this is an anomaly of some sort or should further steps be taken? I would be more concerned if my other browsers behaved the same way, but they didn't. Thanks

Share this post


Link to post
Share on other sites

Hello Diane,

Thank you for contacting us, what software alerted you to this "heuristic.backdoor.process"? If it was SUPERAntiSpyware, please post the scan log you mentioned that showed the infection.

You can find your scan logs in this directory:
C:\Users\”USERNAME”\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs

You'll need to replace "USERNAME" with your Windows user name.

Share this post


Link to post
Share on other sites

Unfortunately the scan log you provided just shows cookies, is there another scan log that shows the detection? If not, I would just not worry about it until you see the detection pop-up again. If you can, take a screenshot of the message you see informing you of the attack.

▷ How to take a screenshot

Share this post


Link to post
Share on other sites
Diane P.   

This is the actual scan log taken from SAS software itself. I looked in SAS Quarantine and it shows the following: C:\users\DMP\appdata\local\temp\temp\explorer.exe. I do not know how to send a quarantined file. SAS software warns me not to restore it. Interestingly, I looked in the C:\users\DMP\appdata\local\temp\temp\explorer.exe again, and I see another Opera crash report, that was originally timed at 8:15AM, now timed at 12:42 PM, just few minutes ago.

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/08/2017 at 08:21 AM

Application Version : 6.0.1250
Database Version : 14111

Scan type       : Complete Scan
Total Scan Time : 00:09:20

Operating System Information
Windows 10 Professional 64-bit (Build 10.00.16299)
UAC On - Limited User

Memory items scanned      : 978
Memory items detected   : 0
Registry items scanned    : 62130
Registry items detected : 0
File items scanned        : 32066
File items detected     : 14

Adware.Tracking Cookie
    .doubleclick.net\test_cookie [ C:\USERS\DMP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    c.speedtest.net\spc1|.doubleclick.net|$|IDE [ C:\USERS\DMP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .maxmind.com\__cfduid [ C:\USERS\DMP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .iasds01.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]
    .iasds01.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]
    .scorecardresearch.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]
    .scorecardresearch.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]
    .agkn.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]
    .adaptv.advertising.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]
    .agkn.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]
    .spotxchange.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]

============
 End of Log 
============

Share this post


Link to post
Share on other sites

It was in the quarantine then, it looks like the issues resolved as SUPERAntiSpywares Real-Time Protection grabbed it and dealt with it.

No further steps need to be taken :-)

Share this post


Link to post
Share on other sites
Diane P.   

Note the sentence I just added...the Opera crash report from this AM @8:15AM is now timed at 1242PM. This must somehow have to do with Opera, I think.  Opera doesn't crash on me though. Thanks for your help.

Diane P.

Share this post


Link to post
Share on other sites

If you need assistance with Opera crashing or questions regarding Opera Web Browser I would contact Opera. The malware that detected by Real-Time Protection and quarantined has probably nothing to do with Operas software since it was found in C:\users\DMP\appdata\local\temp\temp\ which is a temp folder, not an Opera specific folder.

If you open Opera, does the issue become detected again by SUPERAntiSpywares real-time protection?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×