Jump to content

ParrotSlave

Members
  • Content Count

    4
  • Joined

  • Last visited

About ParrotSlave

  • Rank
    Newbie

Recent Profile Visitors

1553 profile views
  1. ParrotSlave

    Something added to startup?

    I posted earlier, on the 11th, after first observing the issue on the 9th. There is nothing new in System Investigator. I came up with the hypothesis that SAS was coming up with that message whenever any program is updated, possibly as a gimmick requested by their sales team--something to remind customers that SAS is "doing something"--or possibly as a way to jog lazy customers into scanning their systems manually (for our own good.) Coming back here again, I see a link to an updated version of SAS, with the recommendation to uninstall the old one first. I did that, with Revo. Then, getting ready to install the new version, I noticed something peculiar to me: the file size, 13MB, is substantially smaller than the one I had archived. (I regularly use Macrium Reflect to restore system images, and, to save time, after a restoration, I update all my programs manually whenever possible before re-connecting to the internet. My SAS folder had a SUPERAntiSpywarePro.exe that was 34.7 MB.) Sorry for my inherent paranoia, but the properties/security tab on my old file shows the signer to be support.com, and it was digitally signed on Sept. 18th. The details tab shows v.6.0.0.1264. The one via the link in this forum does not show a time for the digital signature, but it shows the signer to be AdBlocker.com, and the version shown on the details tab is v.5.0.0.1136. Instead of installing that right away, I decided to compare it with the Pro trial version available here right now for download to the general public, so I downloaded that. The version of SAS Pro on the site right now is 8.0.0.1024, and it shows a digital signature by support.com on November 15th. The differences might well be due to the fact that the link here is to a program not yet ready for release, but, lacking any other information, I decided not to install it, instead choosing the pro trial version of SAS 8.0.0.1024. It will be a day or two before I'll be able to tell if that message is coming up regularly again.
  2. ParrotSlave

    Something added to startup?

    I had the identical occurrence, starting day before yesterday. This is a Win8.1 system, protected by SAS, MBAM, Norton IS, and Zemana Antilogger. I've looked at Task Manager and at CCleaner's list of startup items, and I see nothing new. I actually did install a new program the day before all this, PST Viewer Pro, but it is not a startup item, and, even if SAS thought that it was, you'd think that, from the next day on, it would not "notice" it anymore.
  3. ParrotSlave

    MP3 DirectCut false positive

    VirusTotal gives SUPERantispyware as the only scanner of the 50 that they use that reports the program, MP3DirectCut2.20, as a trojan, Trojan.Agent/Gen-Small. See https://www.virustotal.com/en/file/6afbfd4f27078086b4e9b5591d475928edfce7c4b476183a55638eeebbd397c1/analysis/. The author's site, http://mpesch3.de1.cc/mp3dc.html gives the MD5 checksum, and the downloaded file has the correct checksum and file size. I seem to recall getting a false positive with an earlier version of MP3 DirectCut. SAS did not detect the file while it was downloading, strangely enough, but when I was trying to install it:
  4. Mine automatically quarantined the objects, then, of course, there was no way to submit the files to SAS. However, I think I recall submitting these a long time ago, via the free version, from my old laptop. It finds Cyberlink's Power2Go files as trojans, Gen-Yodos--CLCLEANER2-POWER2GO_6.0-7.0.EXE, CLCLEANER2-POWER2GO_8.0.EXE, and CLCLEANER2-WAVEEDITOR_1.0-2.0.EXE. It also finds mp3DirectCut as a trojan, Gen-Small--MP3DIRECTCUT219.EXE, and it finds INSTALLER_EML_TO_PST_CONVERTER.EXE to be a trojan, Gen-Toggle. Norton does not think they are trojans, and Malwarebytes does not think so either. Cyberlink would probably be surprised. It also found one file in Chrome's cache, APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_00148D, which was puzzling. Again, neither Malwarebytes nor Norton thought anything was wrong with the file.
×