Jump to content

Diane P.

Members
  • Content Count

    29
  • Joined

  • Last visited

Everything posted by Diane P.

  1. I use ighome.com as my home page. This AM i received the notice of "heuristic.backdoor.process". As recommended, I ran a complete scan and SAS came up with 14 cookies and nothing else. The browser I was using was Opera, the latest version. So, I opened Firefox to the same homepage and nothing popped up. I tried Google Chrome and nothing popped up either. I looked at the scan log and it showed the heuristic.backdoor. process located at C:\users\....\appdata\local\temp\explorer.exe. I looked in that folder and interestingly enough, I found an "Opera Crash report" for today at the same time I rec'd the SAS popup. I opened the crash report and it was empty. There's nothing else in the users folder with today's date and time. I ran scans with the other security software on my system and found nothing. I am not smart enough to know if this is an anomaly of some sort or should further steps be taken? I would be more concerned if my other browsers behaved the same way, but they didn't. Thanks
  2. Diane P.

    Question about SAS Popup Notification

    Note the sentence I just added...the Opera crash report from this AM @8:15AM is now timed at 1242PM. This must somehow have to do with Opera, I think. Opera doesn't crash on me though. Thanks for your help. Diane P.
  3. Diane P.

    Question about SAS Popup Notification

    This is the actual scan log taken from SAS software itself. I looked in SAS Quarantine and it shows the following: C:\users\DMP\appdata\local\temp\temp\explorer.exe. I do not know how to send a quarantined file. SAS software warns me not to restore it. Interestingly, I looked in the C:\users\DMP\appdata\local\temp\temp\explorer.exe again, and I see another Opera crash report, that was originally timed at 8:15AM, now timed at 12:42 PM, just few minutes ago. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 11/08/2017 at 08:21 AM Application Version : 6.0.1250 Database Version : 14111 Scan type : Complete Scan Total Scan Time : 00:09:20 Operating System Information Windows 10 Professional 64-bit (Build 10.00.16299) UAC On - Limited User Memory items scanned : 978 Memory items detected : 0 Registry items scanned : 62130 Registry items detected : 0 File items scanned : 32066 File items detected : 14 Adware.Tracking Cookie .doubleclick.net\test_cookie [ C:\USERS\DMP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] c.speedtest.net\spc1|.doubleclick.net|$|IDE [ C:\USERS\DMP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .maxmind.com\__cfduid [ C:\USERS\DMP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .iasds01.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] .advertising.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] .iasds01.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] .scorecardresearch.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] .scorecardresearch.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] .agkn.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] .adaptv.advertising.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] .agkn.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] .spotxchange.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] ============ End of Log ============
  4. Diane P.

    Question about SAS Popup Notification

    It was SAS that alerted me to the issue.....log attached. BTW, I haven't had the message since. The Opera crash was at 815 AM; the log was completed a few minutes after. I can't but help think the two are related. D. SUPERAntiSpyware Scan Log - 11-08-2017 - 08-21-06.log
  5. I have the Pro version of SAS and the paid, Pro version of Revo. Everything still seems to be okay. Thanks for your help D.
  6. Have used SAS for a very long time and never a problem like this. I think I know the answer but, issue does concern me. My PC is a Win 8.1 64-bit. Yesterday when logging in, I noticed no notification in my system tray that SAS was running. So, I clicked on desktop icon and a message popped up that SAS.exe files couldn't be found. I did nothing on the web other than get some Kindle books @ Amazon and read some email before I shut down the night before. What I did do however, was update Secunia PSI. I normally don't run it on bootup because it has caused me problems in the past, but I figured maybe the new version won't behave badly, but I think it did. I had to remove SAS which I did with Revo and reinstalled it. I ran ESET online scanner, MBAM Pro and ZoneAlarm AV/firewall combo along with a full scan of SAS. None of these programs found anything, not even a PUP. PC running fine and no issues that I can tell. Do I need to do anything further. I put Secunia PST back, not to run on bootup. Should I do something further to make sure nothing untoward got into my machine. Perhaps I'm being overly cautious....TIA DMP
  7. This object was identified and quarantined via Real Time Protection this am. This file was located in C:\Windows\System32\MRT.exe. I understand MRT.exe is the Windows Malicious Software Removal tool executable. This doesn't make sense to me, but that's why I'm posting. I also looked in the real time protection log to fully ID the file and it's location. I have run the full scan as recommended. I have also run Windows Defender and the professional version of MBAM, with no results. I rebooted my laptop and looked in the Real Time Protection folder and the RogueAgent/Gen-Nullo process is no longer there.Is this proper SAS behavior? I did not receive any further messages that the file is on my laptop. I don't know if I need to do anything further....and am seeking further advice here. Thanks. D.
  8. Diane P.

    RogueAgent/Gen-Nullo.(Exe)Process

    I ran MRT and Spybot S & D as well, and nothing was found. I would like to know however, what SAS does when it finds a file In Real Time Protection & asks that a scan be run which I did. Then after I run the scan and look in the Real Time Protection folder is the file it originally found supposed to be there or not? When I clicked on the Real Time Protection tab, the file was there and quaratined. I did not delete it. I ran a full scan, looked in the folder, the file was gone. Should it have been there or not? it doesn't seem to me I have an issue now, but would like to know for future reference. TIA. Diane
  9. Diane P.

    RogueAgent/Gen-Nullo.(Exe)Process

    There are no entries in the subsequent scan logs; nothing was found. I have scanned with MBAM and Windows Defender as well...nothing was found. I have gotten no further real time pop-up messages from SAS either. Thanks for answering. Diane
  10. Diane P.

    Help with "borked" update

    Attempted update from my mobile hotspot and update must have become corrupted because decompression failed. I could not open SAS either, normally or with alternate start. I did an uninstall/reinstall and SAS would not install. I removed all traces of SAS with Revo, did a system restore and I'm up and running. However, when SAS started, it asked me to select a language. I tried but the selection box was blank. The program is running, but when I do an definition update, SAS tells me there's a new version of the program. I click it, it tries to install a language file, but never does. Otherwise, program runs fine. It's annoying, but will the next version of SAS fix this or do I have to do something more drastic, like an uninstall/ reinstall all over again. Thanks.
  11. Diane P.

    Help with "borked" update

    I thought an uninstall/reinstall might be necessary....we are travelling and I will not have ethernet capabilties for a couple of weeks. I will uninstall/reinstall then. SAS is working so I will leave it alone for now. Thanks for your help Diane
  12. Diane P.

    Help with "borked" update

    I presume English, but when I looked in the General/Set Up tab, language preferences and clicked on it, there are no languages to select. It's totally blank. There's no language to select. That must be the source of the problem. I attempted to install the language file update as I said before but it doesn't install.....
  13. Diane P.

    Help with "borked" update

    Yes, I do manual updates because of limited internet coverage and did one this morning; after the definition updates are done, the program update on the lower right of my screen pops up and tells me there's a language file update dated sept 25, 2012 and it doesn't install. It just goes away and then comes back after I do my definition updates. D.
  14. Diane P.

    Help with "borked" update

    That is my database version...... D
  15. Diane P.

    Help with "borked" update

    I am running 5.6.1014. Thanks for answering. D.
  16. Diane P.

    "Registry Handle Leaks" with SAS

    I am following this thread with interest. The messages in SAS with regard to the "Registry handle leaks" number anywhere from 1-3. The warnings are all followed by "MSE real time protection as failed, but MSE doesn't seem to have been effected as I see no change in its status. The icon in the tray is always "green" and always indicates my PC is "protected". But, the error is always there after the messages about the "Registry handle leaks" I don't think it's possible that the messages are associated with either the use of AdBlocker or an old installer of SAS for a couple of reasons. 1) I did not install AdBlocker; 2) I downloaded the newest version of SAS from the web after doing a clean install of Win7-64 bit. The PC was clean of any prior installs of SAS. This morning when I booted up, I got no error messages on my screen or BSOD's or any other sort of errant behavior. The messages as indicated above were present in EV. I just want to make sure the security of my system is not compromised, so I will continue to follow this thread. Diane
  17. I have recently done a reinstall of Win7 64-bit. I have SAS Professional; Microsoft Security Essentials and Anti-Malware Bytes. I do not have much experience with MSE, but am pleased that it runs in the background the way it does and unobtrusively updates itself. I guess there's always a kicker....in the Administrative section of Event Viewer, the following appears as an error: 2 user registry handles leaked from \Registry\User\S-1-5-21-2631726071-4098289893-2171743161-1000: Process 1784 (\Device\HarddiskVolume2\Users\DMP\Documents\SASCore64.exe) has opened key \REGISTRY\USER\S-1-5-21-2631726071-4098289893-2171743161-1000\Software\SUPERAntiSpyware.com\SUPERAntiSpyware Process 1784 (\Device\HarddiskVolume2\Users\DMP\Documents\SASCore64.exe) has opened key \REGISTRY\USER\S-1-5-21-2631726071-4098289893-2171743161-1000\Software\SUPERAntiSpyware.com\SUPERAntiSpyware\SABUpdate. MSE gives me an error as well, telling me real-time protection has failed and the engine needs to be updated. The engine is updated. It does not appear that the MSE protection fails, but is protesting in some fashion. I have read some folks have issues and others don't with this combination of software. Just a bit distressed about all this because I spent hours getting this PC back up and running which its doing beautifully and fast, but for this. I have changed the settings in MSE and excluded AntiMalwarebytes and SAS from being scanned on bootup. I have had Windows Explorer shutdown on me and then restart. I am asking here because I have other PC's and a laptop in the house that run MSE and Anti-Malwarebytes and no SAS that don't have this issue. Can anyone give me a hand with fixing? Thanks. Diane
  18. Diane P.

    "Registry Handle Leaks" with SAS

    Thanks to you both for your replies. I am going to let things alone. I do have both SAS & MSE running, but have excluded SAS executable from being scanned by MSE. This is a combo of security software I have not used before. I like the way both SAS and MSE work, so I will leave them alone for the moment. Both of the programs update themselves properly and scan properly. Thanks for the info on "SABUpdate". The PC runs okay after clean install. I will check the error times for verif if they occur on bootup or shutdown. I have edited registry before but for now I am going to see how it goes.I got the Windows explorer shutdown/restart after poking around in event viewer. It hasn't happened again. I don't get any errors or error messages on bootup or shutdown and the machine is runing fast and efficiently. I will leave well-enough alone. Thanks for your help. Diane P.
  19. Diane P.

    Win7 Ultimate 64bit and SAS

    I have the same exact issues as you do...Win7 64-bit HP. I can do the updated definitions with no problem. When I have been notified of the program update, and attempt to do via the pop-up window, Windows tells me I must run the program as administrator. I keep trying to tell it The only way around this for me is to uninstall and reinstall if there's a program update. My event logs are a real mess, as well. I love the program and have used SAS for several years, but this is getting to be a real hassle. Not good. I hope there's a fix soon. I just hope the program is as efficient doing it's job as it has been in the past. The scanning operation does not seem to be effected by the other issues. That seems to run smoothly. Version 4.31 Diane P.
  20. Diane P.

    IE8 & SAS

    In reading the auhma.org forum for info on IE8, it was recommended that users find out if their anti-spyware apps will be compatible with IE-8 before installing the new browser. I could not locate info in that regard here and I have SAS on my PC. Can you advise? TIA.
  21. Diane P.

    IE8 & SAS

    Thanks. I was concerned because my last go 'round with an Internet Explorer upgrade was not a happy one. And, with all the safety/security software on our PC's makes stuff like this not always a pleasant experience. I must say that I have had a great go with SAS for the time I've had the software and am very happy with its performance and the support here. D.
  22. Diane P.

    AVAST issue

    This morning when I started my PC, AVAST ID'd C:\ProgramFiles\SUPERAntiSpyware\SUPERAntiSpyware.exe as malware, "win32:Trojan-gen(other)". I cannot run an SAS scan..Windows tells me it can't find the specified path or I don't have the proper permissions. Just thought you should know. I am notifying AVAST. D.
  23. Diane P.

    AVAST issue

    Solved my own issue...sorry for the unnecessary post. I try to keep up on this stuff, but the gray matter failed me this time. D.
  24. I jumped over to to the FAQ and checked out the write-up on what Real Time Protection does...."scans key points of your registry to ensure that spyware has not hooked itself into your browser". In the Livingston newsletter, Windows Secrets, I received this morning, it talks about flashed based malware becoming more and more of a serious issue. My question is whether or not SAS offers protection against such threats. I have the full version and latest updated defs, but I would like to know if my software is looking for such nasties. Thanks for your help, a great piece of software and the very timely support offered here. Diane
×