Jump to content
bawldiggle

Portable download installs in my registry

Recommended Posts

I have just downloaded the portable version  (random file-name) ... SAS_292D6.EXE
-  the first time in my 21 years of IT that a portable program comes as an EXE file
-  portables usually come as ZIP files
-  (I totally understand the random file name)
 
When I dug around in SAS web-site I also found  ... SUPERAntiSpyware.exe ... (incl opt out adware)
 
In both instances the executables INSTALL ... they are not portable
My (virtual) registry is now full of "SuperAntiSpyware"
 
My download PC is 32-bit but the sick PC is 64-bit (my only 64-bit)
 
So considering my dilema how can I download and "extract" a 64 bit portable on a 32-bit machine, and hope it is portable
 
I feel I have been duped ?  Not impressed :angry:
-  I was referred to SuperAntiSpyware by sevenforums.com

Share this post


Link to post
Share on other sites

SuperAntiVirus registry entries after running alleged portable SAS.exe file


Keys and Key-values left over after uninstalling SAS (with RevoUninstaller)

* not detected by CCleaner (CCleaner only detected 3 of 10 leftovers)

 

-----------
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SUPERAntiSpyware

HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
ValueName: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Data:= SUPERAntiSpyware Application

* HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
    ValueName: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Data: SUPERSetup Uninstaller

* HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
    Value Name: = F:\SAS_292D6.EXE
    Data: SUPERAntiSpyware Free Edition Setup

* HKEY_CURRENT_USER\Software\SUPERAntiSpyware.com

* HKEY_USERS\S-1-5-21-823518204-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SUPERAntiSpyware

HKEY_USERS\S-1-5-21-823518204-1390067357-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache
Value Name:=  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Data:= SUPERAntiSpyware Application

* HKEY_USERS\S-1-5-21-823518204-1390067357-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache
    Value Name:=  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Data:= SUPERSetup Uninstaller

* HKEY_USERS\S-1-5-21-823518204-1390067357-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache
    Value Name: = F:\SAS_292D6.EXE
    Data: SUPERAntiSpyware Free Edition Setup

HKEY_USERS\S-1-5-21-823518204-1390067357-839522115-1003\Software\SUPERAntiSpyware.com

'==========
Adds these to registry when run from "extracted" exe on thumb drive

HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SASDIFSV
    -  plus 5 values, one of which refers to thumb drive  \??\F:\SuperAntiSpyware_p2\SASDIFSV.SYS
    
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SASKUTIL
    -  plus 5 values, one of which refers to thumb drive  \??\F:\SuperAntiSpyware_p2\SASDIFSV.SYS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SASDIFSV
    -  plus 5 values, one of which refers to thumb drive  \??\F:\SuperAntiSpyware_p2\SASDIFSV.SYS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SASKUTIL
    -  plus 5 values, one of which refers to thumb drive  \??\F:\SuperAntiSpyware_p2\SASKUTIL.SYS

HKEY_USERS\S-1-5-21-823518204-1390067357-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache
Value Name:= F:\SuperAntiSpyware_p2\SUPERAntiSpyware.exe
Data:=  SUPERAntiSpyware Application

HKEY_USERS\S-1-5-21-823518204-1390067357-839522115-1003\Software\SUPERAntiSpyware.com
---------------------------
Error Opening Key
---------------------------
Cannot open SUPERAntiSpyware.com:  Error while opening key.
---------------------------
OK   
 

 

How is this portable ?

Share this post


Link to post
Share on other sites

Hi,

 

Our intent with the free portable scanner was to create a solution to scan an infected PC that had a non-functioning Internet connection. It contains the latest version of our malware database embedded in the installer. The portability comes from having everything it needs included in the package (no updating required).  It's not designed to leave no trace of itself; though uninstalling does a fairly complete job; HKEY_CURRENT_USER\Software\SUPERAntiSpyware.com should be removed on uninstall, we'll look into why that's not being removed.  The other registry entries you listed after uninstalling are created by Windows/Explorer, not by SAS.

 

It's not a supported or recommended method of execution to simply run the "extracted" program files without installing them.  It will try to restore missing settings, etc.  There are a lot of parts to our malware removal system and it doesn't lend itself well to a "hands off" approach.  Sometimes the only way to oust insidious malware is to use similar (insidious) techniques like installing drivers, restarting, running a process at startup, etc.  The product simply wouldn't be as effective otherwise.

 

- Dave

Share this post


Link to post
Share on other sites

Can you please release a proper portable edition that:

 

1) adds no registry entries, just runs from the EXE

 

2) does not have the Google Chrome Spyware, after all, this is an Anti-Spyware program esepcially that I have paid for a lifetime license not because I ever need or ran the PRO version as I don't need it to be monitoring my system live but just out of support to SAS project, thus, I am a customer who payed for a program that has spyware bundled. I know Chrome is not literally spyware but let's say bundleware. Not accepted by a commercially paid program IMHO

 

The reason I don't want to even install the free version anymore is that I have reported this issue many itmes before, but out of nowhere, Explorer.exe would crash randomly after having SAS installed and I feel it is because of those registry entries it adds, I know I can disable the right click contect menu options which I believe is the issue because Explorer.exe crashes randomly only upon a right click and my context menu is clean, but maybe it's those registry entries that are causing the issue so I would really appreciate a proper portable version.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×