Jump to content

jwsrcp

Members
  • Content Count

    13
  • Joined

  • Last visited

Posts posted by jwsrcp


  1. 5.1.1002 is the newest version released into the internal updater, the version number went from 5.1.xxxx to 5.5.xxxx as it was a big update including threat mapping. The 5.5.xxxx version will be released into the internal updater shortly.

    I am also an SAS Pro user. What does "shortly" mean? With any other programs that I have, their Internal Updater, in my experience, updates within a day or two of a new release.


  2. jwsrcp;

    If you're using the Firefox Browser you can configure it to delete all the cookies at shutdown.

    You can use the free CCleaner from Piriform to save the cookies that you do not want removed in the cookie safe in CCleaner.

    Try it,

    If you want more controls then you can get the free tool LastPass and use it to keep all logons and passwords and it is safe to use.

    There is more than one way to skin the cat as referred to cookies.

    Thanks.....I use Chrome, however, I also use an extension that deletes all cookies when I close Chrome (called Click & Clean), and I also use CCleaner. Even after using those, SAS finds Tracking Cookies


  3. I have the same problem as jwsrcp.

    I am running the 32 bit version instead of the 64 bit version.

    I have uninstalled SeperAntiSpyware using the downloaded unstaller from the web site, reinstalled the latest version of SAS downloaded from the website, and set the parameters to "run as administrator." Everything is fine until I reboot my computer. When SAS reinstalls on bootup, it does not reinstall as administrator, so I get the "run as administrator" prompt when I try to download updates.

    I have posed this problem to SAS support, and have not received any solution. I have suggested to them that someone write a autoexec.bat file with the proper switches set that would load SAS as administrator version at bootup. To my knowledge, this has not been done yet.

    Any Takers?

    Thanks,

    Ed Wood

    I followed exactly what siliconman01 posted and it worked perfectly. Sorry, I don't know what is causing the problem when you re-boot.


  4. 1. Close down SAS PRO completely.

    2. Go to START>ALL PROGRAMS>SuperAntiSpyware and right click on SuperAntiSpyware Professional. Select "Run as Administrator" to restart SAS PRO.

    3. Using the right click menu on the SAS icon in the Notification Tray, select "Check for Updates" and see if you can now update the program.

    If that does not work, just uninstall SAS PRO via Control Panel>Programs and Features. Then download/install V4.45.1000 of SAS Professional from www.superantispyware.com. Obviously you will need to set up your preferences again once you get SAS PRO re-installed.

    Thank you siliconman01....1., 2., and 3. worked


  5. I am running Win 7 Home Premium 64 bit. I'm logged in as administrator. I have SuperAntiSpware Pro, and a box came up in the right bottom corner of my desktop that there was an update to the program. I clicked to download and install it, and it said that I must be the Administrator to do that.

    So, I opened the program as Administrator. I clicked on updates, and the box appeared again. I tried to download and install the program update, but it said the main menu had to be closed first. So I closed it, tried to download and install it, and again it said that I had to be the Administrator to do it.

    I went to Properties under the program, and it seems that I have full privileges. Does anyone know why I cannot download and install the update?

    "Edit" I added an attachment showing no "Special permissions." Could that be the problem? Tried to give it but cannot figure out how.

    post-10639-068681200 1288242266_thumb.png


  6. I ran SAS Free Edition and it found 47 Adware Tracking Cookies. I quarantined all of them. However, one of them was:

    C:\Users\lordpuffer\AppData\Roaming\Microsoft\Windows\Cookies\Low\lordpuffer@ad.wsod[2].txt

    Could this be a false positive, or is it ok to have quarantined it? Thanks.


  7. No, the second restore would just overwrite the first restore.

    I think these are false positives based on the VirusTotal results. I recommend that you report them as false positives. You can do this by running another scan with SAS. After the scan completes and detects them again, check mark the first one and then select the "Report False Positive" button. Fill in the little form (you should reference this forum link as well in the comment area) and submit. Repeat for the second one. Then just cancel the scan without letting SAS quarantine them.

    Thanks so much for your help.....I'll do that.


  8. These look like they may be false positives. To check SAVER1.DLL and RUN.EXE, go to the link below and run each file through VirusTotal to see if any of the virus scanners flag them as malicious.

    http://www.virustotal.com/

    Post back here the VirusTotal results for each file scan.

    Thanks....I restored them for now....Here is the result for the first one:

    File SAVER1.DLL received on 2010.01.31 18:48:11 (UTC)

    Antivirus Version Last Update Result

    a-squared 4.5.0.50 2010.01.31 -

    AhnLab-V3 5.0.0.2 2010.01.31 -

    AntiVir 7.9.1.154 2010.01.31 -

    Antiy-AVL 2.0.3.7 2010.01.28 -

    Authentium 5.2.0.5 2010.01.30 -

    Avast 4.8.1351.0 2010.01.31 -

    AVG 9.0.0.730 2010.01.31 -

    BitDefender 7.2 2010.01.31 -

    CAT-QuickHeal 10.00 2010.01.30 -

    ClamAV 0.96.0.0-git 2010.01.31 -

    Comodo 3774 2010.01.31 -

    DrWeb 5.0.1.12222 2010.01.31 -

    eSafe 7.0.17.0 2010.01.31 -

    eTrust-Vet 35.2.7271 2010.01.29 -

    F-Prot 4.5.1.85 2010.01.30 -

    F-Secure 9.0.15370.0 2010.01.31 -

    Fortinet 4.0.14.0 2010.01.31 -

    GData 19 2010.01.31 -

    Ikarus T3.1.1.80.0 2010.01.31 -

    Jiangmin 13.0.900 2010.01.28 Backdoor/PcClient.jkx

    K7AntiVirus 7.10.960 2010.01.29 -

    Kaspersky 7.0.0.125 2010.01.31 -

    McAfee 5878 2010.01.31 -

    McAfee+Artemis 5878 2010.01.31 -

    McAfee-GW-Edition 6.8.5 2010.01.31 -

    Microsoft 1.5406 2010.01.31 -

    NOD32 4822 2010.01.31 -

    Norman 6.04.03 2010.01.31 -

    nProtect 2009.1.8.0 2010.01.31 -

    Panda 10.0.2.2 2010.01.31 -

    PCTools 7.0.3.5 2010.01.31 -

    Rising 22.32.06.04 2010.01.31 -

    Sophos 4.50.0 2010.01.31 -

    Sunbelt 3.2.1858.2 2010.01.31 -

    Symantec 20091.2.0.41 2010.01.31 Suspicious.Insight

    TheHacker 6.5.1.0.174 2010.01.31 -

    TrendMicro 9.120.0.1004 2010.01.31 -

    VBA32 3.12.12.1 2010.01.29 -

    ViRobot 2010.1.30.2164 2010.01.30 -

    VirusBuster 5.0.21.0 2010.01.31 -

    Additional information

    File size: 34292 bytes

    MD5...: f6a9efba3e1b681a070426743f4b63a3

    SHA1..: 402269ad84e821296b16a358e36c681a610bdfc6

    SHA256: 5d93d8c46bd34d504fbb68edc633e0edaae507a7c317b2245a576e350b8b3f90

    ssdeep: 768:uORyLEOc5xrsSL8eorktNQ75rLJCkqcB3ye3hWUjx/ZCB:u/YOc5hsKorktC<br>acZFF<br>

    PEiD..: -

    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x13001<br>timedatestamp.....: 0x42bb64e4 (Fri Jun 24 01:41:56 2005)<br>machinetype.......: 0x14c (I386)<br><br>( 7 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x8000 0x3c00 7.95 05c52d560a89587ef80b9259617d93eb<br>.rdata 0x9000 0x1000 0x1000 4.63 937065407a4c6645954a761e57402082<br>.data 0xa000 0x6000 0x800 7.72 0c9d7c3a1c562db4028af6a425c748d3<br>.Shared 0x10000 0x1000 0x1000 0.01 92bcd9bbfdde401c9af11cb2ef0e6e55<br>.reloc 0x11000 0x2000 0xa00 7.46 c4b7fbf0af3cd1562b7a8f8dd1e621b1<br>.aspack 0x13000 0x2000 0x1200 5.62 3244f2c30356ff050d180bddd02f1d39<br>.adata 0x15000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br><br>( 2 imports ) <br>> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA<br>> user32.dll: SendMessageA<br><br>( 5 exports ) <br>RemoveKbHook, RemoveMouseHook, SetKbHook, SetMouseHook, SetShellHook<br>

    RDS...: NSRL Reference Data Set<br>-

    pdfid.: -

    trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)

    packers (Kaspersky): ASPack

    packers (F-Prot): Aspack

    sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

    Here is the result for the second one:

    File RUN.EXE received on 2010.01.31 18:52:36 (UTC)

    Antivirus Version Last Update Result

    a-squared 4.5.0.50 2010.01.31 -

    AhnLab-V3 5.0.0.2 2010.01.31 -

    AntiVir 7.9.1.154 2010.01.31 -

    Antiy-AVL 2.0.3.7 2010.01.28 -

    Authentium 5.2.0.5 2010.01.30 -

    Avast 4.8.1351.0 2010.01.31 -

    AVG 9.0.0.730 2010.01.31 -

    BitDefender 7.2 2010.01.31 -

    CAT-QuickHeal 10.00 2010.01.30 -

    ClamAV 0.96.0.0-git 2010.01.31 -

    Comodo 3774 2010.01.31 -

    DrWeb 5.0.1.12222 2010.01.31 -

    eSafe 7.0.17.0 2010.01.31 -

    eTrust-Vet 35.2.7271 2010.01.29 -

    F-Prot 4.5.1.85 2010.01.30 -

    F-Secure 9.0.15370.0 2010.01.31 -

    Fortinet 4.0.14.0 2010.01.31 -

    GData 19 2010.01.31 -

    Ikarus T3.1.1.80.0 2010.01.31 -

    Jiangmin 13.0.900 2010.01.28 -

    K7AntiVirus 7.10.960 2010.01.29 -

    Kaspersky 7.0.0.125 2010.01.31 -

    McAfee 5878 2010.01.31 -

    McAfee+Artemis 5878 2010.01.31 -

    McAfee-GW-Edition 6.8.5 2010.01.31 -

    Microsoft 1.5406 2010.01.31 -

    NOD32 4822 2010.01.31 -

    Norman 6.04.03 2010.01.31 -

    nProtect 2009.1.8.0 2010.01.31 -

    Panda 10.0.2.2 2010.01.31 -

    PCTools 7.0.3.5 2010.01.31 -

    Prevx 3.0 2010.01.31 -

    Rising 22.32.06.04 2010.01.31 -

    Sophos 4.50.0 2010.01.31 -

    Sunbelt 3.2.1858.2 2010.01.31 -

    Symantec 20091.2.0.41 2010.01.31 Suspicious.Insight

    TheHacker 6.5.1.0.174 2010.01.31 -

    TrendMicro 9.120.0.1004 2010.01.31 -

    VBA32 3.12.12.1 2010.01.29 -

    ViRobot 2010.1.30.2164 2010.01.30 -

    VirusBuster 5.0.21.0 2010.01.31 -

    Additional information

    File size: 47660 bytes

    MD5...: fee2fa7c4f1732dc24056b76560072bc

    SHA1..: 6de14dffbc6ad989a9299dcbae75719988e168ca

    SHA256: 4d103041608d1955b24bc9221f9c942cedfe430e53e4604d9cba9a2a9d06ee4e

    ssdeep: 768:AGgyEKw1pLmewo1j3kbGyThdK8fs186V7KJC6Rrr1bwZLAmfb/:AGBEKsLJ/<br>d8TfKosZaRrVwZLz/<br>

    PEiD..: -

    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x12c9<br>timedatestamp.....: 0x4a6823ab (Thu Jul 23 08:47:39 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x61d4 0x6200 6.61 37dbd8d721edcff10d1371bec3d03bf4<br>.rdata 0x8000 0x1b14 0x1c00 5.41 a6c01985b15a2dabf6cd0b2c00c2815d<br>.data 0xa000 0x18dc 0xe00 2.29 4d665c2859d2ce60c66f7b6047d95329<br>.rsrc 0xc000 0x1b4 0x200 5.10 c52ee9fcdbbff3ba2f8da39a1bd23689<br>.reloc 0xd000 0xc26 0xe00 3.96 3fa8ccf21269d1f111828dcc235a3120<br><br>( 2 imports ) <br>> SHELL32.dll: ShellExecuteExW<br>> KERNEL32.dll: GetTickCount, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetModuleHandleW, Sleep, GetProcAddress, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, GetModuleFileNameW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, GetLastError, InterlockedDecrement, HeapCreate, VirtualFree, HeapFree, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, LeaveCriticalSection, EnterCriticalSection, LoadLibraryA, InitializeCriticalSectionAndSpinCount, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, HeapAlloc, VirtualAlloc, HeapReAlloc, RtlUnwind, HeapSize, GetLocaleInfoA, WideCharToMultiByte, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, LCMapStringA, LCMapStringW<br><br>( 0 exports ) <br>

    RDS...: NSRL Reference Data Set<br>-

    sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

    trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)

    pdfid.: -

    Does it matter if I accidentally restored each one twice? Thanks.


  9. You need to post the scan log so we can see which files it is detecting as malicious trojans.

    Thanks....Here is the log:

    SUPERAntiSpyware Scan Log

    https://www.superantispyware.com

    Generated 01/31/2010 at 08:57 AM

    Application Version : 4.90.1014

    Core Rules Database Version : 4541

    Trace Rules Database Version: 2353

    Scan type : Complete Scan

    Total Scan Time : 00:23:53

    Memory items scanned : 682

    Memory threats detected : 0

    Registry items scanned : 11264

    Registry threats detected : 0

    File items scanned : 24096

    File threats detected : 2

    Trojan.Vundo-Variant/F

    C:\WINDOWS\SYSWOW64\ASUS_CAMERA_SCREENSAVER DIR\SAVER1.DLL

    Trojan.Unclassified/Dropper

    C:\WINDOWS\SYSWOW64\FAST BOOT\RUN.EXE

×
×
  • Create New...