Jump to content


  • Content Count

  • Joined

  • Last visited

About shtyra

  • Rank
  1. Success! Just finished updating flash without any detections from SAS. Good job SAS Team!
  2. Thanks for the info SASJoe. I'm currently running another scan with MWB, but as soon as it is finished I will update SAS and scan, then report back the results. Thanks again!
  3. Hi all! I've been trying to download an update for Adobe Flash player for windows xp/firefox from www.get.adobe.com and twice now SAS Professional - real-time protection identifies the installation file (install_flashplayer10x32_mssd_aih.exe) as a Heur.Agent/Gen-FakeFlash.Process and removes the file. I believe this to be a false positive. Any advice is appreciated. Thanks! ETA: I attached the file in question, but it is not appearing. If you need it, just ask. I'll try to upload again..
  4. Hi Seth, thanks for the reply. I've run ComboFix on the suggestion from another site (majorgeeks) and they are analyzing the log. So far so good. If I still have problems, I will contact Support. Thanks again for the reply.
  5. Hello all. I am having a problem removing Vundo/variant. Some basics first; I run the following on my laptop, Windows XP, Avira free edition, Malwarebytes free edition, Zonealarm firewall free edition and SuperAntispyware Professional edition. My problem started yesterday after n.exe requested permission from ZoneAlarm to access. I denied permission but as soon as I did that IE windows started popping up. (I run Firefox) I immediately closed my browser figuring an infection. I tried to run Malwarebytes and the .exe file was missing. I then tried to run SuperAntispyware Professional edition, which ran fine, and it popped up 24 infections all with Vundo/variant or some variation of. I quarantined all, rebooted and ran the program again, it ran clean. I then ran Avira free edition antivirus and it ran clean. I reinstalled Malwarebytes and ran that and it detected 6 Vundo variation, which I quarantined. Ran again, clean. Ran SuperAntispyware again, it ran clean. I then opened Firefox and checked a few sites (known news sites approved by McAfee siteadvisor) and in about 1/2 hour n.exe requested permission again. I denied the request and IE windows started popping up. Hibernated for the night and in the morning I googled n.exe to find it is a known malware/spyware and rather nasty. I made sure SAS, MWB and Avira were updated and tried to run MWB. Of course the .exe was missing. I ran SAS and the same 24 detections as yesterday popped up. It was like deja vu. I followed yesterdays process of running SAS, Avira and MSB until clean. I then navigated to where ZoneAlarm told me n.exe was located and it was still there. I scanned the file with all three and none detected it as malicious. Which would be fine, except I'm still having reinfections and I suspect n.exe is the cause. Help! Any advice on how to get rid of this nasty bugger?
  • Create New...