Jump to content


  • Content Count

  • Joined

  • Last visited

About mchain

  • Rank
  1. Running XP Pro SP3, SAS Free v. 5.5.1012, Database Version 9045 (current Monday 8/13/2012). Attached find last scan, DB version 9044 8/10/2012 below: (I discovered I cannot upload file, so pasted below) Question re these two files? Can I safely remove these installed folders inside WINDOWS/Resources/Themes concerning these two installer files found elsewhere on the Desktop? Would this completely remove any possible threat? Other folders/installed programs are there/would want to remove all except for the original Windows installed Themes. OK to remove manually? I inherited this system from someone else. Cannot find this sort of program/theme in Add/Remove. Does not exist. Second Topic: Possible security issue for me (or for the forum as well). I have not visited here for some time, and apparently the user account password no longer worked. I went and got a new password and USED the CAPTCHA feature to complete password reset. On the first attempt, I completed only ONE of the two requested CAPTCHA words, and accidently clicked "enter" before I was done. CAPTCHA request still went through. I checked email account, and the new password was there waiting for me. I did this a second time, this time correctly, and got a second new password. Have not tried or used the second password yet. Currently logged in here using the first new password provided. Is this right or expected? Or? Log: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 08/13/2012 at 09:55 AM Application Version : 5.5.1012 Core Rules Database Version : 9044 Trace Rules Database Version: 6856 Scan type : Quick Scan Total Scan Time : 00:06:34 Operating System Information Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600) Limited User Memory items scanned : 463 Memory threats detected : 0 Registry items scanned : 29767 Registry threats detected : 0 File items scanned : 7347 File threats detected : 2 Trojan.Agent/Gen-Small C:\DOCUMENTS AND SETTINGS\USER\DESKTOP\PERSONAL STUFF\DOWNLOADS\BLUE_XP.EXE C:\DOCUMENTS AND SETTINGS\USER\DESKTOP\PERSONAL STUFF\DOWNLOADS\CARAMEL_XP.EXE
  2. @ JohhySokko and Emy, There is an add-on for browsers that will block most cookies here: http://adblockplus.org/en/ This should help to remove this somewhat annoying issue.
  3. Hi Asura 111, There is an add-on for browsers that will prevent cookies from loading here: http://adblockplus.org/en/ Hope this helps to eliminate the somewhat annoying issue.
  4. Running XP Home 32-bit SP3 2GB RAM, SAS version 5.0.1108. Update went well, and program is faster as advertised. But minor changes: 1.) Definition updates in limited user account do not work anymore. I must enter Administrator account to update or use 'Run as....' if in limited user to update. 2.) Definition updates not listed correctly in limited user account when updating in Administrator account. 0 Core and 0 Trace and older definition date is the result when running limited user. This shows after I reboot from Administrator to limited user. 3.) Updating definitions while in limited user will result in dialog box displaying update progress ending in 'definitions are current' and I close box. Highlighting the SAS icon in system tray will then show current update parameters but older definition date. Definitely better than before. Can this be fixed? Definitely progress here. Just a niggling issue. I would not consider running version 4 as 'Pro', as it took too much system resources to run as 'Free', especially when updating the definitions file. Can only imagine what impact system resources would have had if I had the 'Pro' version and was running it with real-time enabled. SAS 'Free' now running about the same as Malwarebytes Free in terms of system resource use. mchain
  5. I would like to thank each person who has taken the time to answer my questions about the false positive result. I know a file can be modified off-site and placed on the system, and that may have been what happened here. There have been no system crashes of any kind, but the shortcut to F-Secure was modified somehow and showed as a generic, non-windows icon. This is interesting because of the now infamous .lnk and .pif file exploit(s), and this occurred before these exploits became public knowledge. As of the moment, my system seems to be running just fine.
  6. Yes, I am using the latest version and defs. Is this a false positive or not? I haven't heard anything from Super since I sent the file off for analysis.
  7. Using version 4,40,0,1002 with latest definitions. Latest Version? As I said before, these files and folders were removed.
  8. Sent via link: Don't know yet if successful. As an aside, there were several other folders and files involved, i.e. \HealthCheck\Antivirus\Opswat, etc, along with this possibly questionable file. Updated with the latest MS security hotfix, something to do with a HelpCenter vulnerabilty, as well as the standard malware cleaner they send, today and looked for these folders and files associated with, and could not find these anywhere on my system afterwards. Near as I can tell, the only thing wrong with this file was that the digital signatures and/or certificate(s) was expired. Also scanned with VirusTotal. Result was 0/42, but it did say the above was expired, which is what I see on my system. If MS removed these folders and files, then maybe there is or was something wrong with this file?
  9. Here is the original file. As I said, I removed the file using a DoD process but I saved it to a floppy disk. I tried using the first upload option and that said it would not accept that type of file. I tried modifying the uploader settings to a flash-based, no luck. So, how do I get the file to you? BTW, F-Secure says the file is clean, even though the digital signatures produces an error.
  10. SAS found a file on 7/08/10 named Trojan.Unclassified-Packed/Suspicious with the following path: Documents and Settings\(name of folder withheld)\Local Settings\Temp\HealthCheck\Antivirus\Opswat\OpswatProcessScanner.dll on Windows XP SP3. Interestingly enough, SAS was unable to see this file while run in administrator mode, only when in user mode. While in user, it would find and quarantine this file but when I looked for this file in admin, it would still be there. F-Secure says this file is clean even though checking for Digital Signatures gives an invalid result. I have contacted them twice about this file and the only response I have gotten so far is from their automated server. I have erased this file from my system using a DoD process and also had to turn off System Restore to remove it completely from my system. I have had some weird events on my machine when trying to install an update to an existing program, i.e, a dialog box will show stating I cannot install this program without administrator privileges while I am running as admin, the box would display for about four seconds, disappear, and installation would continue and complete, but have not seen this since removing this file. F-Secure says this file is clean. Is this a false-positive? Let me know what other information you require to research this further.
  • Create New...