Jump to content

SASJoe

Members
  • Content Count

    19
  • Joined

  • Last visited

About SASJoe

  • Rank
    Member
  • Birthday 11/15/1987

Profile Information

  • Gender
    Not Telling
  1. SASJoe

    Can't delete four entries

    Hi Clark, These detection rules are all what we call 'notify' rules. If a file gets detected by one of these rules then we notify the user by showing the result in the usual 'items found' window, HOWEVER, in order to actually delete these items you need to click the checkbox next to each of these items in the window. If you do not check these, then they are not removed. This is probably what you are experiencing. The reason we have 'notify' rules is because some of our rules are more heurisitics based so we like to err on the side of caution, and also because some programs are not really 'malicious' per se but may be unwanted (hence the PUP prefix to the detection rules, it means Potentially Unwanted Program) so we don't want to remove the item automatically, we notify the user and leave that choice up to the user since their PC is not in iminent danger from PUP items. Next time you run a scan and these items come up, make sure to check the checkboxes next to each of these that you wish to be deleted. Have a good day!
  2. SASJoe

    Heur.Agent/Gen-FakeFlash.process

    Not a problem, happy to hear that this is now corrected. Have a good one!
  3. SASJoe

    Heur.Agent/Gen-FakeFlash.process

    Hi Shtyra, I am sorry to hear about this, it does indeed sound like a false positive. I was unable to trigger this detection on my own machine, but I did make some changes to the rule in an effort to prevent false detections moving forward. The update just went live, so if you could update your rules and then scan with database version 8270 and then let me know if it is still being detected or not then that would be fantastic. Thanks so much for your help in finding/fixing false positives.
  4. Hi Bfann, The Repairs are certainly still a part of the free version, it has just been moved since we did the big v5 UI redesign. If you look at this screenshot you can see the Repairs button is on the applications main screen, just below the 'Check for Updates' and to the left of the 'Help' button. Have a good one!
  5. SASJoe

    SAS Professional

    Hi DonnyDave, The Whitebox rule is not a false positive - it is a good rule. Sure - it has caused several false positives, but the rule still stands today and kills thousands of different malware samples. It does a whole lot more good than harm. The Babylon infection is not a result of the SAS scan, it is unrelated. We recieve over 25,000 new malware samples per day. Neither us, nor any other security vendor, are able to make rules to detect each and every one of those. We use our best judgement to decide on which samples are most important to focus on - and what rules will do the most to help protect our users. I am sorry to hear that you had a malicious program get through your security setup, but unfortunately these things happen. No one company can protect against all existing malware, and this is why we highly recommend that PC users use antivirus in addition to antispyware and in addition to any firewall. This makes it so you are protected by atleast 3 company's worth of definitions. Unfortunately, even with this great setup - some items can still get through. Next time you get infected but SAS is unable to remove, then you can make a CSR ticket at: http://www.superantispyware.com/csr We are more than happy to run a diagnostic on your PC, and then one of our technicians can go through it and attempt to retrieve a copy of the malicious program causing all the trouble. Likewise, we also have a tool called Threat Check (http://www.superantispyware.com/superantispyware_threatcheck.html) -- which can also help submit potentially malicious program information back to us here at SUPERAntiSpyware HQ when our scanner is not detecting anything on your machine but you know that it is infected. Thanks for sharing your situation with us, we do our best to innoculate our users against as many threats per day as possible -- but even so we cannot get every item. With your help next time we can get a copy of that non-detected item so that we can make a rule to protect both you and our other users from it moving forward. Have a good day!
  6. Hi Marko, The only way for us to verify whether or not the file is being falsely detected is for us to receive a copy. To do so, please file a False Positive report by clicking on the 'False Positive' button following a scan (while still on the results screen). This sends us all the relevant info needed to make the judgement, and if it is a FP we will of course fix the rule so that it no longer gets triggered for the non-malicious item. Thanks so much for your help.
  7. Great! Glad the changes fixed the false positive.Thanks for letting us know!
  8. SASJoe

    KDE-Mover-Resizer not a Trojan

    Hi GIS-Guy, Thank you for reporting this. We will need you to use our in-application 'Report as False Positive' button (you see it immediately following a scan on the right side of the results window). This will send us all the vital information for the files so we can verify if it is or isn't a false positive. If it is a False Positive, then we will be able to make sure that we exclude these files moving forward. Thanks so much for your help!
  9. SASJoe

    Waterfox 64 bit Browser

    Hi George_L, Thanks for testing this. I tested it out and could not trigger any detections, and after looking through our definition update logs I see that our fix for this false positive actually was implemented in database version 7960. This explains why on version 7959 you were still having the false detection. When you have a chance, please update your definitions once more and test it again please. I am pretty sure we have this fix implemented correctly, so you shouldn't have any more detections. Thanks again for your help!
  10. SASJoe

    Waterfox 64 bit Browser

    Hi George_L, Thanks so much for reporting this to us. You are correct, this was a False Positive. We have implemented a fix for this detection as of the most recent definitions update. Please update your definitions, and then you shouldn't have any more problems with that Waterfox file getting detected. Thanks again! We really appreciate your help finding and fixing False Positives!
  11. SASJoe

    POWERMENUSETUP_1_5_1.EXE

    Sure thing, not a problem. Sorry about the inconvenience to begin with. If you ever have any more detections you believe to be False Positives please feel free to send in another False Positive Report. Have a good one!
  12. SASJoe

    NFSHS as trojan.agent/gen-autoit

    Hi Archie, Thank you for reporting this to us. In order to review the file we need you to use our in-application 'Report as False Positive' button (located next to the results window immediately following a scan). This will send us all the vital file info we need so that we can make a ruling, and then exclude the file if it is indeed a false positive. Unless you use this Report button then we will not be able to reproduce the detection or be able to know exactly what file (you say it's modified?) you have there that is causing the detection. Thanks so much Archie, we really appreciate your help reporting False Positives!
  13. SASJoe

    few False Report of Viruses

    Hi Gene1234, Very interesting, thanks for reporting this to us. In order to see if this is a false positive, and then to subsequently exclude these files, following a scan where these items get detected we will need you to use our in-application 'Report as False Positive' button so that we can get all the information about the file we need to make a decision on it. You can see this button on the results page following a scan, before clicking on 'Remove'. Thanks so much - we really appreciate your help finding and fixing False Positives!
  14. SASJoe

    MKVCLEAVER_X64.EXE is a TROJAN

    Hi Francisco, If you believe this detection to be a False Positive then I urge you to use our in-application 'Report as False Positive' button (you will see it immediately following a scan, while still on the Results screen) to send us all the file information we need to make a decision and to exclude the file moving forward. Thanks so much for you help! Have a good one!
  15. SASJoe

    POWERMENUSETUP_1_5_1.EXE

    Hi Madeline, Yup, this was indeed a False Positive. As of the most recent update this is now fixed and we no longer will detect that file. Once you update your definitions you shouldn't have any more issues. Thanks so much for your help! Have a good one!
×