Jump to content


  • Content Count

  • Joined

  • Last visited

About SirJon

  • Rank
    Malware Hunter
  • Birthday 01/01/1970
  1. SirJon


    Thanks Nick for posting. The O/S is Windows XP Pro. Actually, I am trying to run the latest version of SAS from RAM and load the remote registry hives. v4.0.1154 works well from a BartPE CD, but I can't get v4.21.0.1004 to start because SASKUTIL.SYS seems like its trying to hook the kernel on the dead hard drive and suddenly crashes. The older driver works fine, but the new version is giving me trouble. I was just wondering if you had any insight on what the driver is trying to do but eventually fails.
  2. SirJon


    SASKUTIL.SYS BSOD STOP ERROR 0X0000008E (0XC0000005 0XBAB63B75) SAS v4.21.0.1004 - Crashes when trying to open program. No security programs installed, no AV, no firewalls, no HIPS, etc.
  3. Hello, Is there a way to turn off the update check for the scanner when starting up the program from BartPE? I have "Check for updates before scanning on startup" unchecked, but it connects with the Internet anyway. There must be a registry setting that I'm missing. Thanks.
  4. From the files, ok. In the user profile directory, both malware database files are there including the .bin file with the latest dates. I'll delete them and try again EDIT: That did it. I've never had that problem before.
  5. Where is Definition Database Version controlled in version 4.0? I have the latest updates, but the program interface doesn't match the registry infomation in HKEY_CURRENT_USER, VersionProcessList and VersionProcessListRelated. The registry values (3416) and (1408) are correct, but the program user interface is stuck at Core: 3304 Trace: 1310
  6. You might have a look here: http://www.911cd.net/forums//index.php? ... owforum=21 They're not that hard to build.
  7. SirJon

    Hullo! :)

    Hello Tony. I haven't talked to you in a while. I've found that the detection and removal capabilities of SAS are superior to the other name-brand commercial anti-spyware utilities out there. (However, I still would like to see a 30 to 60 day registry, files/folders, created/modified, log generated after the scan.) Maybe they will include it in version 4.0. I hope Nick reads this post.
  8. Mine has been working for quite a while now. I had to build it from scratch. Just remember that scanning from the ramdrive to a dead hard drive, you are only using the SAS database. I use a batch file to see if there is anything leftover in the directories afterwards. Depending on the number and type of infections, there is usually quite a bit of bad dll files that go undetected I'm sorry to say. I just manually delete them from RAM. I also scan locations in the remote registry as well to look for anything left behind. In my opinion the biggest drawback scanning from a CD is.....speed.
  9. SirJon


    fatdcuk, have you tested virut on an XP testbox with a Limited Account?
  10. SirJon


    The malware corrupts the Windows files to unrecoverable condition. Antivirus utilities recognize and then try to clean, but fail to bring the files back to their default state.
  11. Yes, awesome heuristics radar. Currently, I would give Avira the edge over Kaspersky 7.0. (And I love Kaspersky)
  12. http://www.pcworld.com/article/id,136205/article.html Too bad SAS was left out.
  13. There's no intrusion on my system. No. It clearly does not. The best way to get rid of your "forceful intrusivenes" is to spend $29.95. Since you already like the program, that's cheap insurance in a world of bloated security programs out there with much higher price tags that don't work nearly as well as SAS.
  14. Great. I've been using ComboFix, RkU and IceSword.
  • Create New...