Jump to content


  • Content Count

  • Joined

  • Last visited

Posts posted by redwolfe_98

  1. why is my assumption wrong when SAS pops up an alert saying that it blocked "trojansimulator.exe" from running, yet it is still running?

    so you are saying that even though SAS fails to block "trojansimulator.exe" from running, it doesn't likewise fail to block other files that it flags from running?

    if you have a sample of malware that you believe SAS actually blocks from running, send it to me and i will try running it on my pc and see if SAS's realtime protection actually blocks it from running..

    my email address is "redwolfe_98 at yahoo.com".. you can send the sample as an email-attachment, in a password-protected zipped file..

    or, to Nick, of SAS.. you have said that if i manage to find a mysterious website with mysterious malware that mysteriously tries to run on my pc then i will see that SAS will block if from running.. well, instead of my spending my life looking for the mysterious website with the mysterious malware that mysteriously tries to run on my computer, just send me a sample of some real malware (or any other file) that you believe SAS blocks from running, and i will try running it on my computer and see if SAS actually blocks it from running..

    understand that i wouldn't be posting about the issues that i mention if i didn't care about SAS and want to be able to use SAS for realtime protection.. to "politely", "professionally" tell me that it doesn't matter that SAS's realtime protection fails to actually block the trojansimulator from running because the trojansimulator is not real malware doesn't help.. as far as i know, if it fails to block the trojansimulator from running, it likewise fails to block the other files that it flags from running.. i want SAS to do what it is supposed to do, to block malware from running.. blocking "trojansimulator.exe" (or tserv.exe, as well) from running is a way to demostrate that SAS is working properly, which is what the trojansimulator is for, for testing programs like SAS..

    even if SAS does not want people to be able to use the trojansimulator for testing SAS, there should be some way of testing the program to see that it is functioning the way that it is supposed to-without running real malware on your pc just to see if SAS is working properly or not..

  2. the main thing that bothers me about SAS's realtime protection is that when i use the "trojansimulator" to test SAS, SAS flags "trojansimulator.exe" and pops up an alert saying that it blocked the "malware" from running, yet "trojansimulator.exe" is still running! in other words, based on that test, SAS actaully has no realtime protection.. it will pop up alerts saying that it blocked "malware" from running, but the malware is still running..

    i tried reporting this to SAS but they replied that since the "trojansimulator" is not actually real malware it doesn't matter that SAS fails to block it from running.. well, i understand that the trojansimulator is not real malware, that it is just used for testing programs like SAS.. the problem is that SAS fails to block it from running.. if SAS fails to block "trojansimulator.exe" from running i can conclude that it would likewise fail to block any other "malware" from running..

    SAS says that if i can manage to find some mysterious website with some mysterious malware that mysteriously tries to run on my computer, then i will see that SAS will block it from running..

    well, it is too much trouble for me to risk infecting my computer with some mysterious malware just to prove that SAS fails to actually block malware from running (and then having to spend several hours reformatting).. i can do that with the trojansimulator, without any risks..

    i hope that, one day, SAS's realtime protection will actually work because i would like to use the program for realtime protection..

    i don't understand why no one but me, it seems, seems to think that it matters that SAS fails to block malware from running.. yes, you will get your popup alerts saying that SAS blocked the "malware" from running, but the "malware" is still running..

    maybe there are some others who are "experts" who can use real malware to demonstrate that SAS's realtime protection actually does block malware from running.. i have asked for anyone to demonstrate to me that SAS's realtime protection actually works.. i have seen posts where people have said that they, like me, have seen SAS pop up alerts saying that it blocked malware from running, but was the malware actually blocked from running? in my case, the answer is NO..

    p.s. regarding the "trojansimulator", even if SAS has no realtime memory-scanning, which i presume that it doesn't have, i still think that SAS should add detection for the "tserv.exe" process and for the simulator's startup regkey so that it can be demonstrated that the manual on-demand scanner works properly.. (SAS only has a pitifully poor detection of the trojansimulator where "tserv.exe" and the startup regkey are not flagged when running a manual on-demand scan with SAS while "trojansimulator.exe" is flagged)..

  3. i tested SAS with the "trojansimulator", running SAS pro with supposed realtime protection..

    when i launched the "trojansimulator", SAS popped up an alert saying that SAS had blocked "trojansimulator.exe" from running, yet it was still running, and so, obviously, SAS failed to actually block it from running.. (SAS also failed to block the trojansimulator's "tsserv.exe" process from running)..

    after running the "trojansimulator" and SAS's failure to prevent it from running, i ran a full manual scan.. SAS failed to flag the trojansimulator's "tsserv.exe" process which was running in memory, failed to flag the tsserv.exe file, and failed to flag the trojansimulator's "startup" regkey (in hklm/software/microsoft/windows/currentversion/run).. so, again, another complete failure (first with the realtime-protection, then with the manual scanning)..

    i contacted SAS about this issue, but the excuse that they made was that the "trojansimulator" is harmless and so they do not bother to flag it.. well, the "trojansimulator" is for testing programs like SAS and i need for SAS to flag the trojansimulator in order to see that the program actually works the way that it is supposed to..

    after reporting the issue, instead of being professional and working to improve SAS's detection of the "trojansimulator" and working to fix their malfunctioning realtime guard, they make excuses and ignore and dismiss the report.. when i point out that all they do is make excuses and ignore and dismiss reported problems with SAS, they say i am being rude.. uhg! is it too much to ask that SAS simply address the issues rather than making excuses and ignoring and dismissing reported problems? instead, i am supposed to accept their excuses and just say "OK", and just imagine that "there really are no problems with SAS", the way that they seem to do..

    the people at SAS seem to lack professionalism and, if they actually have any talent, then why don't they fix the little issues that i report to them, like how the updater hangs when SAS is running in realtime, or how the program's "find out what's running" links cause IE to crash.. it shouldn't be hard to come up with an updater that functions properly, or to fix those "find out what's running" links to where they can open IE without causing it to crash.. or to fix the malware-databases so that SAS can handle the "trojansimulator" the same way that it would any other "malware"..

    i would like to use SAS.. people say good things about it and i think SAS does good at adding detections for the latest malware to their malware-databases.. it would be great if the realtime protection actually worked.. and it would be great if the people at SAS had some professionalism where they would address the problems with SAS instead of making excuses and ignoring and dismissing reported problems..

    incidentally, another "issue".. i tested to see if SAS could detect malware in a zipped folder and it didn't.. for testing, i zipped the "trojansimulator.exe" file and then did a manual scan and SAS did not flag the file.. you would think that SAS would be able to flag "malware" within a zipped folder..

  4. i don't like the way that pctools automatically renews subscriptions, either, but they are not the only ones that are doing that.. "computer associates" and "symantec" do it, though symantec is not aggressive in doing it; they, symantec, makes it easy to opt out of the automatic renewals..

    with computer associates, you have to email them and tell them not to do it, and hope they get it right..

    i am leary of pctools, but i think they are good about giving refunds to those who ask for them after their subscriptions were automatically renewed..

    imo, this automatic subscription renewal stuff is really wrong..just an example of how we the people are getting screwed.. how can these cretons presume to take money out of our accounts unless we tell them not to do it? it ought to be the other way around where they cannot take money out of our bank accounts unless we first give them permission to do it..

    then again, these days, all the vendors seem to presume that we all are complete total morons.. they would say "people are morons so we help them out by automatically renewing their subscriptions".. maybe they have a point, or they made that point, arguing that malware is at epidemic levels and most people don't have the good sense to use antivirus programs, and so, in the public interest, the government allows these vendors to do what they are doing..

  5. you could do some testing.. two ways you could do it.. create a new "restore point" and then try running "system restore" to that newly created "restore point", or, turn off system restore and then turn it back on and then test it..

    i don't know if you should reboot between turning "system restore" off and turning it back on..

    sometimes, changes to your computer will prevent running a system restore to a point before those changes..

    an alternative to using "system restore" is using "erunt"..

  6. it sounds like you are running multiple scanners, multiple "on-demand"-scans, at the same time, and i think that therein lies the problem..

    personally, i usually disable all of my realtime scanners/realtime-scanning when i am doing an "on-demand"-scan, and, of course, i never run multiple on-demand-scans at the same time..

  7. i would like it if SAS would provide some kind of "immunization" where activex-killbits are used to fight malware, like those used in "spywareblaster".. i think that SAS has the resources where they could do that..

    "spyware doctor" has an "immunization" feature where it adds activex-killbits to the registry, as does "xblock", and that was one reason why i used "spyware doctor", to take advantage of its "immunization" feature..

  8. Something on your system is obviously conflicting as you are having all sorts of problems that no one else is having

    let's focus on the problem at hand, a problem with the links that are used within the SAS program..

    in one of your posts, you said "make sure you don't have another security product that is blocking ActiveX and/or scripts.".. well, i do use "high" security settings in IE's "internet zone", if that is what you mean.. however, i can click links that are used within other programs that i use and they will open IE without any problem.. i think that you could make the links that are used with the SAS program to work the same way, where they will still open IE even when one is not using low security settings..

    it should not be the case where we have to use low security settings, allowing scripting and activex controls, in IE, in order for those links to work..

    besides using "high" security-settngs in IE, i don't have anything else blocking "activex and/or scripting", except that i do use "spywareblaster", and "spybot S&D", which also has some "immunization", but spybot is not running in realtime..

    i am running win xpsp2, kerio 2.15, antivir, SAS (3.6), "regdefend", and BOClean..

  9. it is worse, in my case.. when i click the links, i get an error-message indicating that IE is crashing, even though IE is not actually open, at least not where i can see it, though maybe SAS had tried to launch IE when i clicked the links.. after that initial "crash", if i try to open either IE or "explorer", i just get repeated crashes, until i reboot my computer..

    if i click the links while IE is open, there is no problem, but if i click the various links while IE is closed, then i get the crashing..

    i have saved the crash-dump files, but i am not aware of any way of submitting them to SAS (if they care to look at them)..

    considering that the links work fine if they are clicked while IE is open, i think that the SAS program needs to be programmed to where it will properly open IE if IE is closed when the links are clicked, which would solve the problem that i am experiencing..

    on the other hand, i would actually prefer it if all of those links were removed from the menu that pops up when you click the SAS-icon in the systray, and from the SAS program's main GUI, including the one that comes up when you are running the updater, but especially the ones in the menu that pops up when you click the SAS-icon in the systray, for aesthetics.. i would like for there to be just a plain, simple, non-cluttered menu, there.. speaking of which, what do others think about SAS's menu, the one that pops up from the SAS-icon in the systray?

  10. there is a limit to how many security programs you can have running in realtime, with win xp, if you want them to function properly.. i don't know about vista, if it has the same limits, but my guess would be that it doesn't..

    i used to run trojanhunter, ewido, and "a-squared", along with the kerio 2.15 firewall, "regedefend", and "processguard".. i discovered that, with all of those running, some of the programs would not catch malware the way that they were supposed to (i didn't really have any malware on my pc, but i was using "test files", for testing)..

    i found that trojanhunter was not catching the test files, the way that it was supposed to.. so, then i started running "BOClean" instead of "trojanhunter", but i found that it, too, would not catch the test-files, the way that it was supposed to..

    kevin mcaleavey of "privacy software corporation", makers of "BOClean", ran some diagnostics on my computer and determined that the problem was "having too many programs running", and explained that windows xp is not designed to accommodate that many security programs..

    he said, something like, there are 8 slots at the kernel-level, or something like that, and so, if your programs need more than those 8 slots, some will get booted out in order to accomodate the others, and that is why i was finding that "trojanhunter" and "boclean" were not performing the way that they were supposed to (and so i quit running so many security programs, in realtime)..

    i really don't know what "resources" my programs are using, but i try to keep things at a minimum, and not to overdo it.. right now i am running my kerio 2.15 firewall, antivir, SAS, "regdefend", and BOClean, so i have those five programs showing in my systray.. i also usually have some "HIPS" program running, but i don't have one installed, right now.. if i did have a "HIPS" program installed, i might opt to not run both SAS and BOClean, together, because i think that could be pushing things, though it probably would be OK to run them both, together, along with the other programs (that would be a total of 6 security programs that i would have running in realtime, if i added a "HIPS" program to what i am currently running).. i would say/guess that that would be the maximum that i could run, without running into problems..

    so, you might not see a problem from having a lot of security programs running in realtime, but, if you test their performance, you might find that they are not performing the way that they are supposed to, even though you don't SEE any "conflicts" between the programs, when they are running..

  11. well, to test, i ran the adware unininstall and the SAS uninstall (i uninstalled one, rebooted, and then uninstalled the other, and rebooted).. apparently, with the new vista-compatible installers, when you use "add/remove" to "uninstall" a program, instead of the program uninstalling, it runs a "repair install", or something like a repair-install..

    incidentally, i was not able to simply delete all of the files in the SAS folder, even in "safe mode".. i had forgotten about that, when i made my earlier post.. i used "hijackthis" to remove the "sas-winlogon notify" thing, rebooted, and then was able to delete the associated file, and i used "regsvr32" to "unregister" another file, rebooted, and then was able to delete it.. i also did some additional things in trying to manually uninstall SAS, but i won't go into the details..

    the new vista-compatible installers are not win xp-compatible.. i think that microsoft is at least partly responsible for this problem..

  12. i also had a problem with uninstalling SAS build i didn't see any error messages, and i didn't check for errors in "event viewer", but i did notice that NONE of the files in the SAS folder, in c/program files/SAS, were unininstalled when i ran the uninstaller, and the SAS context menu-item was not removed..

    i could manually delete the files in the SAS folder, but i could not figure out how to remove the context menu item.. and i also manually deleted one or more SAS files in c/windows/system32/drivers, whatever SAS-files i could find, and i got rid of the SAS regkeys that i could find, as necessary though actually i believe that i didn't find any SAS regkeys to remove..

    i also had a problem when i installed SAS build when i would click the SAS icon in the start/all programs menu, instead of SAS running, it would run what seemed like a "repair install", and my guess is that this is also why the uninstaller wouldn't run properly..

    i had a similar experience with the new "ad-aware" "installer" that was recently uploaded to cnet's "download.com", feb 12th, 2007 where clicking the ad-aware icon in start/all programs would run what seemed like a "repair install" and then, when running the uninstall, none of the ad-aware files in c/program files/lavasoft/ad-aware would be removed..

    i don't know if the problem stems from SAS and lavasoft's trying to make their installers "vista"-compatible, or if the problem is with MS's "msiexec.exe"..

  13. SAS is flagging "pravda.ru" in IE's "trusted sites" zone, on my computer.. the website is harmless and so i can see no reason why SAS should be flagging it..


    if it makes any difference, the "pravda.ru" website is independent of the "pravda" newspaper..

    SUPERAntiSpyware Scan Log

    Generated 02/21/2007 at 05:34 AM

    Application Version : 3.5.1016

    Core Rules Database Version : 3186

    Trace Rules Database Version: 1196

    Scan type : Complete Scan

    Total Scan Time : 00:18:39

    Memory items scanned : 237

    Memory threats detected : 0

    Registry items scanned : 3818

    Registry threats detected : 2

    File items scanned : 21107

    File threats detected : 0

    Browser Hijacker.Internet Explorer Zone Hijack

    HKU\S-1-5-21-682003330-57989841-2147132391-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pravda.ru

    HKU\S-1-5-21-682003330-57989841-2147132391-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pravda.ru#*

  14. Registry threats detected : 2

    File items scanned : 20787

    File threats detected : 0

    Browser Hijacker.Internet Explorer Zone Hijack

    HKU\S-1-5-21-682003330-57989841-2147132391-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\4acloserlook.com

    HKU\S-1-5-21-682003330-57989841-2147132391-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\4acloserlook.com#*

    this webpage is for an internet-radio show on "america news network"..


  • Create New...