Jump to content

siliconman01

Members
  • Content Count

    1052
  • Joined

  • Last visited

Posts posted by siliconman01


  1. These two files are still being detect with database 13047

     

    SUPERAntiSpyware Scan Log
     
    Generated 09/27/2016 at 00:16 AM
     
    Application Version : 6.0.1224
    Database Version : 13047
     
    Scan type       : Complete Scan
    Total Scan Time : 00:10:27
     
    Operating System Information
    Windows 10 Professional 64-bit (Build 10.00.14393)
    UAC On - Administrator
     
    Memory items scanned      : 980
    Memory threats detected   : 0
    Registry items scanned    : 48432
    Registry threats detected : 0
    File items scanned        : 132275
    File threats detected     : 3
     
    Adware.Tracking Cookie
    www.wsaz.com\click_mobile [ C:\USERS\TOM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
     
    Trojan.Unclassified/Dropper
    C:\WINDOWS\SYSWOW64\VULKANINFO-1-1-0-26-0.EXE
    C:\WINDOWS\SYSWOW64\VULKANINFO.EXE
     
    ============
     End of Log 
    ============

  2. C:\Windows\SYSWOW64\Vulkaninfo.exe 
    C:\Windows\SYSWOW64\Vulkaninfo-1-1-0-26.0.exe 
     
    Both of the above files are being falsely detected on Windows 10x64 Pro Build 14393.187 as 
     

     

    SUPERAntiSpyware Scan Log
     
    Generated 09/24/2016 at 02:24 AM
     
    Application Version : 6.0.1224
    Database Version : 13040
     
    Scan type       : Complete Scan
    Total Scan Time : 00:09:46
     
    Operating System Information
    Windows 10 Professional 64-bit (Build 10.00.14393)
    UAC On - Administrator
     
    Memory items scanned      : 956
    Memory threats detected   : 0
    Registry items scanned    : 48435
    Registry threats detected : 0
    File items scanned        : 127414
    File threats detected     : 2
     
    Trojan.Unclassified/Dropper
    C:\WINDOWS\SYSWOW64\VULKANINFO-1-1-0-26-0.EXE
    C:\WINDOWS\SYSWOW64\VULKANINFO.EXE
     
    ============================================
     Scheduled Scan - Automatic Removal Results 
    ============================================
     
    Items scheduled for automatic removal:
    Trojan.Unclassified/Dropper
    C:\WINDOWS\SYSWOW64\VULKANINFO-1-1-0-26-0.EXE
    Trojan.Unclassified/Dropper
    C:\WINDOWS\SYSWOW64\VULKANINFO.EXE
     
    ============
     End of Log 

     

     

    VULKANINFO.zip

    VULKANINFO-1-1-0-26-0.zip


  3. Don,

    On Windows 7 SP1 x64 Professional, the major increase in handles during a complete scan occurs when SAS is scanning the C:\Windows\System32, C:\Windows\SysWOW64, and C:\Windows\WinSXS folders with about 400 handles increase in just the WinSXS folder alone.

    I have sent you an e-mail showing the handles increase at various stages of the Complete Scan.

    Yes, it appears to be new to V5.6. V5.5 handles would increase to approximately the same level, but then would drop back significantly after the scan window closed.


  4. This is on Windows 7 SP1 x86 and x64 Professional with SAS Pro V5.6.1006.

    Complete scan worked well and the registry scan issue appears to be fixed. Below is a scan report from Windows 7 SP1 x64 Professional system.

    SUPERAntiSpyware Scan Log

    https://www.superantispyware.com

    Generated 10/02/2012 at 00:56 AM

    Application Version : 5.6.1006

    Core Rules Database Version : 9325

    Trace Rules Database Version: 7137

    Scan type : Complete Scan

    Total Scan Time : 00:29:25

    Operating System Information

    Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)

    UAC Off - Administrator

    Memory items scanned : 620

    Memory threats detected : 0

    Registry items scanned : 71509

    Registry threats detected : 0

    File items scanned : 50609

    File threats detected : 0

    HOWEVER, following the completion of the Complete Scan the "Handles" remained at their high level of 1619 handles (1219 on x86) for Superantispyware.exe. Prior to the scan, the handles were down at 388 (290 on x86). The handles should drop back following the completion of scan so there is a bug here.

    During the complete scan, the memory usage got as high as 92 mbytes; whereas, with SAS Pro V5.5.1022 the memory usage surges as high as 500 mbytes RAM.


  5. This applies to Windows 7 SP1 x86 and x64 Professional with SAS PRO V5.6.1004,

    V5.6 is scanning some 23,000+ LESS registry keys than V5.5. Turning off Direct Access on the registry does not change anything. This registry discrepancy applies to both 32-bit and 64-bit Windows 7 SP1; however, on 32-bit the discrepancy is somewhat lower.

    On Windows 7 SP1 x64 Professional: SAS Pro V5.6.1004 Complete Scan.

    SUPERAntiSpyware Scan Log

    https://www.superantispyware.com

    Generated 09/26/2012 at 00:32 AM

    Application Version : 5.6.1004

    Core Rules Database Version : 9282

    Trace Rules Database Version: 7094

    Scan type : Complete Scan

    Total Scan Time : 00:26:51

    Operating System Information

    Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)

    UAC Off - Administrator

    Memory items scanned : 623

    Memory threats detected : 0

    Registry items scanned : 43929

    Registry threats detected : 0

    File items scanned : 52492

    File threats detected : 0

    On Windows 7 SP1 x64 Professional: SAS Pro V5.5.1022 Complete Scan.

    SUPERAntiSpyware Scan Log

    https://www.superantispyware.com

    Generated 09/26/2012 at 01:10 AM

    Application Version : 5.5.1022

    Core Rules Database Version : 9292

    Trace Rules Database Version: 7104

    Scan type : Complete Scan

    Total Scan Time : 00:34:22

    Operating System Information

    Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)

    UAC Off - Administrator

    Memory items scanned : 624

    Memory threats detected : 0

    Registry items scanned : 67061

    Registry threats detected : 0

    File items scanned : 52514

    File threats detected : 0

    Also note the update issue for core/trace files as per my previous post.


  6. This applies to Windows 7 SP1 x86 and x64 Professional with SAS PRO V5.6.1004.

    This new version is not updating the core and trace definitions.

    It shows core at 9282 and trace at 7094 on 09/26/12

    As of 12:10 a.m. eastern time USA, the latest core definitions are 9292 and trace definitions are 7104.

    SAS PRO says the definitions are up-to-date when an update is initiated. Downloading the manual core/trace definitions does not update to the latest either.

    No error messages are displayed or logged.


  7. I am also getting 1 false detection. Ran file ICONCDDCBBF15.EXE through VirusTotal and 0 scanners reported as malicious.

    SUPERAntiSpyware Scan Log

    https://www.superantispyware.com

    Generated 12/17/2011 at 03:57 AM

    Application Version : 5.0.1142

    Core Rules Database Version : 8064

    Trace Rules Database Version: 5876

    Scan type : Complete Scan

    Total Scan Time : 00:20:19

    Operating System Information

    Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)

    UAC Off - Administrator

    Memory items scanned : 623

    Memory threats detected : 0

    Registry items scanned : 72468

    Registry threats detected : 0

    File items scanned : 38074

    File threats detected : 1

    Heur.Agent/Gen-FakeSAS

    C:\WINDOWS\INSTALLER\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\ICONCDDCBBF15.EXE

    NOTE: The file ICONCDDCBBF15.EXE has been submitted to SAS as a suspected false positiive.


  8. SuperAntiSpyware has always required that SuperAntiSpyware.exe be running in memory for the right click scanning context switch to be available/functional. All older versions of SAS required that too. The GUI does not have to be open; however, SuperAntiSpyware.exe must be running. The service SASCore.exe or SASCore64.exe must also be running. This is required on the free and professional version of SAS. And it is irrelevant to NIS 2012 being on your system.


  9. This is on Windows 7 SP1 x86 and x64 Professional with SAS Pro V5.0.0.1116 and V5.0.0.1118

    When SAS is installed, folder C:\ProgramData\!SASCORE is no longer created. However it is referenced in registry keys. This folder has been in V5.0 and V4.0 for a long, long time. Wondering what has happened to it in the latest builds of SAS.

    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\!SASCORE]
    "Type"=dword:00000010
    "Start"=dword:00000002
    "ErrorControl"=dword:00000001
    "ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
     6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,55,00,50,00,45,00,52,\
     00,41,00,6e,00,74,00,69,00,53,00,70,00,79,00,77,00,61,00,72,00,65,00,5c,00,\
     53,00,41,00,53,00,43,00,4f,00,52,00,45,00,36,00,34,00,2e,00,45,00,58,00,45,\
     00,22,00,00,00
    "DisplayName"="SAS Core Service"
    "ObjectName"="LocalSystem"
    "Description"="SUPERAntiSpyware Core Service"
    "FailureActions"=hex:01,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,14,00,00,\
     00,01,00,00,00,e8,03,00,00
    "PipeName"="sascoreservicepipe"
    "ServiceName"="!SASCORE"
    "ServiceDescription"="SUPERAntiSpyware Core Service"
    "ServiceDisplay"="SAS Core Service"
    "AppDataPath"="C:\\ProgramData\\!SASCORE"

    NOTE that this missing C:\ProgramData\!SASCORE occurs if SAS is first manually removed via Programs and Features and then re-installed.

×
×
  • Create New...