Jump to content


  • Content Count

  • Joined

  • Last visited

About chalawah

  • Rank
  • Birthday 01/01/1970
  1. Pleased to say subsequent releases up to the latest v4.8.1 are not being flagged by SAS. Seems like this has been resolved. Thanks Nick and team.
  2. chalawah

    Rogue.MalWarrior HKCR\TacOnlyOne

    This is also being picked up on my computer, the same reg key: If I open Regedit and find the key this is the information: HKEY_CLASSES_ROOT\TacOnlyOne it is named 'ab (Default)' the Type is 'REG_SZ' the Data is 'value not set' I have reported this as a ?possible? false positive via SAS GUI. SAS first picked it up on my computer on 27/02/08...the same key details. At that time I chose to quarantine it, where it still remains. So it appears that the key is being recreated. If I Google for 'MalWarrior' I come up with this: http://www.spywareremove.com/removeMalWarrior.html ...and that there are processes files relating to MalWarrior: Install1.exe and MWLauncher.exe I cannot find either of these files. I have scannned with SAS Pro, AVG Free, A Squared, TH, NOD 3., OA, Prevx 2.0. All fully updated. These find nothing to do with MalWarrior, but maybe SAS knows more? Is any more info is required to identify this ?possible? false/or not positive? I am interested to know the outcome.
  3. Same similar issue with new version of notepad++ v4.7.5
  4. Hi Madeline, The definitions match exactly the ones I have on this computer and the ones found on the definition update history page.
  5. Same similar issue with new version of notepad++ v4.7.4.Installer.exe
  6. I have now completed the same method and actions as in items 1 to 5 . Same results... a similar alert from SAS. I immediately clicked on the option to scan in the SAS pop up alert [before clicking on Finish in the Notepad++ Setup]. The result of a Full scan is: 'Scanning is complete - No harmful software was found'. I have saved the nsa166.tmp directory that SAS alerts as containing problem .tmp files. I can see no .tmp files in there. When comparing the two files nsa166.tmp and nsx6f.tmp they contain the same files: InstallOptions.dll ioSpecial.ini LangDLL.dll modern-header.bmp modern-wizard.bmp nsExec.dll UserInfo.dll If I convert ioSpecial.ini to a txt file I can read that it relates to Notepad++ v4.7.3 Setup Hope this helps in attempting to find out what is happening. Thanks for your time on this matter.
  7. Ok, I have just run the Notepad++ v4.7.3.Installer.exe again, over the top of the existing Notepad++ v4.7.3 to test the results again. Here is the method I used: 1. Click on SAS and manually update/check updates: Core 3379 Trace 1373 2. Open the Notepad++ v4.7.3.Installer.exe 3. This time close to the beginning of the install SUPERAntispyware Alert window pops up: I do not click the 'Finish' button in the Notepad++ Setup window. 4. I click on the option to view details of which on this install of Notepad++ there are four!: 5. When I navigate to: Blocked Item: C:\Docume~1\NAME\LOCALS~1\TEMP\NSX6F.TMP\NS74.TMP Blocked Item: C:\Docume~1\NAME\LOCALS~1\TEMP\NSX6F.TMP\NS73.TMP Blocked Item: C:\Docume~1\NAME\LOCALS~1\TEMP\NSX6F.TMP\NS72.TMP Blocked Item: C:\Docume~1\NAME\LOCALS~1\TEMP\NSX6F.TMP\NS71.TMP I can find nsx6F.tmp only, and inside this directory I can see no other .TMP or .tmp files other than the following: InstallOptions.dll ioSpecial.ini LangDLL.dll modern-header.bmp modern-wizard.bmp nsExec.dll UserInfo.dll I have a copy of these saved. 6. I now click on 'Finish' on the Notepad++ Setup window....and attempt to navigate to: Blocked Item: C:\Docume~1\NAME\LOCALS~1\TEMP\NSX6F.TMP\ but find that this no longer exists This explains why I could not find it in my original post, as I had already clicked on the 'Finish' button in Notepad Setup 7. Clicking on the option to Scan in the SUPERAntiSpyware Alert pop up window and selecting full scan results in the computer being confirmed as clean: 'Scanning is complete - No harmful software was found'. 8. I am now going to run the Notepad installer again, but this time not click finish and run the SAS scan at the prompt from SUPERAntiSpyware Alert pop up window. I will post back my findings in a following post. I have also completed a manual scan [using SAS] of the nsx6F.tmp that I saved - no harmful software was found.
  8. Sorry Nick, at the time of the event I could not find the file, either by a subsequent scan by prompted by the SAS Pro pop-up alert, or by doing a manual search to the directory-location given in the pop-up:? From my original post: and:
  9. Hi Madeline Yes, that is the same Core and Trace definitions that I have as at Sunday 6.57PM 13/01/07 [GMT+10] Updates for me are completed automatically [in SAS Pro] by using the Preferences>Automatic updates> both ticks applied. In addition I always manually check for updates before manual scans. I have searched the definition update history page http://www.superantispyware.com/definit ... story.html and can see that I was in fact up to date on the Core definitions for the original issue posted on 07/01/08 I am not able to double check the Trace definitions for that specific period as there doesn't appear to be any listing that I can see - so I hope I didn't make a typo mistake there. I realise that today's Trace is 1373, so it could be a possible typo as I had them as Trace 1379.... I doubt very much that seeing that auto update is/was working perfectly and Core definitions were correct [verified by the defintionupdatehistory.html] that the Trace might have been incorrect [ putting any Trace definition typo aside for the moment]. So I am still interested in any answer to my original question. Go well.
  10. I am pretty sure that I didn't transpose any numbers Pandato. I have SAS Pro set to check every 8 hours and at program start-up, so I am wondering just how far off the current update for that specific time [Mon Jan 07, 2008 9:56 pm] my definitions were ? To expand further, at the end of the install SAS pop up alerts to say, '...detected and blocked a potentially harmful application from running', not only could I not find the file 'Trojan.Unknown Origin. C:\Docume~1\name\LOCALS~1\TEMPNSB397.TMP|NS39A.TMP' using a manual search, but clicking on the 'scan now' option also gave no further results - only a clean computer. Pandato, on Sat Jan 12, 2008 6:27 pm I noticed that I had posted this possible false positive in the incorrect part forum so I posted a link to this thread in False Positives: http://forums.superantispyware.com/view ... =5492#5492 Could you please also advise as to where I should continue to post regarding this matter - it is not my intention to make this thread scattered and difficult to follow. Thankyou for your time in providing assistance on this matter, I really appreciate it.
  11. chalawah

    Possible false + in Notepad++ v4.7.3?

    The sas pop-up appeared with the warning during the install of Notepad++. I clicked the option to scan in the pop-up, but do not recall an option in the first pop-up to "Report False Positive". The subsequent scan that I initiated from the first pop-up did not find the TEMPNSB397.TMP|NS39A.TMP and gave a clean computer result.
  12. Whoops, I posted about a possible false positve in the incorrect forum:( http://forums.superantispyware.com/viewtopic.php?t=1093 Appologies.
  13. Hi I d/l Notepad++ v4.7.3 from sourceforge.net [ npp.4.7.3.Installer.exe ] The MD5 is: 68924D4C0DCC91E3AC0AD9D0871EBCFD At the end of the install SAS pop up alerts to say, '...detected and blocked a potentially harmful application from running'. When I click on details I read: 'Trojan.Unknown Origin. C:\Docume~1\name\LOCALS~1\TEMPNSB397.TMP|NS39A.TMP If I navigate to the above location I cannot find the .TMP file. If I click 'allow' and navigate to the location I still cannot locate TEMPNSB397.TMP|NS39A.TMP This SAS alert also occured with Notepad++ v4.7.1 I am using: SAS Pro v 3.9.1008 | Core 3375 | Trace 1379 XP Home SP2 Fully updated. Hope this helps.