Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by JRosenfeld

  1. It does not mean your PC has been hacked. It is easy and common for spammers to spoof the from address on an email message, using addresses they have collected from some hacked PC's contacts list, or from postings in forums or news groups.
  2. I had these too (SAS 4.39.1002 free on XP SP3). As I had deliberately set security centre not to notify me for autoimatic updates and AV, I allowed them. The only point I want to add is that when I clicked on 'explain detected item' it shows Summary : Disabled.SecurityCenterOption Company : Unknown/Varies Description : Unclassified Item - We are currently researching this item to provide more updated information. Perhaps worth updating that screen.
  3. Did you try OK ing (without filling in) or closing that window asking for a regisration key?
  4. Don't delete the cookies from the bank. They contain the information allowing quicker logon.
  5. It is very easy for spammers to make any email address appear in the from box, even though the message was sent from elsewhere. They may have collected yours from the internet or from the contacts lists of infected computers. Just delete such false emails.
  6. Fixed. I restored my system to an earlier date (in safe mode). Now SAS updated fine, in fact to core 4080.
  7. SAS free 4.27.1002 on XP SP3 I use manual update and until this evening it worked without problems. Today, at core 4077, I clicked check for updates, it found some and showed thescreen in the pic, giving details of 4078 and 4079. I clicked close, but I still show as 4077. Repeated, again found same updates. but not updating. Repeated several times same thing each time. Is there somrthing wrong at your end or is it me? [attachment=0]SAS.png[/attachment]
  8. To fully delete the temporary internet files, use the IE intenet options delete, select temporary internet files. That deletes them all (except the cookies references in your user account TIF folder). I have XP pro SP3, it's the same in XP SP2, don't know if this is the same in Vista or later, most of the TI Files are stored in subfolders of the Content.IE5 folder, which is a superhidden folder of your user account's temporary internet files folder and not visible even with show hidden files and folders checked. However, there is a trick to access the content.ie5 folder and its subfolders: If you open diskcleanup, highlight temporary intenet files, click view files, it opens Windows Explorer at the content.ie5 folder and you can open the subfolders (alphanumeric names: they get re-created with different names each time you use the IE options delete as suggested above; when empty they just contain a deskptop.ini file: do not delete those). I made a shortcut to the content.ie5 folder on my desktop for convenience: set that Window opened by diskcleanup to double pane view and right mouse drag content.ie5 from the left pane to desktop, create shortcut.
  9. There are two kinds of update poosible: the program itself and spyware definitions. The 'check for updates' button on the main page is under the heading 'spyware definition updates' and that 's what it does. If you want to check whether there are any program updates, click preferences, then the updates tab gives you options there. Current sotware version is 4.26.1000. You can see the version you have on the main page, bottom right
  10. SAS free 4.26.1000 working fine on XP SP3
  11. Is this legit? http://fileforum.betanews.com/detail/SU ... 42662646/1
  12. Sentyou the file. No longer flagged with latest update of definitions, core 3401, trace 1393, so I take it you found the file was OK (even though I do not know what uses it or when: I did not observe any malfunctions while it was in quarantine). Many thanks
  13. build 1136. on XP SP2 all updates. C:\Windows\system32\Vistaultm.dll flagged as Trojan.Unclassified/Packed-Win.Process I could not find any information on vistaultm.dll on Google. Its properties do not have any information on where it comes from (not a Windows file). It seems to have got onto my system on 4 August 2008. Is this a real trojan? (if so, it's the first one ever to have invaded my PC). I can send you the file if you wish.
  14. OK, I understand about possible future usage, and agree that an orphaned entry in the registry does no harm. However it will be likely to confuse those who do use registry cleaners. Although I rarely do so myself, I'm testing jv16 in anticipation of having to help out those who do.
  15. But then what is the purpose for creating the value "AppID"="{C615554D-7B87-4275-84FF-8E0BA2AD071B}" if it never gets referenced? Deleting that value, jv16 is happy and does not flag the other entries.
  16. I have SAS free 3.5,1016. As far as I can tell it is functioning correctly. I was just testing the regcleaner app of Macecraft jv16 Power tools 2007 beta 3. It flags the following SAS-created keys as 'Invalid AppID' [HKEY_CLASSES_ROOT\ShellExecuteHook.SABShellExecuteHook] @="SABShellExecuteHook Class" [HKEY_CLASSES_ROOT\ShellExecuteHook.SABShellExecuteHook\CLSID] @="{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKEY_CLASSES_ROOT\ShellExecuteHook.SABShellExecuteHook\CurVer] @="ShellExecuteHook.SABShellExecuteHook.1" [HKEY_CLASSES_ROOT\ShellExecuteHook.SABShellExecuteHook.1] @="SABShellExecuteHook Class" [HKEY_CLASSES_ROOT\ShellExecuteHook.SABShellExecuteHook.1\CLSID] @="{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKEY_CLASSES_ROOT\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}] @="SABShellExecuteHook Class" "AppID"="{C615554D-7B87-4275-84FF-8E0BA2AD071B}" [HKEY_CLASSES_ROOT\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\InprocServer32] @="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ProgID] @="ShellExecuteHook.SABShellExecuteHook.1" [HKEY_CLASSES_ROOT\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\Programmable] [HKEY_CLASSES_ROOT\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\TypeLib] @="{D01E70E5-2E5A-4EDC-B8A7-84FA45346E34}" [HKEY_CLASSES_ROOT\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\VersionIndependentProgID] @="ShellExecuteHook.SABShellExecuteHook" If those are false positives in jv16 I'd like to report that to Macecraft beta testing. However, I don't have an AppID {C615554D-7B87-4275-84FF-8E0BA2AD071B}, so I guess they are correctly flagged. If they are invalid, then what needs fixing in the registry. If they relate to some componet that is in SAS Pro but not in the free version it would be better not to have them created in the free install. As an experiment I let jv16 delete them, and this did not seem to affect SAS that I could see (I then restored the keys, just in case).
  17. If you wish, you can disable the Winlogon item for SAS using e.g. Spybot (advanced mode, tools, syatem startup). just uncheck it there. To renable, check it there, restart.
  18. I take it that if a folder is added to the exclusion list, that excludes any subfolders in it as well? If so, how does one exclude a folder but include one or more of its subfolders in the scan? Reason is, I want to exclude most but not all the subfolders in C:\ program files, to speed up the scan. Many of the programs I have installed are not subject to malware attack (specialist scientific software and similar apps) and scanning all their executable files each time is not useful. To select each of those application folders within program Files folder for exclusion would be a chore. It would be easier to exclude C:\program files, with an option to reinclude specific folders within it. But that does not seem possible (nothing in the help file, at least). Check out Windows Defender custom scan select folders to scan option as an example of what I would like.
  • Create New...