Jump to content

EliteKiller

Members
  • Content Count

    144
  • Joined

  • Last visited

Everything posted by EliteKiller

  1. I've been seeing a lot of people infected with the wmsdkns.exe trojan since Apr. 5., and I wasn't sure if you've added it to the definitions yet. Prevx info: http://www.prevx.com/filenames/X3204800 ... S.EXE.html Here's a HJT log from spywareinfo: http://forums.spywareinfo.com/index.php ... ntry628529 Primary Symptoms: -Receiving False Security Alerts every few minutes -Receiving False Security Popups, generally claiming to be Windows Security Center system warnings (pic: http://vil.nai.com/images/143406_vil_wi ... center.gif) -Receiving IE Popups leading to http://livesecuritycenter.com which quickly changes the address to 'about security' and offers Spymaxx and/or AntiSpyStorm 2008 -Desktop Background image has been replaced by a HTML file called "default" which announces that a spyware threat has been detected; click here to scan your PC for spyware -Access to Task Manager "has been disabled by Administrator" -General computer slowdown... Culprits: C:\WINDOWS\system32\wmsdkns.exe UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe Multiple entries: O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file) I also noticed three folders related to 180Solutions, Zango, and a couple of random folders that started with an S. When I ran SAS 4.0.1154 on an infected pc Sunday afternoon it did not pick up the infection. Unfortunately I was in a hurry and did not upload it to you for a sample. I used Unlocker 1.86 to delete the file (HJT misc. tools < delete file on reboot should work as well), and after a reboot all of the symptoms above were resolved.
  2. IMO you'd be better off ditching McAfee for another AV that uses less resources and offers better detection/removal. All 3 of the popular free AV's (Avira, Avast!, AVG) are superior to McAfee, and you don't have to worry about paying for renewals. Food for thought.....
  3. http://www.popupsentry.com/about.html
  4. http://www.malwarebytes.org/forums/inde ... st&p=15640 Surely you realize that nothing is 100% on any given day. Claiming that SAS has "lost its crown to MBAM" is a bold and opinionated statement IMO. I've run MBAM before SAS on some pretty hosed systems, and SAS is still flagging legit malware afterwards. I own several licenses of each program, so I'm not just a random SAS Fanboi injecting his thoughts.
  5. I'm also a consultant, and my advice would be to purchase several Pro licenses w/ lifetime updates at a discounted rate in advance. You can then keep the activation codes on a flash drive, etc., and then markup the cost $10 or w/e you wish to charge the customer. Installing SAS Free will allow you to clean up the system (same detection/removal capabilities as Pro), and you'll have a chance to pimp the software to your customer. If they elect to purchase the Pro version it only takes a few seconds to activate and enable real-time, fcp, and scheduled scanning. 9 times out of 10 if you leave malware removal tools on a customer's pc they won't run them anyhow.
  6. PCMag (Neil Rubenking) tries their best to review various antispyware apps. http://www.pcmag.com/article2/0,1759,2127210,00.asp In any event he pimps Spy Sweeper and Spyware Doctor which are one of the worst apps on the market. They both suffer from lackluster detection/removal and excessive bloat. What most people don't know is that Spyware Doctor starter edition (free) only uses 1/3 of the pay versions signatures. Can you say gimped software?
  7. Nick, for those using SAS Free, and later decide to purchase the Pro version, they must manually enable real-time, FCP, and auto updates. Would you consider enabling all of those options by default upon a successful Pro activation?
  8. It's still beneficial to scan in safe mode because chances are, if you're cleaning a hosed pc, that SAS will miss some infections and you'll need to resort to other removal tools.
  9. EliteKiller

    https://forums.superantispyware.com/view ... =2164#2164
  10. Yes. https://www.superantispyware.com/support ... tml?faq=44
  11. http://www.bleepingcomputer.com/combofi ... e-combofix
  12. Click on combofix since it is a URL.
  13. 1) Have you tried a system restore (if applicable) to a few days ago? 2) Reboot to safe mode, run SAS again, remove all infections found 3) Run combofix 4) It doesn't appear that the tcp/ip stack is hosed, but I would go to the SAS prefs > repairs > repair broken network connection anyhow 5) Uninstall the network devices in the device manager > reboot > reinstall
  14. Even legitimate websites serve up malware all of the time, so your best bet is to switch to a limited user account w/ an SRP or implement a HIPS into your arsenal.
  15. SAB includes SAS personal, so in essence you are running 2 instances. http://www.wilderssecurity.com/showpost ... ostcount=4
  16. While updating to IE7 is sound advice I'd highly recommend switching over to Firefox. You may also want to run CCleaner to see if it fixes your issue(s).
  17. There are at least a dozen quality Anti-Virus apps, but there are only a handful of quality Anti-Spyware apps. Since spyware/adware/trojans are more of a problem than your average "virus", IMO it only makes sense to stay where the action is at.
  18. 1) Download and run CCleaner or ATF Cleaner 2) Disable system restore if applicable 3) Copy the c:\program files\SUPERAntiSpyware folder from a clean pc (one that it's already installed on is fine) to a cd or flash memory drive. Now reboot the infected pc to safe mode w/ networking (if possible) and run SUPERAntiSpyware.exe, update it, go to preferences > scanning control and check all of the boxes, now run a complete scan. 4) I'd also highly recommend installing the Kaspersky AVPTool in safe mode as well, click under settings and set the security level to high, then run a full scan. * You may also want to consider running Combofix and posting the log.
  19. Is there any particular reason that you would not want to use the latest version?
  20. Nick, on several occasions I've failed to transfer the license on my personal pc's (in a hurry, forget, etc), or the ones that I am servicing, and when I reinstall/activate without having a single hardware modification it tells me that I've exceeded the number of activations. In any event a quick email to the support team rectifies the problem, but I figured that you would like to hear my experiences since I deal with dozens of computers each and every month.
  21. Because it does what I need it to do. You will find there are many of us that use this system still. You must not do very much. 1) Horrible memory management 2) Insecure and no more (current) MS updates 3) Win9x/ME driver support dropped from several vendors (namely video cards) 4) Not a good gaming platform (see above) I could go on..... In any event, Avast! is an exceptional AV with full 9x support. I'd look past the little quirks (quick launch issue), or better yet contact their support team to see if there is a workaround. You'd be wise to at least consider Windows 2000 if you are against WGA and activations.
  22. I'm surprised that Nick didn't mention task manager fails to report kernel level memory usage. Even when task manager showed SAS using 35-80MB of memory it didn't slow your system down one bit. Since there were so many people complaining about the memory usage, as well as the cpu usage spiking from 0-6%, it only made sense for those issues to fixed in version 4.0. Nick's comment on the memory usage: http://www.wilderssecurity.com/showpost ... stcount=24 Kudos to Nick and the team for a job well done.
×
×
  • Create New...