Jump to content


  • Content Count

  • Joined

  • Last visited

About anonymous_user

  • Rank

Contact Methods

  • Website URL

Profile Information

  • Gender
    Not Telling
  1. I guess what's important to remember that this should only happen again from time to time. You know, they'll only destroy your OS once every few years or less often than that. The malware will only compromise your computer through your malware protection (SAS) and steal all your sensitive info the next time they slip up. That probably won't happen again until everyone forgets about this.
  2. To put it more bluntly your manual definition updater was infected with an operating system destroying, file infecting, backdoor virus, and you don't want to tell us how it happened or what you are doing to prevent recurrences. (whatever the truth is I take that it must be worse than "anti-malware vendor carelessly distributes nasty malware to it's customers in malware protection update" – at least that's where you left off giving us info)
  3. SweetIM/SweetPacks is a malicious BHO that is commonly bundled with downloads from CNET's download.com. Even if you explicitly uncheck sweetpacks and deny it, it will install anyway. I think this classifies as spyware/malware. It does not include an uninstaller and mockingly tells the user to manually uninstall the crapware if you try: hxxp://toolbar.sweetpacks.com/uninstall/ VirusTotal: https://www.virustotal.com/en/file/86ff7dee420e47acb5bdf606d24c3d5de72f2c47a1f5880ed1d91fb054f085fd/analysis/1374460386/ Please help detect this
  4. You may want to give AdwCleaner from BleepingComputer a try. It's removed a bunch of BHO's for me. And yes it would be helpful for SuperAntiSpyware to catch more BHO's. It would help if you could guess which recently installed program came with this bundled malware in order for the team to identify the malware.
  5. maybe try TrendMicro Hijackthis or Malwarebytes'
  6. I just got a alert from SAS saying "Real Time Protection Blocked alert!!" and it was my visual basic 2006 project called "clock.exe" the infection was : Gen.Reloader-Process or something similar to that wonder why?
  7. Yea ive got this too.... i think its just happening to everyone.
  8. I'm getting false positives with SUPERAntiSpyware, see virustotal: http://www.virustotal.com/file-scan/report.html?id=88c49efc32c312d1bb395625748998b40ce74d0735b8b309c5b875d5a7753069-1315489906 and http://www.virustotal.com/file-scan/report.html?id=8e845f2d36d2a4f2699e2c9e4a8ff7c094d31a0d17a8e7b57caad93f0f61bcfd-1315492461 You can get the files (and even the source) with the fbedit package on this site: radasm.cherrytree.at/fbedit/ (sry, site down, I attached the files) I get more problems with this package, which are also false positives, but there's nothing more related with SUPERAntiSpyware. files.zip
  9. > Programs compiled with that program, may be used in real malicious files is why the packer is detected. But it is not a packer. It is a compiler. Like one from MS Visual Studio. I believe it is used mostly by developers of open source software (since it is open source itself). And this is a reason of absence of false positive reports. Open source developers don't take care about antiviruses, they say "Our program is not a malware. There is a bug in your antivirus. Check source code if unsure" But hey, how long SAS will mark my (and a lot of others) harmless programs as viruses?
  10. > Glad to hear it is a false-positve, I assume it was picking it up because it was attempting to spawn another process. Am I right? I don't know exactly but can guess that developers of open source GPG4Win use open source MinGW compiler. And looks like as for now SAS detects everything compiled with it as malware. Take a look at this thread for details.
  11. > No longer detected!! Great. Please be so kind to take a look at file which is attached to this post. Here is empty program from first post. I just compiled it again. foo.exe and foo2.exe have only 8 different bytes. 4 for timestamp of compilation and 4 for checksum. And while foo.exe is OK, foo2.exe is marked as virus (and all my programs too). I really can't understand what was the point to whitelist that build of empty program foo2.exe
  12. > I've submitted it as a false positive. Thank you. I hoped developers are here on forums though. > This file is questionable though, several other scanner are detecting it! Yes, I saw. But at least they don't detect any programs compiled with that compiler. You can just try to compile empty program and check. > Just so you know, that in the results window on the right hand side there is a button "Report False Positive", select the entry in question and click it to submit a report. I am not a user of SAS... In fact I write some tiny programs (mostly specific ones for local usage) and use MinGW compiler. And was notified that my program (and I'm 100% sure that it does nothing evil ) marked as virus by SAS. So I tried to found what is the reason... Deleted piece of code. Nothing changed. Deleted more code. Still marked as virus. Deleted all code. Lol, still marked as virus. So I'm here.
  13. Hello. SAS detects this program int main (void) { return 0; } as Trojan.Agent/Gen-UsrMgr if compile with compiler from MinGW (compiled file attached). Looks like SAS reacts like this to any file compiled with MinGW (I tried few programs before found that this empty program is marked as infected). Please fix. By the way, one cannot attach file at this forum without JavaScript... foo.exe
  14. Hi everyone, I tried using a bi-product installed with sas called bootsafe. I tried booting with bootsafe minimal and networking but neither of them worked for me It did make me reboot which was normal but after reboot it didn't enter safe mode. Just did its normal thing. I had to do it manually by pushing and holding F8 before windows logo to get into safe mode. Im using Vista 32bit Thought id let the community know Personally i reckon this bi-program should be removed from sas because its not very useful, well to me. But one day i decided to try it and yeah this problem presented itself, But perhaps there are people out there that use this so i decided to let the creators know. Remember i tried this about a month ago but didn't discover this forum till a couple of weeks ago. So not sure if this problems has been discovered and/or patched by now. But i was unable to find another thread regarding this. Thankyou Cheers
  • Create New...