Jump to content

anonymous_user

Members
  • Content Count

    25
  • Joined

  • Last visited

Posts posted by anonymous_user


  1. I guess what's important to remember that this should only happen again from time to time. You know, they'll only destroy your OS once every few years or less often than that. The malware will only compromise your computer through your malware protection (SAS) and steal all your sensitive info the next time they slip up. That probably won't happen again until everyone forgets about this.


  2. We realize that our definitions release on March 24, 2013 triggered some third-party anti-virus systems to flag a threat.

     

    To put it more bluntly your manual definition updater was infected with an operating system destroying, file infecting, backdoor virus, and you don't want to tell us how it happened or what you are doing to prevent recurrences. (whatever the truth is I take that it must be worse than "anti-malware vendor carelessly distributes nasty malware to it's customers in malware protection update" – at least that's where you left off giving us info)


  3. SweetIM/SweetPacks is a malicious BHO that is commonly bundled with downloads from CNET's download.com. Even if you explicitly uncheck sweetpacks and deny it, it will install anyway. I think this classifies as spyware/malware.

     

    It does not include an uninstaller and mockingly tells the user to manually uninstall the crapware if you try: hxxp://toolbar.sweetpacks.com/uninstall/

     

    VirusTotal:

    https://www.virustotal.com/en/file/86ff7dee420e47acb5bdf606d24c3d5de72f2c47a1f5880ed1d91fb054f085fd/analysis/1374460386/

     

    Please help detect this :)


  4. You may want to give AdwCleaner from BleepingComputer a try.  It's removed a bunch of BHO's for me. And yes it would be helpful for SuperAntiSpyware to catch more BHO's. It would help if you could guess which recently installed program came with this bundled malware in order for the team to identify the malware.


  5. I'm getting false positives with SUPERAntiSpyware, see virustotal:

    http://www.virustotal.com/file-scan/report.html?id=88c49efc32c312d1bb395625748998b40ce74d0735b8b309c5b875d5a7753069-1315489906

    and

    http://www.virustotal.com/file-scan/report.html?id=8e845f2d36d2a4f2699e2c9e4a8ff7c094d31a0d17a8e7b57caad93f0f61bcfd-1315492461

    You can get the files (and even the source) with the fbedit package on this site: radasm.cherrytree.at/fbedit/ (sry, site down, I attached the files)

    I get more problems with this package, which are also false positives, but there's nothing more related with SUPERAntiSpyware.

    files.zip


  6. > Programs compiled with that program, may be used in real malicious files is why the packer is detected.

    But it is not a packer. It is a compiler. Like one from MS Visual Studio.

    I believe it is used mostly by developers of open source software (since it is open source itself). And this is a reason of absence of false positive reports. Open source developers don't take care about antiviruses, they say "Our program is not a malware. There is a bug in your antivirus. Check source code if unsure" :-)

    But hey, how long SAS will mark my (and a lot of others) harmless programs as viruses?


  7. > Glad to hear it is a false-positve, I assume it was picking it up because it was attempting to spawn another process. Am I right?

    I don't know exactly but can guess that developers of open source GPG4Win use open source MinGW compiler. And looks like as for now SAS detects everything compiled with it as malware. Take a look at this thread for details.


  8. > No longer detected!!

    Great. Please be so kind to take a look at file which is attached to this post. Here is empty program from first post. I just compiled it again. foo.exe and foo2.exe have only 8 different bytes. 4 for timestamp of compilation and 4 for checksum. And while foo.exe is OK, foo2.exe is marked as virus (and all my programs too). I really can't understand what was the point to whitelist that build of empty program :)

    foo2.exe


  9. > I've submitted it as a false positive.

    Thank you. I hoped developers are here on forums though.

    > This file is questionable though, several other scanner are detecting it!

    Yes, I saw. But at least they don't detect any programs compiled with that compiler. You can just try to compile empty program and check.

    > Just so you know, that in the results window on the right hand side there is a button "Report False Positive", select the entry in question and click it to submit a report.

    I am not a user of SAS... In fact I write some tiny programs (mostly specific ones for local usage) and use MinGW compiler. And was notified that my program (and I'm 100% sure that it does nothing evil :) ) marked as virus by SAS. So I tried to found what is the reason... Deleted piece of code. Nothing changed. Deleted more code. Still marked as virus. Deleted all code. Lol, still marked as virus. So I'm here.


  10. Hello.

    SAS detects this program

    int main (void)

    {

    return 0;

    }

    as Trojan.Agent/Gen-UsrMgr if compile with compiler from MinGW (compiled file attached). Looks like SAS reacts like this to any file compiled with MinGW (I tried few programs before found that this empty program is marked as infected). Please fix.

    By the way, one cannot attach file at this forum without JavaScript...

    foo.exe


  11. Hi everyone,

    I tried using a bi-product installed with sas called bootsafe.

    I tried booting with bootsafe minimal and networking but neither of them worked for me

    It did make me reboot which was normal but after reboot it didn't enter safe mode.

    Just did its normal thing.

    I had to do it manually by pushing and holding F8 before windows logo to get into safe mode.

    Im using Vista 32bit

    Thought id let the community know

    Personally i reckon this bi-program should be removed from sas because its not very useful, well to me. But one day i decided to try it and yeah this problem presented itself, But perhaps there are people out there that use this so i decided to let the creators know.

    Remember i tried this about a month ago but didn't discover this forum till a couple of weeks ago.

    So not sure if this problems has been discovered and/or patched by now.

    But i was unable to find another thread regarding this.

    Thankyou

    Cheers


  12. Hi everyone,

    I was just wondering about a new feature sas should have where sas can scan within archives zip,rar etc

    Most of my threats are detected within archives by my current antivirus software, Eset smart security

    Sas does a good job at detecting spyware and other threats once extracted and activated.

    i dont know if sas already has this feature, but from what i remember it doesnt as i have tried it in the past.

    Thanks

    Cheers


  13. Hi Everyone,

    This has bugged me for a while.

    when sas scans there is a window required to be open, if i try to close it then it'll ask me if i wanna cancel the scan.

    what im trying to say is can sas have a scan in background feature rather than a window opened when scanning.

    Almost every antivirus, antispyware etc has this feature except for sas :(

    I don't know what everyone else thinks of this but it would be good to have.

    Thankyou

    Cheers


  14. It seems to install fine and the scanner also works, though I found an Error 1060 in the Event Viewer:

    Log Name: System

    Source: Application Popup

    Date: 8/3/2007 8:35:05 AM

    Event ID: 1060

    Task Category: None

    Level: Error

    Keywords: Classic

    User: N/A

    Computer: AMD64

    Description:

    \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    I currently use the free version of SAS, but would the Pro version work realtime?

×
×
  • Create New...