Jump to content


  • Content Count

  • Joined

  • Last visited

About sas1

  • Rank
  • Birthday 01/01/1970

Profile Information

  • Interests
  1. Well, this ^^^ bit of information may be helpful if/when the next detection occurs. But, I don't see how it helps the current situation.
  2. @siliconman You might be right (about SAS not being able to access the System Volume director), but I'm seeing some posts that indicate otherwise. Here's one: https://forums.superantispyware.com/index.php?/topic/3723-trojan-in-system-volume-information/ And scanning my system again with SAS (after the alleged quarantine took place) revealed no malware. Not trying to be contrary, just relaying the info as I understand it all. (Another, less global way of cleaning System Restore is via CCleaner. A user can select a particular restore point to delete versus all of them. I've not used that feature yet, however.) @SASD360 Sorry, but yesterday I decided to do some cleanup of my external (G) drive and one of the programs I deleted was that Opera app. I simply no longer used it. I'm pretty much married to Firefox Portable for now. Anyway, please continue to post here if you get any update from SAS regarding the status of this potential false positive. I'll do likewise.
  3. I'd love to know the outcome of this since I'm experiencing something very similar. Eerily, my situation is much like SASD360's. I have Opera Portable installed on my external drive. I seldom use Opera Portable (prefer Firefox Portable and sometimes Chrome), but on 3/4/11 or 3/5/11 I got this alert during an SAS scan: Trojan.Agent/Gen-FakeAlert[RnGlobal] G:\SYSTEM VOLUME INFORMATION\_RESTORE{5D527826-05BD-4A83-8416-28ACDDA14001}\RP843\A0147057.DLL I quarantined it and yesterday I restored a sandboxed version and saw that it was associated with Opera. Lastly, I sent it off to SuperAntiSpyware to be investigated as a false positive, but haven't received a reply. BTW - I mistakenly made a post in the General Questions section prior to seeing this one.
  4. I scanned my backup (G) drive this afternoon after updating SAS with the most recent definitions and got the following: Trojan.Agent/Gen-FakeAlert[RnGlobal]G:\SYSTEM VOLUME INFORMATION\_RESTORE{5D527826-05BD-4A83-8416-28ACDDA14001}\RP843\A0147057.DLL I quarantined it. Eset Nod32 scans my G drive as being clean. Not sure if this is actual malware or a false positive. Please help. Thanks.
  5. This post has me a bit confused. I've got two questions. 1) I've been told (by SAS staff in response to an email from a year or so ago) we should install the newest versions on top of our existing ones. But the above post suggests we should uninstall and then reinstall. Is that because the OP had a version that was a year old? Or is Angus stating we should always uninstall and reinstall regardless how recent or old the current version is? Would appreciate clarification. 2) My current version is about 2 months old and I have not updated to the newest one yet. I was planning on simply installing over my current version (I'm not at home right now, so I don't have that version number handy). I have noticed over time that it takes longer for the SAS program (I have the free version) to open when I manually open it. (I'm talking about just opening the program, not running a scan.) I've had SAS for about 1 1/2 years now. As best I recall, it would open within a few seconds, but now it takes a minute or two. Is that normal?
  6. I did. Sorry...it wasn't my intent to clutter up the forum. I made the preceding post before I read on your website that I should submit a support request.
  7. I'm not too experienced with this type of thing, so could use some expert help. Some background information: My system is Windows XP Pro, SP3. Anti-malware tools are Eset Nod32 and SuperAntiSpyware (free). For browser protection I have Sandboxie and use it all the time when I'm on the internet. Here's my (potential?) problem. This evening I updated my SAS definition signatures to the most recent one - 3723. I typically do these updates once or twice a week. Then I ran a complete scan of my system with SAS. Again, that's something I do once or twice a week. Previous scans have been clean. But tonight, SAS notified me of 4 threats as follows: ************************** Rootkit.Agent/Gen-Local Files: C:\Program Files\Wireless Device\Wireless Mouse\MouseAP.EXE Memory Processes: C:\Program Files\Wireless Device\Wireless Mouse\MouseAP.EXE Registry keys: HKLM\Software\Microsoft3\Windows\Current Version\APP Paths\MouseAP.EXE HKLM\Software\Microsoft3\Windows\Current Version\APP Paths\MouseAP.EXE#Path ************************ I uploaded MouseAP.EXE from C:\Program Files to VirusTotal.com. Their scan result was 0 out of 38. I then ran a scan of my entire system with Nod32. Again, no hits. I opened Windows Explorer, located MouseAP.EXE, right clicked it, and opened up Properties. It shows a creation date of 11/2005, which makes sense since that's when I bought my pc and loaded my wireless mouse on it. SAS is asking me if I want to quarantine the 4 threats. But given the negative findings on VirusTotal.com and my Nod32 scan, I'm thinking this could be a false positive. Again, I'm not too experienced with this. Expert advice is most welcomed.
  8. sas1

    Scan problem

    Well now I've looked closer at this, I realise that I was wrong. Yes, just under scanning progress it does show the files being scanned as being on C:\....., but on the right hand side side of the screen it also shows it is scanning memory items. When it gets through with these, and the following registry items, it then scans the Drive that was selected. What is it actually scanning during the "in memory" part of the scan, the files actually in memory, or the corresponding files on the drive itself ? As well as showing the full path of the file (e.g. C:\Windows\Explorer.exe) the hard disk light does flash on and off during this part of the scan, which might give the impression that it is actually looking at files on the drive, but the duty cycle of drive light does not look high enough for it to be scanning the files on the disk. It is now my impression that this actually does work as intended. I agree, greyfox. Sorry I didn't catch this behavior.
  9. sas1

    Scan problem

    No, I don't have any entry in Managed Exlcuded Folders. Thanks for everyone's input. Nice to know it's not just me. @siliconman01 - I didn't even think about using Custom Scan. I'll give that a try tonight. I hope someone from SAS reads this. It sounds like a bug.
  10. sas1

    Scan problem

    I just upgraded to version 4.22.1014 and was hoping the problem mentioned in my first post would somehow self-correct itself. Not so. My first attempt to get help doesn't appear to have been very successful, so I'll try again. Here's what's happening: 1) I click Scan your Computer 2) Various drives appear in the Scan Location window and Complete Scan is selected 3) It doesn't matter whether I select the "A" drive or "D" or "E" or "G" drives, the only drive showing in the Scanning Progress display when I begin the scan is the "C" drive, even though my "C" drive is not one of the ones selected. Am I doing something wrong?
  11. Running: WinXP Pro SP2 and SAS Free 4.21.1004 Question: SAS Main Menu >> Scan Your Computer >> It doesn't matter which Scan Location I select (flash drive, back up drive, etc.), the scan only occurs on the C drive. Is this a bug?
  12. I found out why this was happening to me. In addition to posting the question in this thead, I also emailed SAS Customer Service. They responded stating their public update servers have been turned off because the majority of their existing userbase has already received the update. I thought I'd post this response in case anyone else has the same experience as me. I'll either uninstall SAS and reinstall to the new version or just wait until SAS update servers are turned back on with the newest release. Thanks for your input.
  • Create New...