Jump to content


  • Content Count

  • Joined

  • Last visited

About denzilla

  • Rank
  • Birthday 01/01/1970

Profile Information

  • Interests
  1. Suggestion: Please stop calling the Portable personal edition of SAS portable because it's not anymore. You have to install it so unless you mean it's portable because you can carry the install file around on a flash drive, the name is misleading. All you're doing is giving the .exe some random name.
  2. When I run a regscan using SAS, the scan comes up clean (full scan is clean too) but in the scan progress section, the last thing it stops on is C:\Program Files\x86\Desktop Defender 2010. Is the scan progress window meant to show what SAS is scanning for or what it is currently scanning on the user's drive? I've ran scans using SAS, MSE and MBAM and all say my system is clean. Also if I browse to the Program Files Dir using Explorer, there is no C:\Program Files\x86\Desktop Defender 2010 or any reference in the registry using Find either. No visible evidence/behavior of this or any other malware present. Windows 7 x64 Fully updated
  3. I understand what you're saying, but I'm paranoid and don't get that squeaky clean feeling until every last trace of crap is removed. LOL nevermind me as I'm OCD Perhaps an option to scan other registries but have it disabled by default?
  4. One annoying thing I've noticed with SAS as well as other AS products is that you have to run separate scans for each user account on a PC. SAS will remove malicious files from other accounts, but if you sign into a different account and run a scan, SAS will find reg entries of those malicious programs. This is a real pain on PCs with multiple accounts. So, is it possible to scan registries of other user accounts while in another?
  5. Install Kaspersky AV 2009 update it, disconnect the PC from the net and run a full scan. Run SAS after KAV has done its thing to cleanup the remaining mess. If you have the time however, you may want to take the opportunity to work with SAS team to help them get info on this infection since I was unable to.
  6. I was under pressure to return my friends PC so I was unable to keep it any longer. KAV and SAS together finally killed the infection. I sent what samples I could though. Sorry I can't do more
  7. I've got a PC that was infected with vundo and fakealert variants. I rana full scan using the most recent version of SAS and todays defs, but its dlls, reg keys are being regenerated almost immediately after removal. HJT also has the same problem. I'm not currently at the PC, but I did zip up 3 dll files that regenerate as well as a HJT logfile. The dll files are named fodulivu.dll, ligutafo.dll, and kovihihi.dll. Here is this HTJ log: These are the keys I deleted: O2 - BHO: (no name) - {0f4eaeab-2c34-40f3-b8f9-1ef4af5aa2f1} - C:\windows\system32\fodulivu.dll O4 - HKLM\..\Run: [vasujavoye] Rundll32.exe "C:\windows\system32\ligutafo.dll",s O4 - HKUS\S-1-5-19\..\Run: [vasujavoye] Rundll32.exe "C:\windows\system32\ligutafo.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [vasujavoye] Rundll32.exe "C:\windows\system32\ligutafo.dll",s (User 'NETWORK SERVICE') O20 - AppInit_DLLs: C:\windows\system32\kovihihi.dll These keys come back a fews seconds after deletion. I'm reporting this in order to help the SAS community, but it would be nice to to get some assistance with this as well if possible. I will be back at the PC tomorrow morning if there is some more info that needs gathered.
  8. For me its not so much important that the code be in64-bit, but that the 32-bit modules fully work within Vista x64. As it is now, Vista blocks some of SAS's modules from loading because they're incompatible with x64.
  9. I recently ran into a badly infected PC that refused to allow me to install anything. It would be very useful if SAS made a package that the user could just unzip and run to bypass annoying problems like this. The other suggestion has to do with installing SAS on a 64-bit Vista box. Since some of the modules can't run in a 64-bit environment, why does the installer even bother installing them. How about making the installed check the system its being installed on and simply not install the incompatible modules? Full 64-bit compatibility would be ideal, of course. Thanks for reading!
  10. Thanks for the response It might be too much work for little payoff, but what about updating the installer to detect 64-bit and if found, disable the installation of those drivers so the errors won't show up at all? Also forgive my ignorance, but if the program scans/removes without the drivers, what purpose do they serve?
  11. I have these errors in my event log after install: I also had some file hash errors related to SAS in the Security Event Log but didn bother copying those. Is this thing safe to use on Vista x64 SP1 or not? Thanks for your help.
  • Create New...