Jump to content

Lagerx

Members
  • Content Count

    63
  • Joined

  • Last visited

Posts posted by Lagerx


  1. Hello!

    If you open that Rogue antispyware and try to buy it, then can you locate that page and send it to samples[at]superantispyware.com. (DO NOT BUY THIS FAKE ANTISPYWARE!)

    Also, try updating SAS, because newest database is 3750 (core)


  2. Welcome to SAS forums!

    Yes, there is.

    You must belong to the Malware Hunters group to view this forum - this is for the protection of our users so people don't infect themselves by clicking an infected link. You can join there but if you are not malware hunter, then you are "useless"


  3. Apparently I wasn't in admin and it only downloaded the new definitions. I downloaded the new version and it found the same file and an additional vundo file. The scan log is below and I'm going to run another one to see if it's gone now.

    Thanks for your help and patience. Is this adware vundo as bad as the trojan?

    SUPERAntiSpyware Scan Log

    https://www.superantispyware.com

    Generated 12/13/2008 at 01:14 PM

    Application Version : 4.23.1006

    Core Rules Database Version : 3674

    Trace Rules Database Version: 1653

    Scan type : Quick Scan

    Total Scan Time : 00:11:09

    Memory items scanned : 529

    Memory threats detected : 0

    Registry items scanned : 461

    Registry threats detected : 1

    File items scanned : 5993

    File threats detected : 4

    Adware.Vundo Variant

    HKU\S-1-5-21-1013300348-779916470-1403716777-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A63E645F-13BD-45ED-B15F-6E8C1BD57279}

    Adware.Tracking Cookie

    C:\Documents and Settings\od\Cookies\od@atdmt[2].txt

    C:\Documents and Settings\od\Cookies\od@msnportal.112.2o7[1].txt

    C:\Documents and Settings\od\Cookies\od@doubleclick[1].txt

    Adware.Vundo/Variant-Trace

    C:\WINDOWS\SYSTEM32\UQABYWIU.INI

    Please download Icesword from here

    http://www.antirootkit.com/software/IceSword.htm

    Extract this .zip file and start Icesword.

    On the left you will see File. If you press on it, find C:\WINDOWS\SYSTEM32\UQABYWIU.INI and choose right click on file and "force delete"

    Do scan with SAS again and see if it still finds it.

    PS: Before starting Icesword, close your running antispyware/antiviruses and firewall. Otherwise there will be some conflicts.


  4. Hello. When you open that ballon (fake popup) and IE will pop up internet site, can you send that page to samples AT superantispyware.com

    By doing that, they will get sample for that rogue antivirus/spyware.

    As from your diagnostic report, I think they will update database tomorrow.

    If you see tomorrow newer database, try perform quick scan and see if it detects anything.

×
×
  • Create New...