Jump to content


  • Content Count

  • Joined

  • Last visited

About lalittle

  • Rank
  1. I actually see that error as well -- I just pasted the other one as an example. I didn't try any fixes yet given that SASService said "The only side-effect is that those errors appear in the event log." I'm still hoping for clarification on this, but this sounds like the errors don't actually effect anything else, and can safely be ignored. If this is the case, it seems like the best/easiest thing to do might be to just ignore the errors while waiting for a fix. Larry
  2. I downloaded SAS_StartupFix.exe, and Zonealarm (which uses the Kaspersky AV engine) popped up with a "malicious file" alert. It doesn't actually identify it as malware, but it appears to think it "might be." The "details" say "The files content, layout, and format resembles that of malicious software." I just wanted to make sure that I'm getting the correct file, and assuming I am, I wanted to let you know that Zonealarm/Kaspersky has this reaction to it. Thanks, Larry
  3. Thanks -- that's exactly the information I was looking for. Regarding the startup fix, I'm not sure I understand what you mean by "if you suspect they are at fault" because I'm not seeing any actual "faults" other than the event log errors themselves. Were you talking about a situation where I WAS seeing other issues? My only other questions are if and/or how the SAS_StartupFix.exe program effects subsequent updates to the program, i.e: - If I do an update, do I need to re-run the fix? What about unistalling/reinstalling SAS? - Will there be an SAS update that eliminates the need for the "Startup fix" program, and if so, do I need to "undo" the startup fix changes? - On the same note, will there eventually be 64bit drivers for SAS, and if so, will I need to "undo" the startup fix changes before installing that version? - Most importantly, given my particular situation (i.e no issues other than the event log errors), would you recommend that I NOT run the startup fix, or is it "possible" that running the fix could prevent OTHER issues from happening? Sorry for asking so many questions about this -- I'm just trying to fully understand the situation so I don't get confused later. Thanks again, Larry
  4. According the the SAS faq, SAS is supported under Win7 64Bit -- it just runs in "32bit mode." After installing the latest version on a W7 64bit system, however, I'm seeing event log errors pertaining to SASKUTIL.sys and SASDIFSV.SYS, i.e: I see other posts referring to similar errors on W7 64bit systems, and some people stating that SAS is not actually W7 64bit compatible at this time. I'm therefore confused about whether or not I can safely use SAS on a W7 64bit system. Is there any "official" word about these error events being logged? I guess the bottom line question is this: Do the error events imply that SAS is not running correctly, or can they safely be ignored? Thanks, Larry
  5. Just to clarify, are you saying that it is only detected as a problem when it IS hidden? Do you know what could have caused it to change from hidden to not hidden on an immediate second pass? I didn't change anything -- I just ran SAS again. Thanks, Larry
  6. I just did a full scan with the newest version of SAS and it found nothing. I'm confused about what happened. SAS no longer finds Rootkit.Cloaked/Service-GEN even though it was not removed. I'm concerned about the security of my system now. Thanks again for feedback, Larry
  7. I just did a full scan which reported the following: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 12/10/2008 at 09:03 PM Application Version : 4.21.1004 Core Rules Database Version : 3671 Trace Rules Database Version: 1650 Scan type : Complete Scan Total Scan Time : 00:35:30 Memory items scanned : 341 Memory threats detected : 0 Registry items scanned : 4339 Registry threats detected : 1 File items scanned : 24292 File threats detected : 239 Rootkit.Cloaked/Service-GEN HKLM\system\controlset001\services\PciBus C:\WINDOWS\SYSTEM32\DRIVERS\PCIBUS.SYS I did some research on the PCIBUS.SYS file and was left uncertain as to whether or not this was a false positive. I therefore did NOT check this item when I continued. Later I was considering letting SAS do it's thing on this file, so I did a second scan on just this folder (as well as the registry.) This scan, however, turned up nothing. I'm not sure what to make of this. Why did the second scan not give me the same result as the first given that I did not check the box for this item the first time? I've since updated SAS to the newest version, and will try a new scan, but this behavior has me confused. Does SAS ignore items that were not checked on the first pass? Thanks for any feedback on this, Larry PS. Is it possible that this was a false positive? I checked a couple other systems and they all have this file, which appears to have been created when I installed windows.