Jump to content

mikew_nt

Members
  • Content Count

    46
  • Joined

  • Last visited

About mikew_nt

  • Rank
    Advanced Member
  1. The other interesting thing is.... I understand SAS is now offering up a free Ask.com toolbar installation on their free product (mine is registered of course). Not sure why SAS would be failing a scan on something SAS offers alongside their installation....
  2. Given that there were no engine updates, I'm sure it was a definition file update that did it. The question is: is that a mistake in the update that they are now causing a scan failure..... I'm interested to hear from SAS.
  3. I think my concern is that the behavior changed overnight for SCHEDULED scanning. Nothing was installed on either computer in the previous day. One computer is here at our house, one is at my Mom's. Both successfully scanned two days before without the PUP's being indicated. Then last night on both computers it appeared for the first time. While I'm no fan of Ask, or how easily you can forget to un-check it when installing Java, I don't know why overnight it would have gone from something that did not result in a failed scan to one that does. Having two computers in two different locations with neither having had anything installed recently all of a sudden change the scan behavior overnight tells me something in SAS changed. Can somebody from SAS please comment?
  4. It appears the handling of PUPs in scheduled scans changed last night. This morning both my Mom's and my son's overnight scheduled SAS scans were filled with detections of PUP ask toolbar. These did not previously get flagged. My son tells me that on the manual scans in the past, ask toolbar would get flagged as a PUP. And I can see an option to detect or not PUPs in pre-scan on manual scans However, I can not find a similar option in the scheduled scan. Nor, as I mention above, did they previously get flagged in automated scans. It appears the program behavior has changed. I have not tested to see if the manual scan PUP option also coincidentally affects the scheduled scan, so it may be a workaround, but would not be a real solution. Will the definitions be fixed so that PUPs no longer get flagged during scheduled scans once again? Or will an option be added to scheduled scan configuration? If so, I think default should be 'no' since that seems to be the previous program behavior. Anybody else seeing this?
  5. All pass AVG, all pass MBAM, checked out the first couple with VT both passed Submitted all five as FPs via SAS interface SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 04/24/2014 at 01:45 AM Application Version : 5.7.1018 Core Rules Database Version : 11185 Trace Rules Database Version: 8997 Scan type : Complete Scan Total Scan Time : 01:45:02 Operating System Information Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 856 Memory threats detected : 0 Registry items scanned : 37404 Registry threats detected : 0 File items scanned : 115324 File threats detected : 5 Trojan.Agent/Gen-Tracur C:\PROGRAM FILES\DVDFAB 8\OPTIONS\DVDFABFILE2MOBILE.EXE C:\PROGRAM FILES\DVDFAB 8\OPTIONS\DVDFABBLURAY2MOBILE.EXE C:\PROGRAM FILES\DVDFAB 8\OPTIONS\DVDFABDVD2DVD.EXE Trojan.Agent/Gen-Turkojan C:\PROGRAM FILES\DVDFAB 8\OPTIONS\DVDFABBLURAY2BLURAY.EXE C:\PROGRAM FILES\DVDFAB 8\OPTIONS\DVDFABDVD2MOBILE.EXE
  6. Reported using FP submission tool this morning, latest definitions still picking up as FP. Confirmed using VT, only SAS out of 47 def sets picking this up as trojan. Clear FP. SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 08/03/2013 at 05:27 PM Application Version : 5.6.1020 Core Rules Database Version : 10665 Trace Rules Database Version: 8477 Scan type : Complete Scan Total Scan Time : 00:00:01 Operating System Information Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 0 Memory threats detected : 0 Registry items scanned : 0 Registry threats detected : 0 File items scanned : 1 File threats detected : 1 Trojan.Agent/Gen-Sality C:\WINDOWS\INSTALLER\{91E30409-6000-11D3-8CFE-0150048383C9}\PUBS.EXE
  7. The FP is now gone with the latest updates, but I still would like an explanation from SAS why it passed on a context menu scan and did not pass on a Complete Scan. Same exact file, I copied the path precisely. It leads me to now question whether SAS is correctly scanning on context menu scanning. SAS, please respond.
  8. Yep, I'm aware those are temp files and can probably just be deleted. However, I put up the post to bring to SAS's attention the fact that the context menu scan and the Complete Scan are reporting inconsistently. That is a bug/problem PS: I'll probably not delete the temp file since it corresponds to a FP problem that SAS needs to fix.
  9. Sorry, one other piece of info. I exited and restarted SAS twice, and finally rebooted. Still have FP in Complete Scan, but passes in context menu scan.
  10. I know Gen-Zbot is generally being recognized as a false positive off this weekend. Updating definitions to latest has fixed one of my two, but there is one that remains when I do a complete scan. Here is the weird thing: if I Complete Scan, it shows up. If I right-click to scan (context menu scan, right?), it passes. Please fix both the FP and this discrepency between Complete Scan and context menu scan. And of course, Virus Total passes this same file 0/47 detections. SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 05/28/2013 at 06:46 AM Application Version : 5.6.1020 Core Rules Database Version : 10450 Trace Rules Database Version: 8262 Scan type : Complete Scan Total Scan Time : 00:01:13 Operating System Information Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 813 Memory threats detected : 1 Registry items scanned : 32478 Registry threats detected : 0 File items scanned : 4277 File threats detected : 1 Trojan.Agent/Gen-Zbot C:\USERS\WALSH\APPDATA\LOCAL\TEMP\PDK-WALSH-4336\38A10EE333CF1A9AFEC3F0ACDF1BBEBC\SCAN.DLL C:\USERS\WALSH\APPDATA\LOCAL\TEMP\PDK-WALSH-4336\38A10EE333CF1A9AFEC3F0ACDF1BBEBC\SCAN.DLL SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 05/28/2013 at 06:48 AM Application Version : 5.6.1020 Core Rules Database Version : 10450 Trace Rules Database Version: 8262 Scan type : Complete Scan Total Scan Time : 00:00:00 Operating System Information Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 0 Memory threats detected : 0 Registry items scanned : 0 Registry threats detected : 0 File items scanned : 1 File threats detected : 0
  11. FP appeared last night. Confirmed as FP on Virus Total: https://www.virustot...sis/1358512466/ Updaed SAS to 9891, still FP. Reported via SAS FP interface also. Please fix ASAP, thanks! Trojan.Agent/Gen-Small E:\SYNCTOY BACKUPS\DOCUMENTS\OLD COMPUTER STUFF\DVD TOOLS\IFOEDIT0971\IFOEDIT.EXE ZIP ARCHIVE( E:\SYNCTOY BACKUPS\DOCUMENTS\OLD COMPUTER STUFF\DVD TOOLS\IFOEDIT0971.ZIP )/IFOEDIT.EXE E:\SYNCTOY BACKUPS\DOCUMENTS\OLD COMPUTER STUFF\DVD TOOLS\IFOEDIT0971.ZIP C:\USERS\WALSH\DOCUMENTS\OLD COMPUTER STUFF\DVD TOOLS\IFOEDIT0971\IFOEDIT.EXE ZIP ARCHIVE( C:\USERS\WALSH\DOCUMENTS\OLD COMPUTER STUFF\DVD TOOLS\IFOEDIT0971.ZIP )/IFOEDIT.EXE C:\USERS\WALSH\DOCUMENTS\OLD COMPUTER STUFF\DVD TOOLS\IFOEDIT0971.ZIP SHA256: cac45a62fe74ff91cbd49160616c7c489d3199a49dfa8cd028432066f6fbe894 SHA1: 3b62534c78dffef23ea1ca70165684b776b0fb5a MD5: 9fc704bf773f87e162bcd6c0f1072130 File size: 1.2 MB ( 1208320 bytes ) File name: IfoEdit.exe File type: Win32 EXE Detection ratio: 1 / 46 Analysis date: 2013-01-18 12:34:26 UTC ( 0 minutes ago ) 0 0 More details Analysis Comments Votes Additional information Antivirus Result Update Agnitum - 20130118 AhnLab-V3 - 20130118 AntiVir - 20130118 Antiy-AVL - 20130118 Avast - 20130118 AVG - 20130118 BitDefender - 20130118 ByteHero - 20130118 CAT-QuickHeal - 20130118 ClamAV - 20130118 Commtouch - 20130118 Comodo - 20130118 DrWeb - 20130118 Emsisoft - 20130118 eSafe - 20130116 ESET-NOD32 - 20130118 F-Prot - 20130118 F-Secure - 20130118 Fortinet - 20130118 GData - 20130118 Ikarus - 20130118 Jiangmin - 20121221 K7AntiVirus - 20130117 Kaspersky - 20130118 Kingsoft - 20130115 Malwarebytes - 20130118 McAfee - 20130118 McAfee-GW-Edition - 20130118 Microsoft - 20130118 MicroWorld-eScan - 20130118 NANO-Antivirus - 20130118 Norman - 20130118 nProtect - 20130118 Panda - 20130118 PCTools - 20130118 Rising - 20130117 Sophos - 20130118 SUPERAntiSpyware Trojan.Agent/Gen-Small 20130118 Symantec - 20130118 TheHacker - 20130117 TotalDefense - 20130117 TrendMicro - 20130118 TrendMicro-HouseCall - 20130118 VBA32 - 20130118 VIPRE - 20130118 ViRobot - 20130118
  12. Sorry, I had meant to reply to this before. This was a SAS engine related issue from what I can tell nighthawkext. The engine update (5.5.1016) of around Sept 8 put the behavior back to normal. Nothing changed on the PC before, or around this time. I've included the logs below to show pre and post engine update from SAS. SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 09/08/2012 at 00:59 AM Application Version : 5.5.1012 Core Rules Database Version : 9196 Trace Rules Database Version: 7008 Scan type : Complete Scan Total Scan Time : 00:59:17 Operating System Information Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 853 Memory threats detected : 0 Registry items scanned : 23482 Registry threats detected : 0 File items scanned : 87179 File threats detected : 0 SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 09/09/2012 at 01:13 AM Application Version : 5.5.1016 Core Rules Database Version : 9198 Trace Rules Database Version: 7010 Scan type : Complete Scan Total Scan Time : 01:12:58 Operating System Information Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 813 Memory threats detected : 0 Registry items scanned : 35050 Registry threats detected : 0 File items scanned : 86416 File threats detected : 0
  13. Same engine (5.5.1012), different definitions databases. No recent updates to application. Thoughts SAS?
  14. I noticed this morning that SAS ran significantly faster overnight, and the difference appears to be the number of registry items scanned (24234 vs. 35800 yesterday). This was a Complete scan mode. This is probably due to a definitions change, and possibly a change that was in error unless SAS can comment and say that it was intentional. AVG ran approximately the same amount of time and scanned the same amount of total entities as it did yesterday. There have been no changes to the machine in the past few weeks, nor was the machine rebooted, etc. There is no evidence of any issues on the computer at all. My guess is that there was an intentional or accidental change to the definitions. SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 08/31/2012 at 00:58 AM Application Version : 5.5.1012 Core Rules Database Version : 9157 Trace Rules Database Version: 6969 Scan type : Complete Scan Total Scan Time : 00:58:02 Operating System Information Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 849 Memory threats detected : 0 Registry items scanned : 24234 Registry threats detected : 0 File items scanned : 86489 File threats detected : 0 SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 08/30/2012 at 01:11 AM Application Version : 5.5.1012 Core Rules Database Version : 9149 Trace Rules Database Version: 6961 Scan type : Complete Scan Total Scan Time : 01:11:49 Operating System Information Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 858 Memory threats detected : 0 Registry items scanned : 35800 Registry threats detected : 0 File items scanned : 86859 File threats detected : 0
  15. Passes on AVG, MBAM and Virus Total reports 0/42. Definitely a false positive.
×
×
  • Create New...