Jump to content


  • Content Count

  • Joined

  • Last visited

About Amethyst

  • Rank

Profile Information

  • Gender
    Not Telling
  1. I updated, am just running the scan again. So far, I still see the same detection there. Is this a case of SAS just not liking a reference to an .exe file in the Winlogon Shell? I had run a scan with SAS a day or so prior to installing the Oceanis software and there were no detections then. I am assuming it is the Oceanis software that SAS is taking issue with, although I did install other items as well. (Western Digital backup software, Kindle for Windows, and Sony Library.) I don't know if any of these would have made some change in this area of the registry that SAS didn't like, but I've had Kindle and Sony on an XP laptop for and the Western Digital software on an XP desktop for years, and SAS never had an issue with them. I filed a false positive report with my email address. I haven't heard from support, am wondering why not.
  2. This is the log: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 08/12/2013 at 08:47 PM Application Version : 5.6.1020 Core Rules Database Version : 10685 Trace Rules Database Version: 8497 Scan type : Quick Scan Total Scan Time : 00:08:56 Operating System Information Windows 7 Starter 32-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 736 Memory threats detected : 0 Registry items scanned : 30330 Registry threats detected : 1 File items scanned : 8334 File threats detected : 0 Malware.Trace HKU\S-1-5-21-282550803-664611072-3898706625-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL I had installed the Oceanus Change Background program from the first download button at this link: http://www.sevenforums.com/tutorials/47294-desktop-background-wallpaper-change-windows-7-starter.html I scanned the executable with SuperAntispyware, Malwarebytes, and my ESET Smart Security before running it. Also had it scanned at VirusTotal.com. Since that time, SuperAntispyware free has been giving me the above result. I looked at the registry and see there is an entry in the WinLogonShell on the right side to a file in C:\\Program Files\Oceanus\SystemSettings\WallpaperAgent.exe. I believe this is the registry change that SuperAntispyware is objecting to. I have uploaded WallpaperAgent.exe to VirusTotal.com and it scans clean. I submitted a False Positive report to SuperAntispyware from within the program about 3 days ago and have heard nothing back. The scan continues to report this as malware. The VirusTotal report is here: https://www.virustotal.com/en/file/5ab9fd8a4de15af60d8a0ef18b7f54e461bbd07565713fef89b4bdf7c6fa701f/analysis/1376362301/ Edited to add link to the VirusTotal report on the original executable that I downloaded to install the software: https://www.virustotal.com/en/file/6eea0ef951982ee0d1a27af87dc0c94bd449a471bd75b783d1271574328e33d2/analysis/1376019876/
  3. Can the SAS staff please explain whether or not there is a problem with System Requirements Lab software by Husdawg? In the past week or 2, I've had various components of this software flagged by SAS and only SAS as being malware. I submitted false positive reports on all of them and asked for some feedback. I have received none. (I think the procedure for reporting false positives through the program interface is terrific, but I would appreciate hearing back from the company, as I have requested. Other companies do provide the customer with the outcome of the false positive report, and I think it is essential that the customer have access to that information.) Some of the files have since no longer been detected as malware, but we're still down to 2 that are. They scan clean at virustotal.com, except for the SAS scanner. I have read that in 2008, there was a vulnerability created by System Requirements Lab, but that this has since been patched. Is there further information otherwise? I think I ended up with this on my system a little over a year ago when I was at the Intel website and allowed it to check for components and drivers that needed updating. Thanks!
  4. All fixed now, it's no longer detected. Thanks!
  5. Well, the submission method is the most user friendly of any product I've seen, so that's a plus. However, there are other companies that let you know that they've checked the product and what their findings were one way or the other. I've been waiting for nearly 48 hours now re a submission I put in and there have been 4 or 5 updates since then, so I don't know what is going on. As for companies not liking to admit to FP's...well, it happens to the best of them. We end users just need to be careful.
  6. I just asked a question in the False Positive section of the board re whether or not you notify people if the files they submit as false positives are actually truly malicious after all. I was told that normally that is not done. I was going to suggest that you do let the individuals know in such a case, or even if it will be corrected in the next update or something to that effect. I would also like to mention that I really like SAS's method of submission for possible false positives. Using the program itself to do this really makes the process very easy for the user, so thank you for that.
  7. OK, thanks. I do think, though, that it would be a good idea for the SAS developers to tell the person that the file has been checked and it is, indeed, malicious. (Something for the 'suggestions' section of the forum, I guess. )
  8. When one reports a false positive through the SAS program, one provides SAS with an e-mail address. Do the SAS staff notify the person submitting the file if SAS determines that the submission is not, in fact, a false positive?
  9. I've already filed a false positive report. I downloaded this GMER file from a link on the Malwarebytes forum and I've run it and everything is fine. (GMER didn't find any problems and the GMER program behaved as expected, not like malware.) I already had an older version of GMER ( my computer and SAS does not identify it as a problem. I checked the flagged file on Virus Total, and SAS is the only one that reports a problem. I'm just mentioning it in case anyone else runs into this issue and they're looking online for further information.
  10. For what it's worth, SAS successfully removed this same item from my laptop. Here's part of the log. Generated 06/06/2010 at 09:48 PM Application Version : 4.38.1004 Core Rules Database Version : 5039 Trace Rules Database Version: 2851 Scan type : Quick Scan Adware.Flash Tracking Cookie C:\Documents and Settings\Me\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8LYDBFKZ\MSNBCMEDIA.MSN.COM I'm running a 32 bit OS, Windows XP Pro SP3. I do find the reboot time a bit increased when SAS removes these flash cookies, but, to be honest, this is a subjective observation on my part, not anything I've actually measured. I just thought I would mention that this item was removed from my system without incident. It hasn't shown up again either.
  11. Just updated the affected computer's SAS definitions and scanned that one file. (I'll do the rest later, other people need to use that computer at the moment.) Looks like it's resolved now. Thanks so much, you guys are great!
  12. @Seth, My apologies. I should back away from the keyboard for a while, eh?
  13. @Superantispy, Thank you, and please forgive my impatience. I'll check again later this evening and post the results.
  14. Thanks for your response. I am baffled as to why a file scans as clean on one machine and a trojan on another when analysis by Virustotal and Jotti show the identical numbers. To me, other than the dates, they appear to be exactly the same. Can I expect an e-mail, and how long would that take? I filed a false positive report over 12 hours ago already, the signatures have been updated since, and I'm still getting the same scan result. This is a file I certainly don't feel I can easily quarantine, not without some consequences.
  • Create New...