Jump to content

sandybeach

Members
  • Content Count

    11
  • Joined

  • Last visited

About sandybeach

  • Rank
    Member
  1. core 4951 trace 7467 During a full scan, for the first time, SAS found & listed trojan dropper/svchost fake. found in: c:\program files\malwarebytes anti-malware\chameleon\svchost.exe I suspected a F.P. so didn't delete or quarantine it. Contacted MBAM forums and got confirmed that the above is one of several legit, similar files under chameleon. You may view post & reply at: http://forums.malwar...howtopic=119739 Thanks for your time & attention! Happy Holidays to all !! Sandy PS: Both you guys must be using the same forum software....I could only sign in & type into Topic Title, NOT able to type into main post box, with my old Sea Monkey 1.1.19 here either . Seems strange to this old dinosaur. I hear the La Brea Tar Pits Calling....LOL!! S
  2. sandybeach

    Newest Vers. Doesn't Find EICAR & Troj.Siml.

    Thanks For That, Don! Good to Know! Guess I'll check it out further (likely download fresh)!! Keep the Faith!! Sandy
  3. sandybeach

    Newest Vers. Doesn't Find EICAR & Troj.Siml.

    Thanks for your reply, nighthawkext! I have SAS set to "Report Only" in all scan modes as far as I know. That's my standard for scanners in case of False Positives. NOTE: SAS has been VERY GOOD about NOT finding FPs! (Take THAT AVG!!! LOL!) Would that rule change over ride those settings & remove in the background anyway?? Mind you my VIPRE A/V did report (under errors) that some of the EICARS & TS's were "corrupt" in latest scans which had me wondering.... Perhaps I should delete current & download fresh copies. Thanks for re-assurance re new updating & older OS's !! Thanks for your time & wisdom! Sandy
  4. Running Win XP Home SP2 on HP Laptop. Have had SAS Personal installed from new w/ various newer versions installed. Al versions in the past have always been able to find my multiple copies of EICAR V1 & V2 plus 2 copies (1 zipped) of Misec's Trojan Simulator. Nicely indicated EICAR "not a threat" & listed Troj. Simulator (TSServ) as unknown. This is how I check that my protectors are not corrupt & working properly. Of course I leave check boxes unchecked so they'll be found again on next full scan. Yesterday, I chose to update the SAS program to latest version via updater online rather than to download full version, uninstall older & run SAS un-installer & then start from scratch as I have in the past. ALL active protection was disabled during this process and seemed to install without problem. Next full scan SAS found a pair of notify -disabled but completely MISSED EICAR & TSServ.exe . Can anyone tell me why?? ALSO: Will older versions of SAS (say 4.3x 4.5x) still be able to update using older built in updater after v.5 arrives?? I suspect older OS's won't get on w/ v.5? Thanks for your replies! Sandy
  5. sandybeach

    SAS NOT Updating Defs on Both Desktops

    Just an Update to inform those interested. I have un-installed my reverted version, run Removal Tool, run CCleaner, rebooted & then proceeded to install current new version of SAS Free v.4.39.1002. All of this proceeded without any warnings etc. Successful. The new version is doing it's manual updating in the normal fashion without problem. Last v. wouldn't. Thank you! However, the same apparent separation of updating each user desktop continues as before requiring updating each individually for both to show current Core & trace. During this install, I pointedly left both desktops "live" (courtesy of fast user switching in XP Pro) which in the past I haven't, keeping only mine live during installs. Made no difference apparently. Perhaps during next new version, I'll try downloading & saving the new version to the "Shared folder" and run install from there rather than my current habit of downloading to my "my docs" and launching from there. Might make a difference? I can only wonder. Thanks for reading. Sandy
  6. sandybeach

    SAS NOT Updating Defs on Both Desktops

    Well... If no one seems to have any ideas re this story, then at least can someone tell me about the following: Since the 2 SAS's seem somewhat separated, When I run complete scan from her desktop (with OLD core & trace showing) is it using newer C&T from my updated desktop or the ones she's showing? Is it in fact scanning her docs etc plus ALL of mine? Or Conversely, when I run full scan from mine (wth new C&T), are ALL Her files also being scanned or only the ones in common, by-passing her settings & documents? These questions seem silly as all should be scanned & both should be using the newest C&T but since hers doesn't see them, I wonder...Sandy
  7. HP dc5100 MT/ intel p4/3.2mhz/915GV motherboard/160G HD/2 Gig RAM/48x32 CDRW/DVDROM/. Win 32 Bit XP PRO SP1/sun Java 1.4.2_19 w/ Sea Monkey 1.1.19 w/NoScript/Rising v.10 FreeAV/FreeSAS/FreeMBAM/ Foxit Reader/CCleaner/Wired D-Link Router/ Cable Modem Internet 485 kps./ERUNT back up for registry.jv16 Power Tools. 2 Users w/ 1 desktop Profile each. Currently using SAS v. 4.37.100 which has generally worked fine. Have reverted back to this after many re&re of v.4.38.1004 which would hang both program & machine while in mid manual update after install. Only Task Mgr could stop (as set).Until now have always used the full un-install/SAS removal tool/CCleaner/reboot/install new version/reboot & then update method. 4.38.1004 was first try at over writing during install. Also tried my normal method for this but results same over 4 installs/reinstalls. Don't mind waiting for next version fixes. SAS set for all users (hers & mine) but updating normally done thru my desktop profile (by manual) daily. I just noticed (for the first time in years of use) that after updating SAS via my desktop, that the new defs (core & trace) are not recorded/shown as current if I switch users and open SAS via her desktop. Last I looked, her GUI showed defs about 2 months old v/s my current ones. It's as if her SAS is separate from mine on this machine. If I update via hers, hers will show new core & trace #'s. Any ideas why? Not sure, but don't believe this was the case over several previous versions. Thanks for your thoughts! Sandy ?
  8. sandybeach

    Possible False Positive? Rootkit.ITGRD ENGINE

    Hi Again!! After updating to todays definitions & restoring the 2 suspect items & doing "complete scan" of both drives, SAS no longer pops the 2 items. It did find my 2 trojan simulators from Misec (Trojan Hunter) which I keep to re-assure myself that A/S programs are scanning effectively. So I conclude that all is now well!! All other scans are also clean.Thanks for your time & attention ! Sandy
  9. sandybeach

    Possible False Positive? Rootkit.ITGRD ENGINE

    One further question/ confirmation after reading instructions: "The item must be detected during the scan, not in quarantine." So I should restore these files to original location from quarantine first Sorry but I have never had to submit such for any program in the past so want to do it right! Thanks! Sandy
  10. sandybeach

    Possible False Positive? Rootkit.ITGRD ENGINE

    Thanks for the quick reply! Will do!!
  11. Hi! New Member, 1ST post. SAS current v.4.26.1006 current defs. For first time in several months & versions, SAS popped : Rootkit.ITGRD ENGINE in an 8 year old file which it has scanned at least a dozen times before without a finding anything. This is an old version 1 of Broderbund Family Tree Maker. The program WAS accessed by "other user" 1 day before SAS scan. Found in: 1) F:\Program Files\Broderbund\cie2000\sapisupp.dll 2) " " \new folder\Broderbund\cie2000\sapisupp.dll I have successfully quarantined both items but am suspicious as the program is v.1 which came with 1 spyware which Spybot took out upon original install and has been fine ever since. v.2 (2005 or 6? ) has more & more complicated spyware so have refused install of the newer version as banking is done on this machine. I suppose last contact might have put this in BUT it hasn't tried in last 7 years & I would have expected my current AVIRA Anti-Vir to have caught it if it did try . What think Ye o Wizards of Sleuth? Thanks Sandy.
×