Dabola Posted May 22, 2008 I have registered no problem with my pc. Today I updated SAS and after a complete scanning this morning SAS detected 822 file threats; Generated 05/22/2008 at 09:54 AM Application Version : 4.1.1046 Core Rules Database Version : 3466 Trace Rules Database Version: 1457 Scan type : Complete Scan Total Scan Time : 00:27:49 Memory items scanned : 407 Memory threats detected : 0 Registry items scanned : 7426 Registry threats detected : 0 File items scanned : 26899 File threats detected : 822 12 days ago the logfile was like this; Generated 05/10/2008 at 11:18 PM Application Version : 3.9.1008 Core Rules Database Version : 3458 Trace Rules Database Version: 1449 Scan type : Complete Scan Total Scan Time : 00:51:19 Memory items scanned : 422 Memory threats detected : 0 Registry items scanned : 7793 Registry threats detected : 0 File items scanned : 63128 File threats detected : 0 This might be caused by a false program yesterday. When I started AVG Anti Rootkit then Comodo Firewall registered that this exe generated several other exe in the program folder. Then I made a mistake; when I unistalled AVG Anti Rootkit then I allowd the uninstall program to "do the job". This was most probably the reason why I got infected. Don't you think the first thing I should do is to reinstall a security copy of my registerfiles made by http://www.larshederer.homepage.t-online.de/erunt yesterday morning? Then what next? Trust SAS and let it delete all the items? Are all the detected files hidden? Among the 830 files the logfile show these; Adware.AlfaCleaner C:\WINDOWS\warnhp.html Adware.ZToolbar C:\WINDOWS\azesearch.bmp C:\WINDOWS\system32\azebar.xml C:\WINDOWS\Downloaded Program Files\azesearch.inf Not the bitmap, neither the xml or the html flie are found by searching the folders, in explorer or by cmd. Share this post Link to post Share on other sites
Dabola Posted May 22, 2008 I uninstalled SAS and then reinstalled a security copy of my registerfiles as described above. After that I also reinstalled SAS and made a new search and the result became completely different. Only 7 cookies (Firefox) was found and detected as "file threats". Fortunately this was a false alarm. I hope. And notice the benefit of making a complete copy of the register every morning by ERUNT. A fantastic software. Share this post Link to post Share on other sites
SUPERAntiSpy Posted May 22, 2008 There was no need for a registry backup - it simply was the fact that the kernel driver didn't start and you needed to reboot - was this on a FAT32 drive? Share this post Link to post Share on other sites
Dabola Posted May 24, 2008 No it was on a NTFS drive. Share this post Link to post Share on other sites