Jump to content
Dabola

830 threats detected in files, 0 in reg./mem. Is it correct?

Recommended Posts

I have registered no problem with my pc. Today I updated SAS and after a complete scanning this morning SAS detected 822 file threats;

Generated 05/22/2008 at 09:54 AM

Application Version : 4.1.1046

Core Rules Database Version : 3466

Trace Rules Database Version: 1457

Scan type : Complete Scan

Total Scan Time : 00:27:49

Memory items scanned : 407

Memory threats detected : 0

Registry items scanned : 7426

Registry threats detected : 0

File items scanned : 26899

File threats detected : 822

12 days ago the logfile was like this;

Generated 05/10/2008 at 11:18 PM

Application Version : 3.9.1008

Core Rules Database Version : 3458

Trace Rules Database Version: 1449

Scan type : Complete Scan

Total Scan Time : 00:51:19

Memory items scanned : 422

Memory threats detected : 0

Registry items scanned : 7793

Registry threats detected : 0

File items scanned : 63128

File threats detected : 0

This might be caused by a false program yesterday. When I started AVG Anti Rootkit then Comodo Firewall registered that this exe generated several other exe in the program folder. Then I made a mistake; when I unistalled AVG Anti Rootkit then I allowd the uninstall program to "do the job". This was most probably the reason why I got infected. Don't you think the first thing I should do is to reinstall a security copy of my registerfiles made by http://www.larshederer.homepage.t-online.de/erunt yesterday morning? Then what next? Trust SAS and let it delete all the items?

Are all the detected files hidden? Among the 830 files the logfile show these;

Adware.AlfaCleaner

C:\WINDOWS\warnhp.html

Adware.ZToolbar

C:\WINDOWS\azesearch.bmp

C:\WINDOWS\system32\azebar.xml

C:\WINDOWS\Downloaded Program Files\azesearch.inf

Not the bitmap, neither the xml or the html flie are found by searching the folders, in explorer or by cmd.

Share this post


Link to post
Share on other sites

I uninstalled SAS and then reinstalled a security copy of my registerfiles as described above. After that I also reinstalled SAS and made a new search and the result became completely different. Only 7 cookies (Firefox) was found and detected as "file threats".

Fortunately this was a false alarm. I hope. And notice the benefit of making a complete copy of the register every morning by ERUNT. A fantastic software.

Share this post


Link to post
Share on other sites

There was no need for a registry backup - it simply was the fact that the kernel driver didn't start and you needed to reboot - was this on a FAT32 drive?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×