Thailand_for_YOU Posted October 19, 2009 Hello, I have scanned and quarantined the following threats several times. I was requested to reboot, and after each reboot the same threats were detected again and again. Here is the log: -- SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 10/19/2009 at 03:20 PM Application Version : 4.29.1004 Core Rules Database Version : 4172 Trace Rules Database Version: 2093 Scan type : Quick Scan Total Scan Time : 00:29:25 Memory items scanned : 645 Memory threats detected : 0 Registry items scanned : 599 Registry threats detected : 3 File items scanned : 17743 File threats detected : 0 Adware.Vundo Variant HKCR\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF} HKCR\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32 HKCR\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID --- Please advise what to do. Share this post Link to post Share on other sites
siliconman01 Posted October 19, 2009 See my post in the link below: viewtopic.php?f=2&t=3531 Share this post Link to post Share on other sites
Thailand_for_YOU Posted October 19, 2009 In the post you're referred to, you wrote: "All indications are that this "may be" a false positive." That well may be, but why it's impossible one and for all to quarantine these threats? Furthermore, I tried to submit a Customer Service Report (also several times) and every time it failed due some problem with diagnostics - was not able to finish it. The error is as following: -- Microsoft Visual C++ Runtime Library Runtime Error! Program: C:\Program Files\Internet Explorer\iexplore.exe This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information. -- That's why I decided to turn to the forum. Still do not know what to do. Share this post Link to post Share on other sites
siliconman01 Posted October 20, 2009 What Windows operating system are you running (including service pack)? Share this post Link to post Share on other sites
Thailand_for_YOU Posted October 20, 2009 I run Win XP Pro SP3 and IE v.8. Share this post Link to post Share on other sites
siliconman01 Posted October 20, 2009 In the post you're referred to, you wrote: "All indications are that this "may be" a false positive." That well may be, but why it's impossible one and for all to quarantine these threats? Possible reason 1: These keys are being restored by some program that you have on your system. In other words, SAS quarantines them and they promptly get restored by program X. Possible reason 2: The keys' security permissions is set to a setting that SAS cannot override. SAS fails to remove them because of their security setting in the registry. Furthermore, I tried to submit a Customer Service Report (also several times) and every time it failed due some problem with diagnostics - was not able to finish it. The error is as following:-- Microsoft Visual C++ Runtime Library Runtime Error! Program: C:\Program Files\Internet Explorer\iexplore.exe This application has requested the Runtime to terminate it in an unusual way. This is typically not a problem on the SAS CSR website, but is a problem with IE8. If you have the Google toolbar in IE8, try removing it via Add or Remove Programs in the Control Panel. This toolbar has been known to cause the above problem. Be sure that IE8 is closed down when you do the removal....and reboot after you do the removal. Then see if you can submit a SAS CSR. If the above does not work, close down IE8 and go to Control Panel>Internet Options>Advanced tab and RESET the Internet Explorer settings by click on the RESET hot key under "Reset Internet Explorer settings". Confirm and let it reset the settings. If neither of the above work, reload Microsoft Visual C++ 2008 Redistributable Package (x86)http://www.microsoft.com/downloads/details.aspx?familyid=9B2DA534-3E03-4391-8A4D-074B9F2BC1BF&displaylang=en Share this post Link to post Share on other sites
Thailand_for_YOU Posted October 20, 2009 I performed a scan today - no threats were detected (to my amazement). In reply to your previous post: I have no Google Toolbar installed. I downloaded and repaired Microsoft Visual C++ 2008, as you suggested, but still can't complete diagnostics (same result). Share this post Link to post Share on other sites
siliconman01 Posted October 20, 2009 In the link below, it describes how to start IE8 without any add-ons running. Start IE8 without any add-ons and see if you can submit a SAS CSR. http://www.nirmaltv.com/2009/04/28/how- ... t-add-ons/ If you can, then it means that one of the add-ons is causing the problem. It is now just a matter of finding which one. I suspect that the registry detections were a false positive and SAS corrected it. Also did you try ? If the above does not work, close down IE8 and go to Control Panel>Internet Options>Advanced tab and RESET the Internet Explorer settings by click on the RESET hot key under "Reset Internet Explorer settings". Confirm and let it reset the settings. Share this post Link to post Share on other sites
