Malware preventing update?

[Lan Moore]

Is this possible? A few days ago some kind of malware or something started to attack my computer trying to act like some kind of security scan, I was able to stop it before I finished but after it I was unable to update SuperAS and my yahoo can't connect to the internet either. It seems like both thing it's the firewall but the firewall does have them on the allow list, any advice or help or could it not be the malware?

[siliconman01]

Yes, it is very possible.

What version of SAS are you running? The latest version is 4.31.1000.

1. Close down SAS

2. Go to START>All Programs>SuperAntiSpyware and select "SuperAntiSpyware Alternate Start". This will start SAS under a different name to try to fool the malware.

3. Once SAS has started, try to run an update.

4. Run a full scan of your system and let it quarantine what it finds.

5. Then boot your computer into SAFE MODE and run another Complete Scan of your system with SAS. Let it quarantine what it finds.

6. Reboot back into Normal Mode

7. Run another update. Does it work now? If not, proceed to 8 below.

8. Go to the link below and download the special uninstaller for SAS. Save it on your desktop.

viewtopic.php?f=2&t=1453

9. Close down SAS

10. Run the special uninstaller SASUNINSTAL.EXE. It will reboot your computer.

11. Then re-install SAS. Be sure to re-install the latest version of SAS V4.31.1000.

Does the update now work?

[Lan Moore]

No the alternate start doesn't work, it's not just targeting SAS like I said, some reason Yahoo can't access either and maybe other programs but I'm not sure.

[siliconman01]

Can you run the SAS online scanner ?

https://www.superantispyware.com/onlinescan.html

Also what Windows operating system are you running?

[Lan Moore]

I'm running windows XP Professional version 2002 Service pack 3. I can only save the file because I'm running Firefox, I tried using internet explorer but IE isn't working, it says that it is probably the firewall but again, I had just told the firewall that it was safe after it prompted me but it still can't connect, chrome seems to work but won't let me just run it and Opera can't connect either.

[siliconman01]

Below is a link to a special removal tool named Combofix.exe. Follow the instructions on this website, download and run this tool.

http://www.bleepingcomputer.com/combofi ... e-combofix

IF you feel uncomfortable running Combofix.exe, it is best that you contact SAS customer support per the link below and let the SAS gurus work with you on this problem.

https://www.superantispyware.com/precreateticket.html

If you run Combofix.exe, post the Combofix log back here for review. Also try your browsers and see if they now work and let us know.

[Lan Moore]

[Lan Moore]

yahoo still can't seem to connect though...

[siliconman01]

Combofix.exe is finding two firewalls active

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

It is not good to have 2 firewalls active. Disable one or the other and see if you can connect to Yahoo. In the one that you keep active, be sure that it is not blocking Yahoo.

And you have 2 antivirus programs running active

You need to either remove COMODO Security Suite or remove ZoneAlarm & Avast.

AV: avast! antivirus 4.8.1351 [VPS 091130-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

Again it is not good to have 2 Antivirus programs active.

Also you should now delete Combofix from your computer.

1. Go to START>Run and type in Combofix /u (note the space before /u)

2. Click on OK and let Combofix remove itself.

[Lan Moore]

yes I added COMODO after every thing was being blocked just to make sure that it wasn't Zone Alarm, I deleted it last night every thing seems 100% again, some of my stuff was changed but nothing major, yahoo is working though and I think combofix is uninstalled now.

[siliconman01]

Very good.

You may want to check the built in Windows Firewall and make sure that it is not turned on. Most of the time when you uninstall third party firewalls, they will re-activate the Windows Firewall.

If the Combofix.exe icon is gone from your desktop, then Combofix uninstalled itself.