Lan Moore Posted November 30, 2009 Is this possible? A few days ago some kind of malware or something started to attack my computer trying to act like some kind of security scan, I was able to stop it before I finished but after it I was unable to update SuperAS and my yahoo can't connect to the internet either. It seems like both thing it's the firewall but the firewall does have them on the allow list, any advice or help or could it not be the malware? Share this post Link to post Share on other sites
siliconman01 Posted November 30, 2009 Yes, it is very possible. What version of SAS are you running? The latest version is 4.31.1000. 1. Close down SAS 2. Go to START>All Programs>SuperAntiSpyware and select "SuperAntiSpyware Alternate Start". This will start SAS under a different name to try to fool the malware. 3. Once SAS has started, try to run an update. 4. Run a full scan of your system and let it quarantine what it finds. 5. Then boot your computer into SAFE MODE and run another Complete Scan of your system with SAS. Let it quarantine what it finds. 6. Reboot back into Normal Mode 7. Run another update. Does it work now? If not, proceed to 8 below. 8. Go to the link below and download the special uninstaller for SAS. Save it on your desktop. viewtopic.php?f=2&t=1453 9. Close down SAS 10. Run the special uninstaller SASUNINSTAL.EXE. It will reboot your computer. 11. Then re-install SAS. Be sure to re-install the latest version of SAS V4.31.1000. Does the update now work? Share this post Link to post Share on other sites
Lan Moore Posted November 30, 2009 No the alternate start doesn't work, it's not just targeting SAS like I said, some reason Yahoo can't access either and maybe other programs but I'm not sure. Share this post Link to post Share on other sites
siliconman01 Posted November 30, 2009 Can you run the SAS online scanner ? https://www.superantispyware.com/onlinescan.html Also what Windows operating system are you running? Share this post Link to post Share on other sites
Lan Moore Posted November 30, 2009 I'm running windows XP Professional version 2002 Service pack 3. I can only save the file because I'm running Firefox, I tried using internet explorer but IE isn't working, it says that it is probably the firewall but again, I had just told the firewall that it was safe after it prompted me but it still can't connect, chrome seems to work but won't let me just run it and Opera can't connect either. Share this post Link to post Share on other sites
siliconman01 Posted November 30, 2009 Below is a link to a special removal tool named Combofix.exe. Follow the instructions on this website, download and run this tool. http://www.bleepingcomputer.com/combofi ... e-combofix IF you feel uncomfortable running Combofix.exe, it is best that you contact SAS customer support per the link below and let the SAS gurus work with you on this problem. https://www.superantispyware.com/precreateticket.html If you run Combofix.exe, post the Combofix log back here for review. Also try your browsers and see if they now work and let us know. Share this post Link to post Share on other sites
Lan Moore Posted December 1, 2009 yahoo still can't seem to connect though... Share this post Link to post Share on other sites
siliconman01 Posted December 1, 2009 Combofix.exe is finding two firewalls active FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} It is not good to have 2 firewalls active. Disable one or the other and see if you can connect to Yahoo. In the one that you keep active, be sure that it is not blocking Yahoo. And you have 2 antivirus programs running active You need to either remove COMODO Security Suite or remove ZoneAlarm & Avast. AV: avast! antivirus 4.8.1351 [VPS 091130-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} Again it is not good to have 2 Antivirus programs active. Also you should now delete Combofix from your computer. 1. Go to START>Run and type in Combofix /u (note the space before /u) 2. Click on OK and let Combofix remove itself. Share this post Link to post Share on other sites
Lan Moore Posted December 1, 2009 yes I added COMODO after every thing was being blocked just to make sure that it wasn't Zone Alarm, I deleted it last night every thing seems 100% again, some of my stuff was changed but nothing major, yahoo is working though and I think combofix is uninstalled now. Share this post Link to post Share on other sites
siliconman01 Posted December 2, 2009 Very good. You may want to check the built in Windows Firewall and make sure that it is not turned on. Most of the time when you uninstall third party firewalls, they will re-activate the Windows Firewall. If the Combofix.exe icon is gone from your desktop, then Combofix uninstalled itself. Share this post Link to post Share on other sites