Jump to content
Sign in to follow this  
SurpaTurbo

Big Time False-Positive report

Recommended Posts

Not sure if this is where the post should be, but I've been using SAS for years now and I've never had a real problem with it until now. It's reporting various files such as

C:\WINDOWS\SYSTEM32\JAVA.EXE

C:\PROGRAM FILES\WINRAR\UNINSTALL.EXE

and other non-virus, normal operating files as being viruses, trojans and the like for a total of 987 "threats" detected.

I had this happen yesterday and thought maybe I had gotten a crazy virus on the system. I reformated and reinstalled my entire computer, and SAS is still saying all of those files are viruses/etc. I haven't really been anywhere or installed anything out of the norm since the reformat, so I don't know what's going on. Thanks for any help you guys may have. I have a log file from SAS but can't upload it.

Share this post


Link to post
Share on other sites

Welcome to the SAS forum SurpaTurbo.

Here are some possibilities, other than actual false positives.

1) The system is infected with malware that is affecting .exe files (such as Virut). I know you formatted, but did you also install a program or backup from another source (such as a USB stick or CD)? It's possible that one of those sources may have transferred an infection.

2) SAS and another application are conflicting. Does SAS pick up the .exe files in a scan from Safe Mode?

Why are you unable to upload the rest of the log? Is it because it's too large? If so, the first "page" of it will suffice.

Do any other scanners report infections? You could also try uploading some of the reported files here: http://virusscan.jotti.org/en

Let's see how the above goes, before I suggest a Customer Support Request (CSR).

Share this post


Link to post
Share on other sites

Welcome to the SAS forum SurpaTurbo.

Here are some possibilities, other than actual false positives.

1) The system is infected with malware that is affecting .exe files (such as Virut). I know you formatted, but did you also install a program or backup from another source (such as a USB stick or CD)? It's possible that one of those sources may have transferred an infection.

2) SAS and another application are conflicting. Does SAS pick up the .exe files in a scan from Safe Mode?

Why are you unable to upload the rest of the log? Is it because it's too large? If so, the first "page" of it will suffice.

Do any other scanners report infections? You could also try uploading some of the reported files here: http://virusscan.jotti.org/en

Let's see how the above goes, before I suggest a Customer Support Request (CSR).

Thanks for the response Seth!

1) I have a Western Digital external hard drive with all my saved programs (Real Player, Quicktime, Winrar, etc.). Other than the install CD's that's the only device connected (I'll check it to make sure it's clean). I did install Firefox and some of its plug-ins, and got the latest version of DivX also. That's about it for internet browsing before I scanned with SAS, getting the same results as before.

2) Yes, did a safe mode scan and the files were detected there too (though only 919 files in Safe Mode).

The site is telling me "Error: You aren't permitted to upload this kind of file". It's just a plain doc file, but here's the first part of the doc file:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 07/11/2010 at 07:11 PM

Application Version : 3.7.1018

Core Rules Database Version : 5183

Trace Rules Database Version: 2995

Scan type : Complete Scan

Total Scan Time : 00:43:30

Memory items scanned : 436

Memory threats detected : 28

Registry items scanned : 3498

Registry threats detected : 62

File items scanned : 17050

File threats detected : 987

Trojan.Agent/Gen-CDesc[Micronly]

C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SPKRMON.EXE

C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SPKRMON.EXE

HKLM\System\ControlSet001\Services\SASDIFSV

C:\PROGRAM FILES\SUPERANTISPYWARE\SASDIFSV.SYS

HKLM\System\ControlSet001\Services\SASKUTIL

C:\PROGRAM FILES\SUPERANTISPYWARE\SASKUTIL.SYS

HKLM\System\ControlSet001\Services\spkrmon

HKLM\System\ControlSet002\Services\spkrmon

HKLM\System\CurrentControlSet\Services\SASDIFSV

HKLM\System\CurrentControlSet\Services\SASKUTIL

HKLM\System\CurrentControlSet\Services\spkrmon

C:\DELL\DRIVERS\R81063\SPKRMON.EXE

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\DIVX\RUNASUSER\RUNASUSERPROCESS.DLL

C:\PROGRAM FILES\COMBINED COMMUNITY CODEC PACK\SETTINGS.EXE

C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\COMBINED COMMUNITY CODEC PACK\SETTINGS.LNK

C:\PROGRAM FILES\COMBINED COMMUNITY CODEC PACK\UNINSTALL.EXE

C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\COMBINED COMMUNITY CODEC PACK\UNINSTALL.LNK

C:\PROGRAM FILES\ADOBE\READER 8.0\READER\VIEWERPS.DLL

C:\PROGRAM FILES\ANY DVD CONVERTER PROFESSIONAL\CODECS\XANLIB.DLL

C:\PROGRAM FILES\COMMON FILES\DIVX SHARED\QT4.5\PLUGINS\CODECS\QCNCODECS4.DLL

C:\PROGRAM FILES\COMMON FILES\DIVX SHARED\QT4.5\PLUGINS\CODECS\QKRCODECS4.DLL

C:\PROGRAM FILES\COMMON FILES\DIVX SHARED\QT4.5\PLUGINS\IMAGEFORMATS\QGIF4.DLL

C:\PROGRAM FILES\COMMON FILES\DIVX SHARED\QT4.5\PLUGINS\IMAGEFORMATS\QICO4.DLL

C:\PROGRAM FILES\COMMON FILES\DIVX SHARED\QT4.5\PLUGINS\IMAGEFORMATS\QJPEG4.DLL

C:\PROGRAM FILES\COMMON FILES\DIVX SHARED\QT4.5\PLUGINS\IMAGEFORMATS\QSVG4.DLL

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\MSOWS409.DLL

C:\PROGRAM FILES\DIVX\DIVX UPDATE\DIVXUPDATECHECK.DLL

C:\PROGRAM FILES\JAVA\J2RE1.4.2_03\BIN\JPICOM32.DLL

C:\PROGRAM FILES\JAVA\J2RE1.4.2_03\BIN\JPISHARE.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\CONVERTER\PRODUCER\TOOLS\AUDIODELAYCOMP.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\CONVERTER\PRODUCER\TOOLS\AUDIOFMTCONVERTER.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\CONVERTER\PRODUCER\TOOLS\MEDIASINK.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\CONVERTER\PRODUCER\TOOLS\MPEG4AUDIOPACKETIZER.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\CONVERTER\PRODUCER\TOOLS\QTREADER.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\CONVERTER\PRODUCER\TOOLS\RMSESSIONFORMAT.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\CONVERTER\PRODUCER\TOOLS\RNAUDIOCODEC.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\CONVERTER\PRODUCER\TOOLS\RNAUDIOPACKETIZER.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\CONVERTER\PRODUCER\TOOLS\RNVIDEOCODEC.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\CONVERTER\PRODUCER\TOOLS\RNVIDEOPACKETIZER.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\CONVERTER\PRODUCER\TOOLS\VIDEOCOLORCONVERTER.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\HXAUDIODEVICEHOOK.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\PRODUCER\TOOLS\AUDIODELAYCOMP.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\PRODUCER\TOOLS\AUDIOFMTCONVERTER.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\PRODUCER\TOOLS\MEDIASINK.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\PRODUCER\TOOLS\QTREADER.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\PRODUCER\TOOLS\RMSESSIONFORMAT.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\PRODUCER\TOOLS\RNAUDIOCODEC.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\PRODUCER\TOOLS\RNAUDIOPACKETIZER.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\PRODUCER\TOOLS\RNVIDEOCODEC.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\PRODUCER\TOOLS\RNVIDEOPACKETIZER.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\PRODUCER\TOOLS\VIDEOCOLORCONVERTER.DLL

C:\PROGRAM FILES\REAL\REALPLAYER\PRODUCER\TOOLS\VIDEORESIZER.DLL

C:\PROGRAM FILES\SHAREAZA\PLUGINS\GFLIMAGESERVICES.DLL

C:\PROGRAM FILES\SHAREAZA\PLUGINS\GFLLIBRARYBUILDER.DLL

C:\PROGRAM FILES\SHAREAZA\PLUGINS\MEDIAIMAGESERVICES.DLL

C:\PROGRAM FILES\SHAREAZA\PLUGINS\MEDIALIBRARYBUILDER.DLL

C:\PROGRAM FILES\SHAREAZA\ZLIBWAPI.DLL

C:\PROGRAM FILES\VIDEOLAN\VLC\VLC.EXE

C:\PROGRAM FILES\WINRAR\RAREXT64.DLL

C:\PROGRAM FILES\WINRAR\RAREXTLOADER.EXE

C:\PROGRAM FILES\WINRAR\UNINSTALL.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{1A4E4E8B-3011-4568-B373-22ED104BE10C}\RP2\A0000240.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{1A4E4E8B-3011-4568-B373-22ED104BE10C}\RP2\A0000248.DLL

Anyway, thanks for your help so far.

Share this post


Link to post
Share on other sites

You're welcome.

I'm now convinced that your external drive is infected, or you picked up an infection with the internet installs (most likely the former).

Where are you getting SAS from? The log shows you're using an extremely old version. Please upgrade SAS to the latest version (V4.40) by right clicking on the beetle icon and choosing check for updates. Given that your version of SAS is so old, it may not load the newest version. If that's the case, you would need to uninstall SAS and download it from www.superantispyware.com. Then scan all partitions on the drive and include the external drive in the scan.

Also, it seems like you tried to upload the SAS scan log to Jotti's, instead of some of the files that SAS found. Here are two files from the log that I would upload to Jotti's:

C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SPKRMON.EXE

C:\PROGRAM FILES\COMBINED COMMUNITY CODEC PACK\UNINSTALL.EXE

Share this post


Link to post
Share on other sites

Where are you getting SAS from? The log shows you're using an extremely old version. Please upgrade SAS to the latest version (V4.40) by right clicking on the beetle icon and choosing check for updates. Given that your version of SAS is so old, it may not load the newest version. If that's the case, you would need to uninstall SAS and download it from www.superantispyware.com. Then scan all partitions on the drive and include the external drive in the scan.

I think you just fixed the problem! The older version was from my aforementioned external drive, and after installing the newest version it scanned everything fine with no files reported. The computer and browser never acted like they normally would when infected, so I figured it was just a funny problem with SAS. Thanks for all the help Seth!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...