Jump to content
CdnGhost

SAS can get infected, too

Recommended Posts

Adware tracking cookies anyone can live with but when SAS itself becomes infected, it kind of trips your safeties.

For weeks SAS has been updating itself with the fingerprints of Trojans and Rootkits, twice a day, every day, and it simply never occurred to me that SAS could become infected by those items it didn't know about ... yet. Last night, however, SAS became infected with a Trojan and merrily began reproducing itself. After 4 versions showed up down in my system tray, I had just enough presence of mind left to completely remove SAS from my system. Currently, I'm running Malwarebyte's Anti-Malware as a replacement for the major infections and ATF Cleaner for TIF's, Temps and Cookies. In a few days, assuming no one else has this problem, I'll reinstall SAS. If nothing else, it's faster.

My last installation of Windows XP Professional OEM SP3 ran perfectly for over three years but, because I was rushed and didn't do a complete scan of my system, it was removed from existance on April 30, 2010. The installation I'm running now isn't quite as good as the first was, largely because I was STUPID enough to not make a copy of the 2nd Edition of Microsoft Windows XP Professional OEM SP4 (in 64-bit), and am now tweaking a 1st Edition of Microsoft Windows XP Professional OEM SP4 (in 64-bit).

As the late Robert Anson Heinlein so adroitly put the matter, "Live and learn, or you don't live long." The thought applies equally well to life in general as it does to computers.

Share this post


Link to post
Share on other sites

Adware tracking cookies anyone can live with but when SAS itself becomes infected, it kind of trips your safeties.

For weeks SAS has been updating itself with the fingerprints of Trojans and Rootkits, twice a day, every day, and it simply never occurred to me that SAS could become infected by those items it didn't know about ... yet. Last night, however, SAS became infected with a Trojan and merrily began reproducing itself. After 4 versions showed up down in my system tray, I had just enough presence of mind left to completely remove SAS from my system. Currently, I'm running Malwarebyte's Anti-Malware as a replacement for the major infections and ATF Cleaner for TIF's, Temps and Cookies. In a few days, assuming no one else has this problem, I'll reinstall SAS. If nothing else, it's faster.

My last installation of Windows XP Professional OEM SP3 ran perfectly for over three years but, because I was rushed and didn't do a complete scan of my system, it was removed from existance on April 30, 2010. The installation I'm running now isn't quite as good as the first was, largely because I was STUPID enough to not make a copy of the 2nd Edition of Microsoft Windows XP Professional OEM SP4 (in 64-bit), and am now tweaking a 1st Edition of Microsoft Windows XP Professional OEM SP4 (in 64-bit).

As the late Robert Anson Heinlein so adroitly put the matter, "Live and learn, or you don't live long." The thought applies equally well to life in general as it does to computers.

Why would you believe SAS is infected? What exactly showed you this? If it's a trojan that writes over files, then SAS wasn't infected, it simply replaced our file with itself - this can happen to any piece of software.

Share this post


Link to post
Share on other sites

Why would you believe SAS is infected? What exactly showed you this? If it's a trojan that writes over files, then SAS wasn't infected, it simply replaced our file with itself - this can happen to any piece of software.

Because for each of the copies, an earlier date appeared when I moused over each of the system tray icons.

Further, neither Malwarebytes Anti-Malware (Full Scan of all drives) nor Avast! 5.0 (Full Scan of all drives) had found anything amiss.

Today, I re-installed SAS and attempted to run a full scan of all drives. The only drive to be cleared of infection was my Windows O/S drive. My two Data Drives, which contain only data, stopped SAS in its tracks.

What would you suggest?

Share this post


Link to post
Share on other sites

Because for each of the copies, an earlier date appeared when I moused over each of the system tray icons.

Further, neither Malwarebytes Anti-Malware (Full Scan of all drives) nor Avast! 5.0 (Full Scan of all drives) had found anything amiss.

Today, I re-installed SAS and attempted to run a full scan of all drives. The only drive to be cleared of infection was my Windows O/S drive. My two Data Drives, which contain only data, stopped SAS in its tracks.

What would you suggest?

Why do you think there in an infection, what has been detected and by what software? You aren't posting any facts here, you are making claims but we need facts and something to go on - just saying a data drive is infected and stopped SAS in it's tracks gives us nothing to help you with - a data drive can't "stop SAS in its tracks". Can you provide some more information?

Share this post


Link to post
Share on other sites

Why do you think there in an infection, what has been detected and by what software? You aren't posting any facts here, you are making claims but we need facts and something to go on - just saying a data drive is infected and stopped SAS in it's tracks gives us nothing to help you with - a data drive can't "stop SAS in its tracks". Can you provide some more information?

My apologies, sir, but I don't know what information you require.

What I do know is that when I instructed SAS to scan my "D" drive, a panel appeared instructing me that SAS had encountered a problem and needed to file a report. As a means of notifying me of the results of the contents of the report I was asked to supply my email address (which I did) and click "Submit Report". That panel then vanished only to be replaced with a second, smaller, panel asking me if I wished to contiue or terminate the scan. Having encountered these two panels before I know that it makes no difference whether you click "Yes" or "No", SAS terminates the scan and its icon vanishes from the system tray.

Would it be helpful to you were I to make edited screenshots of these two panels?

I have since then run complete CHKDSK's of both of my data drives and both drives have come up clean, i.e., no *.CHK files were created nor is any data missing. Further, defragmentation of either drive is neither required nor recommended by Windows.

My objective is to burn to DVD the contents of both drives. Thus far, however, though I have conducted all of the recommended tasks, I am still unable to do so.

Share this post


Link to post
Share on other sites

My apologies, sir, but I don't know what information you require.

What I do know is that when I instructed SAS to scan my "D" drive, a panel appeared instructing me that SAS had encountered a problem and needed to file a report. As a means of notifying me of the results of the contents of the report I was asked to supply my email address (which I did) and click "Submit Report". That panel then vanished only to be replaced with a second, smaller, panel asking me if I wished to contiue or terminate the scan. Having encountered these two panels before I know that it makes no difference whether you click "Yes" or "No", SAS terminates the scan and its icon vanishes from the system tray.

Would it be helpful to you were I to make edited screenshots of these two panels?

I have since then run complete CHKDSK's of both of my data drives and both drives have come up clean, i.e., no *.CHK files were created nor is any data missing. Further, defragmentation of either drive is neither required nor recommended by Windows.

My objective is to burn to DVD the contents of both drives. Thus far, however, though I have conducted all of the recommended tasks, I am still unable to do so.

Ok, now we're getting somewhere - you don't have any infection. Are you running version 4.41.1000 of SUPERAntiSpyware?

Share this post


Link to post
Share on other sites

Ok, now we're getting somewhere - you don't have any infection. Are you running version 4.41.1000 of SUPERAntiSpyware?

Yes, however the following may or may not be germane.

On May 7, 2009 I purchased SUPERAnti-Spyware Professional as I had had the wherewithall at that time to do so. What I hadn't known (then) was that only the automatic updating process had to be renewed each year. Is this correct?

If it is, then by simply entering my registration code I should regain SAS Pro but without the automatic update feature. Would that account for the phantom SAS in my system tray?

Share this post


Link to post
Share on other sites

I've just spent the last four hours scanning selective files on D drive and believe I've found the problem. You were quite correct in your assessment; the problem wasn't an infection of SAS.

I've also purchased a Lifetime version of SAS Pro. Now all I have to do is figure out how to configure SAS to ignore any file which begins with "Xandros".

Xandros is my Master O/S while Windows XP Pro only thinks it's the Master because it can't "see" Xandros. Xandros (a Linux-based system), however, "sees" everything.

My thanks to you and your patience with me.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...