Jump to content
phier

Rogue.SecurityEssentials2010

Recommended Posts

I'm using SUPERAntiSpyware Free Edition. Today (8/27/2010) I loaded the latest program update (4.42.1000) and definitions update (core:5416, trace:3228). When I ran a complete scan as I always do, thousands of files on my C: drive and elsewhere were flagged under the category Rogue.SecurityEssentials2010. I unchecked all but one file before continuing, and sure enough it deleted that one file (a program I use daily). If I would have left all of these checked, literally most or all of my C: drive would have been quarantined.

This is not right obviously...any suggestions?

Thanks.

Share this post


Link to post
Share on other sites

I am having the same problem. I've reached about 30,000 scanned, and SAS is telling me that over half of them are infected with Rogue.SecurityEssentials2010. This feels like the McAfee snafu a few months back. From reading a few other spots on these forums, it's pretty widespread to anyone who has updated to this version.

Share this post


Link to post
Share on other sites

Thank you for reporting this issue, and thank you for your patience. Please update your SUPERAntiSpyware definition databases to at least Core version 5417 (or greater) and these false positive detections should be resolved. The issue is related to a transitory problem we were having with the definition database, and not the recent 4.42 product update that just came out yesterday.

Geoff

I am having the same problem. I've reached about 30,000 scanned, and SAS is telling me that over half of them are infected with Rogue.SecurityEssentials2010. This feels like the McAfee snafu a few months back. From reading a few other spots on these forums, it's pretty widespread to anyone who has updated to this version.

Share this post


Link to post
Share on other sites

Thank you for reporting this issue, and thank you for your patience. Please update your SUPERAntiSpyware definition databases to at least Core version 5417 (or greater) and these false positive detections should be resolved. The issue is related to a transitory problem we were having with the definition database, and not the recent 4.42 product update that just came out yesterday.

Geoff

Thanks for the prompt response. I knew it wasn't an issue with the 4.42 update, since the version I'm currently running is 4.41. I just ran an update and started the scan over again. So far, so good. It's not showing every .dll and .exe file as infected.

Thanks again!!! If only every company was as on top of the situation as you guys!

Share this post


Link to post
Share on other sites

I couldn't upload the log file the first time because it was too big (1 MB!). I've attached a version of the log file with certain sections removed. Note that programs like MS Office, Adobe Acrobat, Symantec Anti-virus, etc were flagged for removal!

I'm using SUPERAntiSpyware Free Edition. Today (8/27/2010) I loaded the latest program update (4.42.1000) and definitions update (core:5416, trace:3228). When I ran a complete scan as I always do, thousands of files on my C: drive and elsewhere were flagged under the category Rogue.SecurityEssentials2010. I unchecked all but one file before continuing, and sure enough it deleted that one file (a program I use daily). If I would have left all of these checked, literally most or all of my C: drive would have been quarantined.

This is not right obviously...any suggestions?

Thanks.

SUPERAntiSpyware Scan Log - 08-27-2010 - 12-57-52.txt

Share this post


Link to post
Share on other sites

Well, we certainly appreciate you reporting here about the issue, and then reporting back on the result! We absolutely try to be as careful as is possible with our malware detections and we strive for zero false positives, of course. I apologize personally to the users affected by this update.

Geoff

Thanks for the prompt response. I knew it wasn't an issue with the 4.42 update, since the version I'm currently running is 4.41. I just ran an update and started the scan over again. So far, so good. It's not showing every .dll and .exe file as infected.

Thanks again!!! If only every company was as on top of the situation as you guys!

Share this post


Link to post
Share on other sites

I had this same problem and so unticked the box with the 1000's of files (or so I thought)leaving it to delete just 4 tracking cookies. However it proceeded to delet all the files. My PC still runs but I have lots of problems with programs that I use. Even Superantispyware won't run anymore. I restored the PC to an earlier date on 3 ocassions but it is no better. The main warning is about certain files not being a valid Windows image. I did a repair installation of Windows XP - but the problems remain. Can anyone help? Is there an easy way to resolve this - to take all these files back out of quarantine...even though I can't access Superantispyware?

I can't even instal AVG anymore as the security centre believes I have another program installed (which I don't as this was trashed and I uninstalled it anyway. So - I really don't want to have to re-format. Can anyone help?

Thanks

Mark

Share this post


Link to post
Share on other sites

I too started having problems last night after I noticed that both the AVG tray icon and the SuperAntispyware icon were missing from my tray. I tried to run SuperAntispyware, and it would not launch. I tried running it in 'safe' mode, and it started coming up with thousands of infected files. I closed that down and ran the free version of SuperAntispyware from your web site, and it only came up with 7 tracking cookles, which were quarantined. The problem now is that I cannot launch SuperAntispyware Professional in order to update to the latest version/core. How do I get the program to respond again and get my tray icons back?

Share this post


Link to post
Share on other sites

I too started having problems last night after I noticed that both the AVG tray icon and the SuperAntispyware icon were missing from my tray. I tried to run SuperAntispyware, and it would not launch. I tried running it in 'safe' mode, and it started coming up with thousands of infected files. I closed that down and ran the free version of SuperAntispyware from your web site, and it only came up with 7 tracking cookles, which were quarantined. The problem now is that I cannot launch SuperAntispyware Professional in order to update to the latest version/core. How do I get the program to respond again and get my tray icons back?

OK, I managed to get the newest definitions downloaded directly from the web site, and I ran a scan and nothing came up. But I still need to know how to get all my icons back in the system tray. Any suggestions? Thanks.

Share this post


Link to post
Share on other sites

OK, I managed to get the newest definitions downloaded directly from the web site, and I ran a scan and nothing came up. But I still need to know how to get all my icons back in the system tray. Any suggestions? Thanks.

I finally just installed AVG and SAS again, and, now I have my icons back. The reason I have SAS is to keep things like this from happening. How stupid that it cause the same problem it is supposed to be protecting me from.

Share this post


Link to post
Share on other sites

Okay, so I'm the idiot that didn't look at the list of files to be quarantined and 30 minutes later 7232 files (applications) have all been deleted from my system. This is worse that ANY virus or malware my system has ever picked up.

What's my next step? I have the data files backed up.

Share this post


Link to post
Share on other sites

Okay, so I'm the idiot that didn't look at the list of files to be quarantined and 30 minutes later 7232 files (applications) have all been deleted from my system. This is worse that ANY virus or malware my system has ever picked up.

What's my next step? I have the data files backed up.

Restore the quarantine from the date effected eg: the 27th of august.

Share this post


Link to post
Share on other sites

Hi,

I'm trying to help a friend who's laptop was also a victim of this update (I think it was SAS core:5416). He went ahead and removed everything that got detected, and thousands of exe's and dll's got quarantined, including those of SUPERAntiSpyware. When attempting to run SAS via the only icons left for it (in the programs menu > SUPERAntiSpyware > SUPERAntiSpyware repair) we are getting this error:

Error 1904. Module C:\Program Files\SUPERAntiSpyware\SASSSH.DLL failed to register. HRESULT -2147024770. Contact you support personnel.

post-12746-075995100 1288733379_thumb.jpg

I assume that I need to be able to somehow get SAS to run in order to try to restore these thousands of false positive detections from the quarantine, and that this would be my best chance of repairing the laptop.

Share this post


Link to post
Share on other sites

Hello lanshark.

From the SAS folder, do you have the option for a SuperAntiSpyware alternate start? Give that a go if you do.

Another possibility would be to remove SAS using Add/Remove Programs. You'll get the option to keep the quarantined files on removal. On the re-install, those quarantined files should still be there. However, I suggest you don't take this step until you get a second opinion.

Share this post


Link to post
Share on other sites

Hello lanshark.

From the SAS folder, do you have the option for a SuperAntiSpyware alternate start? Give that a go if you do.

Another possibility would be to remove SAS using Add/Remove Programs. You'll get the option to keep the quarantined files on removal. On the re-install, those quarantined files should still be there. However, I suggest you don't take this step until you get a second opinion.

Hey Seth,

I was able to get access again by installing that major version of SAS on another computer (that never had SAS on it) and copying over the files missing in the affected PC's SAS program files folder. However, after restoring all of the false positive detections the affected computer was no longer able to boot, and I had to format and re-install Windows.

Thanks for your help, regardless.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×