aardvark_65 Posted February 8, 2011 Hi, I've just installed SuperAntiSpyware free edition 4.48.1000. I did a complete scan while using Safe Mode of Win XP Pro SP3, and it detected a few things. I clicked on "explain detected item", but found I needed an internet connection, which I didn't have at the time. I rebooted into "normal" mode and restarted SuperAntiSpyware, but I couldn't find a way to "call up" the results of the previous scan so I could look at "explain detected item". I didn't quarantine any of the detected items. Is there any way to do this, i.e. get some details about the results of a previous scan, without having to redo the scan? Or alternatively, what is the web address of where "explain detected item" gets its information from? I had a look around www.superantispyware.com but couldn't find it. I did a general Google search on one of the detected items, but got confusing results - some results said it was legitimate software, others said it was a virus/trojan/whatever Share this post Link to post Share on other sites
siliconman01 Posted February 8, 2011 Is there any way to do this, i.e. get some details about the results of a previous scan, without having to redo the scan? No, there is not. The scan log is stored in .txt format with no active links. You will need to perform a rescan. You could also post the scan log back here and let us take a look at it to see what files are being flagged as malicious. Share this post Link to post Share on other sites
aardvark_65 Posted February 8, 2011 You could also post the scan log back here and let us take a look at it to see what files are being flagged as malicious. Thanks. Log follows: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 02/07/2011 at 11:11 PM Application Version : 4.48.1000 Core Rules Database Version : 6350 Trace Rules Database Version: 4162 Scan type : Complete Scan Total Scan Time : 01:37:34 Memory items scanned : 226 Memory threats detected : 0 Registry items scanned : 8333 Registry threats detected : 29 File items scanned : 36074 File threats detected : 14 Application.Oreans32 HKLM\System\ControlSet001\Services\oreans32 C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS HKLM\System\ControlSet001\Enum\Root\LEGACY_oreans32 HKLM\System\ControlSet002\Services\oreans32 HKLM\System\ControlSet002\Enum\Root\LEGACY_oreans32 HKLM\System\CurrentControlSet\Services\oreans32 HKLM\System\CurrentControlSet\Enum\Root\LEGACY_oreans32 Unclassified.Oreans32 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance Trojan.Agent/Gen-Krpytik C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFBMP.DLL C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFCUR.DLL C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFDLL.DLL C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFICO.DLL C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFIFF.DLL C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFMAC.DLL C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFOS2.DLL C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFWMF.DLL C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFXPM.DLL C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICUBMAP.DLL Trojan.Agent/Gen-Falcomp[Cont] C:\486 BACKUPS\COMPAQ\C_DRIVE\WINDOWS\SYSTEM\ETEXCH32.DLL Trojan.Agent/Gen-FakeAlert[Local] C:\DATA\DOWNLOAD\DVD EDITORS\X\EXE\DVDISO\MUXMAN.EXE C:\DATA\DOWNLOAD\TOUCH 2\X\BIN\SH.EXE Share this post Link to post Share on other sites
siliconman01 Posted February 8, 2011 I think that you have a series of False Positives. I recommend that you create a Customer Support Ticket and let the SAS gurus diagnose this. All the registry detections (Oreans32) look like False Positives. The only files that are possibly not False Positives are: C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFBMP.DLLC:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFCUR.DLL C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFDLL.DLL C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFICO.DLL C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFIFF.DLL C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFMAC.DLL C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFOS2.DLL C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFWMF.DLL C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICFXPM.DLL C:\486 BACKUPS\COMPAQ\C_DRIVE\UTILS\ICE411\ICUBMAP.DLL Below is the CSR link. https://www.superantispyware.com/precreateticket.html You could also run the detected files through VirusTotal and see what other scanners say about them. http://www.virustotal.com/ Share this post Link to post Share on other sites