Pelo Posted April 23, 2011 Good evening everyone. I ran Malwarebytes and found about 11 viruses that SUPER didn't find, and I was wondering where I would submit these. I've attached the viruses that were detected. (Click to enlarge) ~Pelo Share this post Link to post Share on other sites
siliconman01 Posted April 23, 2011 See the link below for the SAS submission tool. https://forums.superantispyware.com/index.php?/topic/2814-submitting-samples-to-superantispyware/ Share this post Link to post Share on other sites
Pelo Posted April 23, 2011 See the link below for the SAS submission tool. https://forums.superantispyware.com/index.php?/topic/2814-submitting-samples-to-superantispyware/ Thanks for that, but some of the files have the status "File Not Found". Specific files listed below: (Trojan.Dropper files) C:\Users\[user]\AppData\Local\Temp\0.03195716095141843.exe C:\Users\[user]\AppData\Local\Temp\0.04553341046753401.exe C:\Users\[user]\AppData\Local\Temp\0.5132570670080816.exe C:\Users\[user]\AppData\Local\Temp\0.9817938091132591.exe (Hijack.ExeFile file) HKEY_CLASSES_ROOT\.exe\shell\open\command | (default) (Trojan.Agent files) HKEY_CURRENT\USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | Load HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} What should I do? Share this post Link to post Share on other sites
siliconman01 Posted April 24, 2011 (Hijack.ExeFile file)HKEY_CLASSES_ROOT\.exe\shell\open\command | (default) (Trojan.Agent files) HKEY_CURRENT\USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | Load HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} The above are system registry values. You will not be able to submit them via the SAS sample submit tool. C:\Users\[user]\AppData\Local\Temp\0.03195716095141843.exeC:\Users\[user]\AppData\Local\Temp\0.04553341046753401.exe C:\Users\[user]\AppData\Local\Temp\0.5132570670080816.exe C:\Users\[user]\AppData\Local\Temp\0.9817938091132591.exe Do you have the option selected in Windows 7 to show all files, folders, and unhide Protected Operating System files? Please perform the procedure below and then see if you find the above files. http://www.sevenforums.com/tutorials/394-hidden-files-folders-show-hide.html If they are still not found, then they no longer exist on your disk. They are in a Temp folder which means they may be transient based on a specific program running. Share this post Link to post Share on other sites
Pelo Posted April 24, 2011 The above are system registry values. You will not be able to submit them via the SAS sample submit tool. Curses. There must be another way... Do you have the option selected in Windows 7 to show all files, folders, and unhide Protected Operating System files? Please perform the procedure below and then see if you find the above files.http://www.sevenforums.com/tutorials/394-hidden-files-folders-show-hide.html If they are still not found, then they no longer exist on your disk. They are in a Temp folder which means they may be transient based on a specific program running. Thing is I'm running Vista. Plus I restored the files from Malware's quarantine and watched them reappear. Strange this is they shared the same folder with another random number exe file. Share this post Link to post Share on other sites
siliconman01 Posted April 25, 2011 You could submit a Customer Support Request and submit the registry keys. https://www.superantispyware.com/precreateticket.html Below is how to show hidden files and folders in Vista http://www.bleepingcomputer.com/tutorials/tutorial130.html Share this post Link to post Share on other sites
SAS Customer Service Posted April 25, 2011 You could submit a Customer Support Request and submit the registry keys. https://www.superantispyware.com/precreateticket.html Below is how to show hidden files and folders in Vista http://www.bleepingcomputer.com/tutorials/tutorial130.html Perfect! We will get a diagnostic Share this post Link to post Share on other sites
Pelo Posted April 25, 2011 You could submit a Customer Support Request and submit the registry keys. Perfect! We will get a diagnostic I've submitted to the customer support. Here's hoping it works out. Thanks for all your help! Share this post Link to post Share on other sites