Jump to content
Sign in to follow this  
clasys

SuperAntiSpyware caught in infinite loop

Recommended Posts

New to this forum, but an otherwise advanced user.

I am running the latest SUPERAntiSpyware Free Edition 5.0.0.1118 updated about an hour ago. [if it matters, it was an update past an install at .1116.]

The computer has multiple partitions. Running a complete scan it asks me to include/exclude drives by letter.

I am running Windows XP from drive G: and when I choose drive C: the program gets into an infinite loop accessing something on drive C:. The screen allows me to expand some found cookies on the screen, press the pause and stop and cancel buttons, but the program cannot exit. Using the task manager, I had to cancel the main process to get out of it and usage was at 100 percent with most of it in SuperAntiSpyware.exe

When I exclude drive C: all is fine. When I exclude all but drive C: it hangs.

Windows CHKDSK C: indicates there are no problems on drive C:. I assume that if it was stuck on any particular file with a physical disk problem the program would get an error [but I will run one of those longer scans to prove the entire file system can be read, but it will take awhile; the drive is many tens of GB.]

I haven't tried it yet from a bootup to drive C: [the G: system is a maintenance system; this is a dual-boot system], but I figure that running it from the drive that it could hang on would only make any possible troubleshooting even harder.

I can make an image backup of drive C: and selectively kill it [as long as I don't destroy boot.ini, NTLDR, etc. so that the basic ability to boot is maintained] if anyone has any sane suggestions as to what to do, etc.

Any help appreciated.

cjl

Share this post


Link to post
Share on other sites

New to this forum, but an otherwise advanced user.

I am running the latest SUPERAntiSpyware Free Edition 5.0.0.1118 updated about an hour ago. [if it matters, it was an update past an install at .1116.]

The computer has multiple partitions. Running a complete scan it asks me to include/exclude drives by letter.

I am running Windows XP from drive G: and when I choose drive C: the program gets into an infinite loop accessing something on drive C:. The screen allows me to expand some found cookies on the screen, press the pause and stop and cancel buttons, but the program cannot exit. Using the task manager, I had to cancel the main process to get out of it and usage was at 100 percent with most of it in SuperAntiSpyware.exe

When I exclude drive C: all is fine. When I exclude all but drive C: it hangs.

Windows CHKDSK C: indicates there are no problems on drive C:. I assume that if it was stuck on any particular file with a physical disk problem the program would get an error [but I will run one of those longer scans to prove the entire file system can be read, but it will take awhile; the drive is many tens of GB.]

I haven't tried it yet from a bootup to drive C: [the G: system is a maintenance system; this is a dual-boot system], but I figure that running it from the drive that it could hang on would only make any possible troubleshooting even harder.

I can make an image backup of drive C: and selectively kill it [as long as I don't destroy boot.ini, NTLDR, etc. so that the basic ability to boot is maintained] if anyone has any sane suggestions as to what to do, etc.

Any help appreciated.

cjl

How long did you let it run? Did you change any of the default scanning options?

Share this post


Link to post
Share on other sites

Does it always hang on the same file?

Try disabling "scan inside Zip..." and see if that helps.

Share this post


Link to post
Share on other sites

How long did you let it run? Did you change any of the default scanning options?

I didn't change anything else on the scan options. It should have taken say about 45 minutes or so. The screen was hung on the same file [a desktop shortcut to a valid directory on another drive].

I stopped it after something like three hours. It was keeping time fine, but hung and there was all that CPU usage which is abnormal.

cjl

Share this post


Link to post
Share on other sites

Regarding .zip files:

I checked and there are only 17 very small .zip files on the entire C: drive. [The general idea is there are no data files to speak of on C:, rather they are on data drives D: and up, other than G: which is another operating system. In the past this has allowed SuperAntiSpyware to find malware on the C: drive that would otherwise make it impossible to use, much less run any form of scan from. [superAntiSpyware and MBAM have rescued me many times from scareware and related. When you can scan from another operating system you can break the stranglehold the malware has on the C: system that got there when C: was booted to, and then afterwards you can boot well enough to C: to perform more normal antimalware scan to get rid of all of the nasty bits left. I often have rescued people's machines by this trick of installing another operating system in the highest partition [often after resizing the other partitions to make some room for this minimal system for maintenance purposes only, etc.]

Also, it just finished the full scan checking for errors on C: and there aren't any. Also, other anti-malware programs run in the precise configuration [from G:] are not having any problems. [i still have a few others to run, including MBAM, but so far other than this problem, so good.] [The reason I am doing this at all is because C: was hit by a scareware sometime back, and I decided to put the G: maintenance system up on my own machine and here I am. I believe the registry on C: may be broken, but that wouldn't apply here. I want to clean C: up and then reinstall it, etc.

But in theory, no file on the C: drive should "confuse" SuperAntiSpyware to the point that it hangs like this, correct?

cjl

Share this post


Link to post
Share on other sites
I often have rescued people's machines by this trick of installing another operating system in the highest partition [often after resizing the other partitions to make some room for this minimal system for maintenance purposes only, etc.]

Just a side note:

For that situation, I wouldn't run the risk of resizing partitions or taking the time to install another OS. I prefer to just slave the drive or run a bootable antimalware program.

Share this post


Link to post
Share on other sites

Just a side note:

For that situation, I wouldn't run the risk of resizing partitions or taking the time to install another OS. I prefer to just slave the drive or run a bootable antimalware program.

Resizing partitions is usually not a problem. The malware doesn't destroy the filesystem integrity generally, just bad contents of perfectly readable [and detectable] files. [And of course I can make an image backup beforehand.]

Depending on the specifics, it's often hard to find good enough utilities to get rid of some of the malware out there, and in some cases, it's not all that easy to take the hard disk out, but I agree with you that works if plausible.

More importantly, I came here to report, and your hunch paid off!

I noticed after I got superantispyware.exe to finally let go, sascore.exe is still running. I got the notion [probably correct] that the screen, no longer updating [the rotating scanning graphic stops rotating] perhaps indicates this is the correct directory, but not the correct file. [in this case the desktop directory of the usual user profile on the C: drive.] I attempted to move all of the files out of that directory, and one was unable to be moved; it was definitely still "belonging" to sascore.exe and it *is* a .zip file. The task manager cancelling sascore.exe released the file and I was able to move it off the drive [and I also rebooted just in case].

I got a lot further this time, but ultimately it hung again. This time, it was actually the same file [a copy]. I am a beta tester on an app that can create snapshot files that are actually .zip but without the .zip extension. The one on the desktop was a copy I renamed to .tcs.zip [it was a .tcs] and was able to open it with PowerArchiver without a complaint [more below]. The second hang was on the .tcs original same file I had copied and renamed from, etc.

Repeating the whole scan with both copies removed and all is fine!

However, about the .zip file:

It clearly is defective in that PowerArchiver shows different files within from what it dearchives. I have alerted the programmer about this, so eventually it should get fixed. However, my point is that SuperAntiSpyware's algoritmn to inspect archives is apparently deficient as it got into the hard loop instead of just giving up. It ought not to happen that way regardless of the file's content. An appropriate error message, yes, but not a hang!

If anyone is interested, I can post the relevant file here; I need whatever minimal guidance to do so as I am new to this forum [with really great members! Thanks!].

cjl

Share this post


Link to post
Share on other sites

I have been working with Don Fowler, and we were able to reproduce the problem in the SuperAntiSpyware development area. It has been isolated to a logic error and will be fixed in a forthcoming release. Thanks to all who helped get rid of this minor nuisance.

cjl

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...