jbeekman Posted April 22, 2013 I tried to start WAMP, which I installed to use as a test bed for web development, and my live protection always flags the exe file (see pic). I tried the scan and it only, ever, shows adware stuff and never the exe it flagged. Also, restoring and then scanning also doesn't do me any good. No matter what I do it always flags the wamp exe as a trojan. Share this post Link to post Share on other sites
GuiltySpark Posted April 22, 2013 Hi jbeekman, Can you explain a little more as to why you can't use the inbuilt FP reporter. Share this post Link to post Share on other sites
jbeekman Posted April 22, 2013 Only the live resident flags it preventing me from loading the program into memory. It never actually shows up on the scan results. SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 04/22/2013 at 02:28 PM Application Version : 5.6.1014 Core Rules Database Version : 10296 Trace Rules Database Version: 8108 Scan type : Complete Scan Total Scan Time : 00:45:46 Operating System Information Professional 64-bit (Build 6.02.9200) UAC On - Limited User Memory items scanned : 843 Memory threats detected : 0 Registry items scanned : 72669 Registry threats detected : 0 File items scanned : 124901 File threats detected : 3 Adware.Tracking Cookie .imrworldwide.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .imrworldwide.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.gawker.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] Share this post Link to post Share on other sites
GuiltySpark Posted April 22, 2013 Only the live resident flags it preventing me from loading the program into memory. It never actually shows up on the scan results. In your pic above, there is a Real time detection shown, if you highlight that you should have the option to submit it as a FP. Share this post Link to post Share on other sites
SAS Customer Service Posted April 22, 2013 You can restore that item from quarantine, then run a complete scan and use the false positive reporter at the end of the scan. Share this post Link to post Share on other sites
jbeekman Posted April 23, 2013 I'll try again. A full system scan runs every morning at 3am. I'll check it again when I get up for classes. Considering that fact, it should of showed up for the last 2 days as I installed it Saturday, and ran it initially with no problems. Share this post Link to post Share on other sites
jbeekman Posted April 23, 2013 Here's the log from last night: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 04/23/2013 at 02:44 AM Application Version : 5.6.1014 Core Rules Database Version : 10299 Trace Rules Database Version: 8111 Scan type : Complete Scan Total Scan Time : 00:44:32 Operating System Information Professional 64-bit (Build 6.02.9200) UAC On - Limited User Memory items scanned : 836 Memory threats detected : 0 Registry items scanned : 72669 Registry threats detected : 0 File items scanned : 125336 File threats detected : 9 Adware.Tracking Cookie .imrworldwide.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .imrworldwide.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] track.gawker.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] mycounter.tinycounter.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] mycounter.tinycounter.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c.gigcount.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c.gigcount.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c.gigcount.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .c.gigcount.com [ C:\USERS\JARED\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] Here's a screen shot from a few seconds ago Share this post Link to post Share on other sites
SAS Customer Service Posted April 23, 2013 When an item is detected by real-time protection, it will be placed into quarantine. If you restore the item from quarantine and run a complete scan, it will be detected. If you've restored the item and it is no longer detected in a scan, it is likely that the false positive has already been corrected. Share this post Link to post Share on other sites
SChoeolpdeorn Posted April 30, 2013 Hi, I just read your topic about SAS detecting WAMP as a trojan, since I'm having the same problem. It seems you already solved that now, but even reading your posts I couldn't figure out how you reached the option to trust the program: Would you be so kind to explain how you managed to do it? Thanks a lot! Reply Report Share this post Link to post Share on other sites
jbeekman Posted April 30, 2013 I tried everything I could to auto-report it to no avail. I did, however, just right click the task bar icon, choose "view blocked spyware applications", highlighted Wamp, and allowed it. Share this post Link to post Share on other sites
jbeekman Posted April 30, 2013 When an item is detected by real-time protection, it will be placed into quarantine. If you restore the item from quarantine and run a complete scan, it will be detected. If you've restored the item and it is no longer detected in a scan, it is likely that the false positive has already been corrected. No, that didn't work, any of the several times I tried it. See my previous post for what I did do. Share this post Link to post Share on other sites
cover Posted May 3, 2013 What jbeekman describes is very much similar to my own experiences and this just started. I've had WAMP for some time now and in the past, there hasn't been a problem. Suddenly when I have 'real-time protection- on, it grabs the WAMP exe and places it in quarantine. With real-time protection unchecked, I can run a scan once the file is restored and nada - nothing irregular to report and it isn't picked up in a scan. Share this post Link to post Share on other sites
ParrotSlave Posted May 17, 2013 Mine automatically quarantined the objects, then, of course, there was no way to submit the files to SAS. However, I think I recall submitting these a long time ago, via the free version, from my old laptop. It finds Cyberlink's Power2Go files as trojans, Gen-Yodos--CLCLEANER2-POWER2GO_6.0-7.0.EXE, CLCLEANER2-POWER2GO_8.0.EXE, and CLCLEANER2-WAVEEDITOR_1.0-2.0.EXE. It also finds mp3DirectCut as a trojan, Gen-Small--MP3DIRECTCUT219.EXE, and it finds INSTALLER_EML_TO_PST_CONVERTER.EXE to be a trojan, Gen-Toggle. Norton does not think they are trojans, and Malwarebytes does not think so either. Cyberlink would probably be surprised. It also found one file in Chrome's cache, APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_00148D, which was puzzling. Again, neither Malwarebytes nor Norton thought anything was wrong with the file. Share this post Link to post Share on other sites