km2013 Report post Posted May 26, 2013 After updating the database definitions and running SAS tonight, it is now detecting superantispyware.exe as the trojan gen-zbot, twice, with two seperate icons, and also another file. The pathnames it's detecting are copied below from the log. C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXEC:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXEC:\Windows\Prefetch\SUPERANTISPYWARE.EXE-D7978FB2.pf I've run Avast and that finds nothing, I've also run Malwarebyte Anti-Malware and that detects nothing. If it was a different file I'd think it was a false-positive, but as it's the SAS exe itself, I'm concerned that it's not a false positive. Any suggestions? Share this post Link to post Share on other sites
GuiltySpark Report post Posted May 26, 2013 What version SAS are you running ? Is this 64bit or 32bit ? Share this post Link to post Share on other sites
km2013 Report post Posted May 26, 2013 I'm running on XP. How can I tell whether it's 32 or 64 bit that I'm running? I'm assuming 32 bit but not sure. Share this post Link to post Share on other sites
GuiltySpark Report post Posted May 26, 2013 How much RAM ? What version of SAS ? Share this post Link to post Share on other sites
km2013 Report post Posted May 26, 2013 SAS = 5.6.1020 Memory = 2gb Share this post Link to post Share on other sites
GuiltySpark Report post Posted May 26, 2013 I'm guessing it's 32 bit as 64 bit XP machines are rare. Although 2 Gigs Ram is a waste in XP 32 bit, as it doesn't use more than 1 Gig. Try the 32 bit Uninstaller here : https://www.superantispyware.com/supportfaqdisplay.html?faq=47 Then re-install SAS and run a scan to see if it clears things up. Share this post Link to post Share on other sites
km2013 Report post Posted May 26, 2013 Okay cheers, thanks. Will try that in the morning and see if that clears things up.Do you think it could be a Trojan/infected then? Share this post Link to post Share on other sites
GuiltySpark Report post Posted May 26, 2013 I don't think so. It's more than likely a loose file that's not been removed/rewritten during the update. If it was an infection it's likely that either Avast or MBAM would've detected it as well. Also if you haven't already, try re-starting your computer (sometimes a reboot works wonders). Share this post Link to post Share on other sites
Madeline Report post Posted May 27, 2013 This appears to be a False Positive.I've posted about it appearing on my laptop, along with another allegedly infected file, during an SAS scan earlier today.. Other people seem to be getting this FP too, have a look at the following thread in the FP forum: https://forums.superantispyware.com/index.php?/topic/7429-trojanagentgen-zbot Share this post Link to post Share on other sites
GuiltySpark Report post Posted May 27, 2013 Have seen those Madeline and reported them in but cannot do anything at this stage until the next batch of def updates are released. Just FYI Share this post Link to post Share on other sites
KarenLee Report post Posted May 28, 2013 I also got what appears to be a False Positive. I ran SAS and it picked up a CRITICAL THREAT, i.e. Trojan.Agent/Gen-Zbot C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE C:\WINDOWS\Prefetch\SUPERANTISPYWARE.EXE-07994D9B.pf When removed, it also removed SAS, which I was unable to reinstall from the site. I have the professional version of SAS and it is updated and a scan is run daily. I did a system restore to the previous day, which allowed me to re-install SAS, only to have it detect the same 'Critical Threat." Share this post Link to post Share on other sites
GuiltySpark Report post Posted May 28, 2013 Please update the latest definitions. Share this post Link to post Share on other sites
KarenLee Report post Posted May 28, 2013 TY...done and much better. Share this post Link to post Share on other sites
Madeline Report post Posted May 29, 2013 Have seen those Madeline and reported them in but cannot do anything at this stage until the next batch of def updates are released. Just FYI Thanks GuiltySpark. All's well now since recent updates. Madeline Share this post Link to post Share on other sites
Bubbajoe Report post Posted May 30, 2013 I'm guessing it's 32 bit as 64 bit XP machines are rare. Although 2 Gigs Ram is a waste in XP 32 bit, as it doesn't use more than 1 Gig..... Wrong.... Share this post Link to post Share on other sites
GuiltySpark Report post Posted May 30, 2013 Which part ? Share this post Link to post Share on other sites
Bubbajoe Report post Posted May 30, 2013 Although 2 Gigs Ram is a waste in XP 32 bit, as it doesn't use more than 1 Gig. Sorry, this part ^^^^ Share this post Link to post Share on other sites
GuiltySpark Report post Posted May 30, 2013 Statement is correct. On what basis do you suggest its wrong? Share this post Link to post Share on other sites
DooGie Report post Posted May 30, 2013 GuiltySpark.I agree with Bubbajoe. 32-bit Windows has an address space of 4GB. Part of that is used by system BIOSes and graphics memory. With a 256MB graphics card about 3.3-3.5GB of RAM can be addressed and used, assuming you have 4GB fitted. If you fit a graphics card with 1GB of memory only about 2.6-2.8GB of the RAM would be addressable and usable. Share this post Link to post Share on other sites
GuiltySpark Report post Posted May 30, 2013 Doogie, You're confusing hardware with software. The amount of RAM usable by a MOBO for example will allow for however much it is designed to cope with, this can be anything from 1Gig+ depending on manufacturers spec. The software however, dictates how much RAM can actually be used with the OS. In this case (XP) the OS will run on 64MB (recommended) but a max of just under 1Gig (in a 32bit version of XP) any more does become wasted. Share this post Link to post Share on other sites
DooGie Report post Posted May 31, 2013 All I was saying is that maximum supported memory by XP x86 is 4GB, not t hat it uses 4GB. As per the table half way down this page http://msdn.microsoft.com/en-us/library/aa366778%28v=vs.85%29.aspx#physical_memory_limits_windows_xp Share this post Link to post Share on other sites
