bawldiggle Posted September 25, 2014 I have just downloaded the portable version (random file-name) ... SAS_292D6.EXE- the first time in my 21 years of IT that a portable program comes as an EXE file- portables usually come as ZIP files- (I totally understand the random file name) When I dug around in SAS web-site I also found ... SUPERAntiSpyware.exe ... (incl opt out adware) In both instances the executables INSTALL ... they are not portableMy (virtual) registry is now full of "SuperAntiSpyware" My download PC is 32-bit but the sick PC is 64-bit (my only 64-bit) So considering my dilema how can I download and "extract" a 64 bit portable on a 32-bit machine, and hope it is portable I feel I have been duped ? Not impressed - I was referred to SuperAntiSpyware by sevenforums.com Share this post Link to post Share on other sites
bawldiggle Posted September 26, 2014 SuperAntiVirus registry entries after running alleged portable SAS.exe file Keys and Key-values left over after uninstalling SAS (with RevoUninstaller) * not detected by CCleaner (CCleaner only detected 3 of 10 leftovers) -----------* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SUPERAntiSpywareHKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICacheValueName: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeData:= SUPERAntiSpyware Application* HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache ValueName: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Data: SUPERSetup Uninstaller* HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache Value Name: = F:\SAS_292D6.EXE Data: SUPERAntiSpyware Free Edition Setup* HKEY_CURRENT_USER\Software\SUPERAntiSpyware.com* HKEY_USERS\S-1-5-21-823518204-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SUPERAntiSpywareHKEY_USERS\S-1-5-21-823518204-1390067357-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICacheValue Name:= C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeData:= SUPERAntiSpyware Application* HKEY_USERS\S-1-5-21-823518204-1390067357-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache Value Name:= C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Data:= SUPERSetup Uninstaller* HKEY_USERS\S-1-5-21-823518204-1390067357-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache Value Name: = F:\SAS_292D6.EXE Data: SUPERAntiSpyware Free Edition SetupHKEY_USERS\S-1-5-21-823518204-1390067357-839522115-1003\Software\SUPERAntiSpyware.com'==========Adds these to registry when run from "extracted" exe on thumb driveHKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.comHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SASDIFSV - plus 5 values, one of which refers to thumb drive \??\F:\SuperAntiSpyware_p2\SASDIFSV.SYS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SASKUTIL - plus 5 values, one of which refers to thumb drive \??\F:\SuperAntiSpyware_p2\SASDIFSV.SYSHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SASDIFSV - plus 5 values, one of which refers to thumb drive \??\F:\SuperAntiSpyware_p2\SASDIFSV.SYSHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SASKUTIL - plus 5 values, one of which refers to thumb drive \??\F:\SuperAntiSpyware_p2\SASKUTIL.SYSHKEY_USERS\S-1-5-21-823518204-1390067357-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICacheValue Name:= F:\SuperAntiSpyware_p2\SUPERAntiSpyware.exeData:= SUPERAntiSpyware ApplicationHKEY_USERS\S-1-5-21-823518204-1390067357-839522115-1003\Software\SUPERAntiSpyware.com---------------------------Error Opening Key---------------------------Cannot open SUPERAntiSpyware.com: Error while opening key.---------------------------OK How is this portable ? Share this post Link to post Share on other sites
SAS_Dave Posted September 26, 2014 Hi, Our intent with the free portable scanner was to create a solution to scan an infected PC that had a non-functioning Internet connection. It contains the latest version of our malware database embedded in the installer. The portability comes from having everything it needs included in the package (no updating required). It's not designed to leave no trace of itself; though uninstalling does a fairly complete job; HKEY_CURRENT_USER\Software\SUPERAntiSpyware.com should be removed on uninstall, we'll look into why that's not being removed. The other registry entries you listed after uninstalling are created by Windows/Explorer, not by SAS. It's not a supported or recommended method of execution to simply run the "extracted" program files without installing them. It will try to restore missing settings, etc. There are a lot of parts to our malware removal system and it doesn't lend itself well to a "hands off" approach. Sometimes the only way to oust insidious malware is to use similar (insidious) techniques like installing drivers, restarting, running a process at startup, etc. The product simply wouldn't be as effective otherwise. - Dave Share this post Link to post Share on other sites
Ultra Male Posted September 26, 2014 Can you please release a proper portable edition that: 1) adds no registry entries, just runs from the EXE 2) does not have the Google Chrome Spyware, after all, this is an Anti-Spyware program esepcially that I have paid for a lifetime license not because I ever need or ran the PRO version as I don't need it to be monitoring my system live but just out of support to SAS project, thus, I am a customer who payed for a program that has spyware bundled. I know Chrome is not literally spyware but let's say bundleware. Not accepted by a commercially paid program IMHO The reason I don't want to even install the free version anymore is that I have reported this issue many itmes before, but out of nowhere, Explorer.exe would crash randomly after having SAS installed and I feel it is because of those registry entries it adds, I know I can disable the right click contect menu options which I believe is the issue because Explorer.exe crashes randomly only upon a right click and my context menu is clean, but maybe it's those registry entries that are causing the issue so I would really appreciate a proper portable version. Share this post Link to post Share on other sites
