Question about SAS Popup Notification

[Diane P.]

I use ighome.com as my home page. This AM i received the notice of "heuristic.backdoor.process". As recommended, I ran a complete scan and SAS came up with 14 cookies and nothing else. The browser I was using was Opera, the latest version. So, I opened Firefox to the same homepage and nothing popped up. I tried Google Chrome and nothing popped up either.

I looked at the scan log and it showed  the heuristic.backdoor. process located at C:\users\....\appdata\local\temp\explorer.exe. I looked in that folder and interestingly enough, I found an "Opera Crash report" for today at the same time I rec'd the SAS popup. I opened the crash report and it was empty. There's nothing else in the users folder with today's date and time. I ran scans with the other security software on my system and found nothing.

I am not smart enough to know if this is an anomaly of some sort or should further steps be taken? I would be more concerned if my other browsers behaved the same way, but they didn't. Thanks

[SUPERsupport]

Hello Diane,

Thank you for contacting us, what software alerted you to this "heuristic.backdoor.process"? If it was SUPERAntiSpyware, please post the scan log you mentioned that showed the infection.

You can find your scan logs in this directory:
C:\Users\”USERNAME”\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs

You'll need to replace "USERNAME" with your Windows user name.

[Diane P.]

It was SAS that alerted me to the issue.....log attached. BTW, I haven't had the message since. The Opera crash was at 815 AM; the log was completed a few minutes after. I can't but help think the two are related. 

D.

SUPERAntiSpyware Scan Log - 11-08-2017 - 08-21-06.log

[SUPERsupport]

Unfortunately the scan log you provided just shows cookies, is there another scan log that shows the detection? If not, I would just not worry about it until you see the detection pop-up again. If you can, take a screenshot of the message you see informing you of the attack.

▷ How to take a screenshot

[Diane P.]

This is the actual scan log taken from SAS software itself. I looked in SAS Quarantine and it shows the following: C:\users\DMP\appdata\local\temp\temp\explorer.exe. I do not know how to send a quarantined file. SAS software warns me not to restore it. Interestingly, I looked in the C:\users\DMP\appdata\local\temp\temp\explorer.exe again, and I see another Opera crash report, that was originally timed at 8:15AM, now timed at 12:42 PM, just few minutes ago.

 

SUPERAntiSpyware Scan Log
https://www.superantispyware.com

Generated 11/08/2017 at 08:21 AM

Application Version : 6.0.1250
Database Version : 14111

Scan type       : Complete Scan
Total Scan Time : 00:09:20

Operating System Information
Windows 10 Professional 64-bit (Build 10.00.16299)
UAC On - Limited User

Memory items scanned      : 978
Memory items detected   : 0
Registry items scanned    : 62130
Registry items detected : 0
File items scanned        : 32066
File items detected     : 14

Adware.Tracking Cookie
    .doubleclick.net\test_cookie [ C:\USERS\DMP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    c.speedtest.net\spc1|.doubleclick.net|$|IDE [ C:\USERS\DMP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .maxmind.com\__cfduid [ C:\USERS\DMP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .iasds01.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]
    .iasds01.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]
    .scorecardresearch.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]
    .scorecardresearch.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]
    .agkn.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]
    .adaptv.advertising.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]
    .agkn.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]
    .spotxchange.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ]

============
 End of Log 
============

[SUPERsupport]

It was in the quarantine then, it looks like the issues resolved as SUPERAntiSpywares Real-Time Protection grabbed it and dealt with it.

No further steps need to be taken

[Diane P.]

Note the sentence I just added...the Opera crash report from this AM @8:15AM is now timed at 1242PM. This must somehow have to do with Opera, I think.  Opera doesn't crash on me though. Thanks for your help.

Diane P.

[SUPERsupport]

If you need assistance with Opera crashing or questions regarding Opera Web Browser I would contact Opera. The malware that detected by Real-Time Protection and quarantined has probably nothing to do with Operas software since it was found in C:\users\DMP\appdata\local\temp\temp\ which is a temp folder, not an Opera specific folder.

If you open Opera, does the issue become detected again by SUPERAntiSpywares real-time protection?