Diane P. Posted November 8, 2017 I use ighome.com as my home page. This AM i received the notice of "heuristic.backdoor.process". As recommended, I ran a complete scan and SAS came up with 14 cookies and nothing else. The browser I was using was Opera, the latest version. So, I opened Firefox to the same homepage and nothing popped up. I tried Google Chrome and nothing popped up either. I looked at the scan log and it showed the heuristic.backdoor. process located at C:\users\....\appdata\local\temp\explorer.exe. I looked in that folder and interestingly enough, I found an "Opera Crash report" for today at the same time I rec'd the SAS popup. I opened the crash report and it was empty. There's nothing else in the users folder with today's date and time. I ran scans with the other security software on my system and found nothing. I am not smart enough to know if this is an anomaly of some sort or should further steps be taken? I would be more concerned if my other browsers behaved the same way, but they didn't. Thanks Share this post Link to post Share on other sites
SUPERsupport Posted November 8, 2017 Hello Diane, Thank you for contacting us, what software alerted you to this "heuristic.backdoor.process"? If it was SUPERAntiSpyware, please post the scan log you mentioned that showed the infection. You can find your scan logs in this directory: C:\Users\”USERNAME”\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs You'll need to replace "USERNAME" with your Windows user name. Share this post Link to post Share on other sites
Diane P. Posted November 8, 2017 It was SAS that alerted me to the issue.....log attached. BTW, I haven't had the message since. The Opera crash was at 815 AM; the log was completed a few minutes after. I can't but help think the two are related. D. SUPERAntiSpyware Scan Log - 11-08-2017 - 08-21-06.log Share this post Link to post Share on other sites
SUPERsupport Posted November 8, 2017 Unfortunately the scan log you provided just shows cookies, is there another scan log that shows the detection? If not, I would just not worry about it until you see the detection pop-up again. If you can, take a screenshot of the message you see informing you of the attack.▷ How to take a screenshot Share this post Link to post Share on other sites
Diane P. Posted November 8, 2017 This is the actual scan log taken from SAS software itself. I looked in SAS Quarantine and it shows the following: C:\users\DMP\appdata\local\temp\temp\explorer.exe. I do not know how to send a quarantined file. SAS software warns me not to restore it. Interestingly, I looked in the C:\users\DMP\appdata\local\temp\temp\explorer.exe again, and I see another Opera crash report, that was originally timed at 8:15AM, now timed at 12:42 PM, just few minutes ago. SUPERAntiSpyware Scan Loghttps://www.superantispyware.com Generated 11/08/2017 at 08:21 AM Application Version : 6.0.1250 Database Version : 14111 Scan type : Complete Scan Total Scan Time : 00:09:20 Operating System Information Windows 10 Professional 64-bit (Build 10.00.16299) UAC On - Limited User Memory items scanned : 978 Memory items detected : 0 Registry items scanned : 62130 Registry items detected : 0 File items scanned : 32066 File items detected : 14 Adware.Tracking Cookie .doubleclick.net\test_cookie [ C:\USERS\DMP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] c.speedtest.net\spc1|.doubleclick.net|$|IDE [ C:\USERS\DMP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .maxmind.com\__cfduid [ C:\USERS\DMP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .iasds01.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] .advertising.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] .iasds01.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] .scorecardresearch.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] .scorecardresearch.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] .agkn.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] .adaptv.advertising.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] .agkn.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] .spotxchange.com [ C:\USERS\DMP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV870LVK.DEFAULT\COOKIES.SQLITE ] ============ End of Log ============ Share this post Link to post Share on other sites
SUPERsupport Posted November 8, 2017 It was in the quarantine then, it looks like the issues resolved as SUPERAntiSpywares Real-Time Protection grabbed it and dealt with it. No further steps need to be taken Share this post Link to post Share on other sites
Diane P. Posted November 8, 2017 Note the sentence I just added...the Opera crash report from this AM @8:15AM is now timed at 1242PM. This must somehow have to do with Opera, I think. Opera doesn't crash on me though. Thanks for your help. Diane P. Share this post Link to post Share on other sites
SUPERsupport Posted November 8, 2017 If you need assistance with Opera crashing or questions regarding Opera Web Browser I would contact Opera. The malware that detected by Real-Time Protection and quarantined has probably nothing to do with Operas software since it was found in C:\users\DMP\appdata\local\temp\temp\ which is a temp folder, not an Opera specific folder. If you open Opera, does the issue become detected again by SUPERAntiSpywares real-time protection? Share this post Link to post Share on other sites