Avira identify Superantispyware as virus

[southcat]

Today Avira Antivir Personal Free identify Superantispyware.exe as a virus in my computer, any idea what happenned here ?

Thank you.

[Kernelwars]

most probably false positive..do you have a screenshot? and please submit the file to avira

[JoeBlack40]

Yes,same here.Screenshots...

EDIT-Submitted to Avira.

[The Hammer]

Quote:

Originally Posted by southcat

Today Avira Antivir Personal Free identify Superantispyware.exe as a virus in my computer, any idea what happenned here ?

Thank you.

Looks like a proper detection to me.

[Ranget]

maybe and injection i remember Viruses used to infect exe files
Hope it's a False positive though

try cooking it in Virustotal

[JoeBlack40]

The link for Virustotal...
*
Waiting a response from Avira.

[The Hammer]

I see Commodo tagged it as well.

[JoeBlack40]

Quote:

Originally Posted by Ranget

maybe and injection i remember Viruses used to infect exe files
Hope it's a False positive though

try cooking it in Virustotal

How could OP's exe file and mine be infected at the same time and with the same malware?It doesn't make any sense.

[Brummelchen]

great move - done very well - none need such crap - even not as a second opinion.
furthermore - its not possible to remove malware this way - stupid advertisement from wannabes for wannabes.
if you cant rely on ONE av-software - you cant on two or more.

[southcat]

Thanks JoeBlack40 for the screenshot and feedback to avira, so do you encounter same situation like me ?

To me, i think most likely is just a false positive.

[1PW]

Quote:

Originally Posted by The Hammer

I see Commodo tagged it as well.

Comodo has issued a "non-denial denial" for the FP that certainly doesn't help their reputation.

[JoeBlack40]

Quote:

Originally Posted by southcat

Thanks JoeBlack40 for the screenshot and feedback to avira, so do you encounter same situation like me ?

To me, i think most likely is just a false positive.

YW Southcat.Yes,this morning when i've booted up my laptop Avira warned.Odd enough,last night i've updated SAS from version 4.9 to last version...Are we the only ones with this issue

[Baserk]

Quote:

Originally Posted by Brummelchen

great move - done very well - none need such crap - even not as a second opinion.
furthermore - its not possible to remove malware this way - stupid advertisement from wannabes for wannabes.

Bitter sarcasm from the support desk? Or an actual thumbs down opinion on SAS?

Quote:

if you cant rely on ONE av-software - you cant on two or more.

Has anyone mentioned using two AV's? Are you against supplementing an AV with an AM? Because an AV should be able to catch everything?
Or has your WSF account been hijacked?

[Brummelchen]

not only this product - the reality showed up that removing is quite nearly
impossible for normal users without destroying the system or any other data.
and in almost all cases the system is damaged so badly that system recovery
does not help - only from scratch or proper image.
"removing malware" is the biggest lie in advertising!
and if the malware as a file was removed it keeps ever tracks of it in the
system which can cause other failure. also the security gap is still present,
it will happen again in same circumstances.

Quote:

Has anyone mentioned using two AV's?

they did - didnt you read this topic at all? Start from up again:

Quote:

Avira Antivir Personal Free identify Superantispyware.exe as a virus

Quote:

I see Commodo tagged it as well.

only possible if those run as backgroundscanners!

SAS itself as free version do not run in background, SAS pro do.

The next conclusion for me: why do i use a program which i dont trust at all?
Why do i need a second or third opinion? do i trust myself? my activity?
Why do i not trust my activity? Offending answer - i'm a stupid!

The 1st av/am ist inherently a second opinion - to MINE.
"i am not sure - so i ask avira/avast/kav/aso."

Not enough? Upload the file to VT or elsewhere - those scan with more than
20 engines. final question: does it help at least?

example: if 2 out of 20 show malware - would you use it anyway?
or take it as a FP? there is always the possibility that 2 of 20 are right and 18 are wrong!
so which part of you decides at least? your computer or your brain?
my and your experience for SAS might say - ok, something of the code is similar to malware.

i remember glary utilities last years when kaspersky found malware in it - and others not.
the conclusion was that glary was compiled with a vulnerability and other software with
same compiler had same. so kaspersky was right at least - 1 of 20.

its ok when people use an av/am in background to feel more secure, nothing against.
but i feel curios when people start installing next and next - just browse the forum
or the security setup thread.

something like future - the classical malware died in the last 10 years.
viruses - kidding - trojans and worms are the future. those steal important data,
you cant really imagine that all those data is collected and later sold in packages.
1000 credit card data for $200 - reality.
next step is that trojans dont send data - they manipulate the visual output
on banking sites. you enter: $70 to friend - trojan modifies: $700 to stealer - visible is only first.
its a new quality of malware - it is present and only interacts on eg banking sites.
there is NO sign that they are present. and the code for that is varying each day 55.000 times

there are 55 thousand (!) bad programs on the web each day, 2500 each hour!
so none of the present av/am will find them all - not possible.

Finally - i have some portables on my stick - mbam, avira in the first.
Also some ISO in pocket to scan without using the hosting OS.
if infected i recover data and setup from scratch or image.
i dont waste time on useless work. i help people re-installing their
legal software and to secure it. any other is their own decision with all consequences.

[sg09]

~ snipped out full quote of above post ~

Ok fine, but you comment looks like a bashing on SAS

Quote:

great move - done very well - none need such crap - even not as a second opinion.

You may not like the product but manybody does.

Quote:

Originally Posted by Baserk

Or has your WSF account been hijacked?

I doubt the same...

[Cudni]

Quote:

Originally Posted by Brummelchen

not only this product - the reality showed up that removing is quite nearly
impossible for normal users without destroying the system or any other data.
and in almost all cases the system is damaged so badly that system recovery
does not help - only from scratch or proper image.
"removing malware" is the biggest lie in advertising!

Almost in all cases? That is such a wild and wide generalisation and as generalisations go incorrect. Of course, there is malware that is so difficult (but rarely impossible) to remove that is easier to reimage (depending on user being that organised) but not in all cases.

[Brummelchen]

Quote:

like a bashing on SAS

wasnt my purpose - sorry.

BTW why did you have a full quote of me?
your answer is too short for the whole text - which part did you answer?

Quote:

any idea what happenned here

related to my text - what now?
Is SAS/MBAM/<other> safe now or is user infected?
there are no other hints that his system is not infected.

best way is to boot from ISO, copy file elsewhere, usb stick may best,
and test (not execute) it on a clean pc. if same there may a FP,
but for sure ask vendor.

#edit

Quote:

Almost in all cases?

the common programs cant clean it up. finish.
you need to investigate deeper and with special analysis tools to find all tracks.
#2
those specific cleaners for xyz_worm/0815 can only clean up what the know to clean up. but they cannot close any gaps.

[sg09]

Quote:

Originally Posted by Brummelchen

BTW why did you have a full quote of me?
your answer is too short for the whole text - which part did you answer?

I quoted to say that I agree with you for most parts but was confused with the first part of your post #9

[Cudni]

Quote:

Originally Posted by Brummelchen

the common programs cant clean it up. finish.
you need to investigate deeper and with special analysis tools to find all tracks.
#2
those specific cleaners for xyz_worm/0815 can only clean up what the know to clean up. but they cannot close any gaps.

Can't clean up what? Of course they can't clean up what they don't know about. They can, however, clean what they do know. The whole point of special tools is to find out all traces and undo them and make it known. It is only a matter of time and effort (admittedly both are in short supply)

[Baserk]

Quote:

Originally Posted by Brummelchen

...they did - didnt you read this topic at all? Start from up again:

So that's your reply when I ask if someone mentioned using 2 AV's.
You write; "Sure, they use one AV; Avira and one AM; SAS; That's two AV's".
Let me just reply; Bollocks.

Quote:

The next conclusion for me: why do i use a program which i dont trust at all?
Why do i need a second or third opinion? do i trust myself? my activity?
Why do i not trust my activity? Offending answer - i'm a stupid!

Ok, so you are saying that folks who rely on more than one antimalware program, are the insecure ones who don't trust themselves.
Actually, they are stupid.
Fine, everyone is entitled to an opinion but let me just quote you;

Quote:

Finally - i have some portables on my stick - mbam, avira in the first.
Also some ISO in pocket to scan without using the hosting OS.
if infected i recover data and setup from scratch or image.
i dont waste time on useless work...

Uh oh, do I see MBAM and Avira mentioned there?
So you don't rely on just one AV/AM program when trying to detect/remove malware? You find it not so stupid to use multiple programs?
You somehow are convinced that having two programs can actually be usefull...

[Brummelchen]

be carefull on your conclusions.
i can not force people with problems to install my prefered av program
furthermore it's pretty stupid to install it on an infected system.

Help: I Got Hacked. Now What Do I Do?
► http://technet.microsoft.com/de-de/l...8en-us%29.aspx
Just read yourself.

wether or not they are usefull - i dont use them parallel.
i already told you that two of them aint usefull - so why should i do it?

BTW it doesnt matter which two av - its always one too much.
remember i admitted one. the reason for the second is from my point what i
wrote - why trust a second and not the first? (later again this point)

Quote:

are the insecure ones who don't trust themselves

not exactly - its a bit of all matters. evil web - bad websites - trojans - new computer - booo!
i wont deny that - its present. but not that much as always promoted.

although in the past people got infected the most times they did it by purpose,
some illegal stuff. in less cases through bad websites, but nowerdays
its the combination of several issues - assumed the software is up-to-date.
a combination of javascript, java and flash can infect a system - and you wont see it.

so if you prevent such circumstances you can "kill two birds with one stone"
the better the preparation the better is security. but for convenience and
advertisement and gambling around with the fear of users (see above)
people uses av programs. some experienced users call that "snake oil"
http://en.wikipedia.org/wiki/Snake_oil

even in my visited forums experienced users got infected - they trusted too
much their used av and discarded the basic rules.
at least men decides - its a finger tip or mouse click away.

"me is secure i have ... software to protect me"
well - with 55 thousands new malware programs each day a really risky attitude.

so back to my question: why people use two or more anti malware programs?
please be honest.

to read what people use ► http://www.wilderssecurity.com/showthread.php?t=111264

[JoeBlack40]

Guys,no offence,we are talking about Avira's FP (or not),or about to have two AV and AM?
Brummelchen-i believe that a huge percentage of pc users are relying on SAS as on-demand scanners,including me.Plain and simple.So what is all this fuss about
Still no mail from Avira.

[Dark Shadow]

Quote:

Originally Posted by JoeBlack40

Guys,no offence,we are talking about Avira's FP (or not),or about to have two AV and AM?
Brummelchen-i believe that a huge percentage of pc users are relying on SAS as on-demand scanners,including me.Plain and simple.So what is all this fuss about
Still no mail from Avira.

Not to hijack thread but they should get back to you 24 hours give or take,at least my past experience with them.

[Baserk]

Quote:

Originally Posted by Brummelchen

...
so back to my question: why people use two or more anti malware programs?
please be honest.
...

Because the second one supplements the first one, I assume.
They don't assume that their AV will catch everything, so they add another (AM) layer for detection.

Brummelchen, we're not that far apart regarding opinions on security software, at least I think so.
I like a good HIPS/BB, sandboxing/virtualization software, imaging software (for when when I've assumed too much), a LUA/SUA account, EMET, SRP, avoiding java, using AB+, Noscript (and more than often just simply booting a Linux distro), e.g. I'm pretty much convinced that no AV single-handedly will save my bacon.

I was just 'somewhat' ticked off by your derogatory remark regarding the use of an AV and a supplemental AM program (especially one that's build to run besides an AV) and calling such a sign of stupidity.
But about the WSF members here, they can't be compared with any helpdesk customers. The latter are usually just common folk, the first enthusiasts who don't mind sacrificing resources to try out a boat load of different security sw. Imao, don't mix up these two completely different kinds of sw users.
My proposal; let's just agree to disagree and move on.
And sorry folks for going OT in an Avira FP thread. My apologies.

[Escalader]

Quote:

Originally Posted by Kernelwars

most probably false positive..do you have a screenshot? and please submit the file to avira

Ladies and Gentlemen!

I have 3 systems here on the LAN, 1 with Nod32 AV V5, one with MSE and the 3rd with Avira. All also have SAS.

Only the Avira setup id'd SAS as a virus. Unfortunately the user (not me) did not remember to put their products into the standard mutlually exclusive state and now SAS has quarantined some SAS exe's and deleted or moved others.
SAS now will not execute on that set up.

On the prime setup with SAS professional and Nod32 V5 excluding each other Nod32 did NOT id SAS as dangerous. No surprise there.

So as a little test I removed the exclusions for them both and ran an NOD 32 scan of all the files and executavles in the SAS folder.

All came back clean.

My 993.9% conclusion is that Avira has another False positive to deal with. The product has a good history of free detection BUT also a history of false positives. That has improved of late BUT this new SAS exe must have been missed.


If some users want to use this FP as a chance to advocate for product X and bash product A or product S so be it, none are perfect none catch 100% of malware that is why most use layers to protect and catch a few more baddies.

They will fix it eventually so for now I'll just relax and go back to watching old movies.