Superantispyware Killed my Computer

Yes this is what happened to me. I am back up and running thanks to the vista recovery cd. I am however disappointed in SAS. I used to recommend the free scanner to friends of mine but I don't think I can do that anymore. Bad FP. Thanks to all the members for the help they provided.

 

This is where Prevention is better than the cure.

Ice

 

IMO I will not attempt a nuke it all scanner method,well for entertainment maybe.There is always a chance a nuke it takes the OS with it.I would just resort to a rescue area or offline image and in most cases better outcome and piece of mind its gone,of course providing the image is clean.

 

Just so we're on the same page. My issue was a confirmed SAS false positive. Anyone who scanned with those file definitions (on vista?) and went through the removal process was going to end up with a bsod.

 

This was very careless of SUPERAntiSpyware, or more specifically the definition building department...

I would imagine this was a big step backwards for them, and hopefully they learned something from this false positive, and moving forward with better means to avoid this in the future such severe fp detections on critical system files...

If they make a habit of having false positives on critical system files, ... then sure ditch them, don't recommend them, and move forward.


But also this should hopefully bring awareness to being more careful to what you choose to remove, especially things from your system directory. Do research on the detected files, get secondary opinion, or third ... Ensure they aren't part of Microsoft before you get click happy...


Makav3l1, I'm very happy to see you have this worked out, and back up and running again. You have a good one!


Bests Regards,
Phant0m``

 

Thanks Makav for the heads up,and sure goes to show how a FP can be very destructive,regardless of OS.Glad to hear your back to normal.

 

Yep..me too..FP Vundo on a system file:

Multiple FPs for Vundo detection on SAS forums after latest updates.
Glad the issue is sorted for the OP: if you are a 'reasonable' surfer and have some 'anti' apps in place, be careful with any detectioins +/- auto deletes.
I for one wouldn't junk SAS because of a couple of FPs. ??

Tricky balance btwn over and under detecting.
No scanner is perfect.
LOL, bet Nick is a bit red faced about these fp's.
Doubtless he'll be workin away...

Before deleting ANYTHING You could always search the web for the file name or .dll , .exe or whatever. Could post at malware removal forums..
Repeat scan with another online scanner or another app: PrevXCSI, MBAM etc etc

Get Process Explorer and Autoruns from Sysinternals not hard to use, free, powerful utilities.
http://technet.microsoft.com/en-us/sysinternals/default.aspx
http://technet.microsoft.com/en-us/sysinternals/0e18b180-9b7a-4c49-8120-c47c5a693683.aspx
Get Runscanner
http://www.runscanner.net/
Another incredibly useful tool when you need it.

It's so effing annoying that the Op had to learn the hardway, but, a great recovery

 

Nice post longboard and great points indeed,Beside the fact SAS have Saved Some Arses for many that came in here for help in this case it was a oops we all know it happens from time to time.

 

You realize it's the malware, not SAS doing the damage right? I am always amazed when "technical" people have no notion that the spyware can harm the system when removed - it can happen with any product, we see this in our labs all the time and go to great extents to protect against and repair damages caused by malware/spyware.

You would rather bash a product than find a solution and learn techniques yourself to help remedy the situation. Remember, products such as SAS, MBAM, CounterSpy, etc. don't remove anything unless YOU direct it to.......

 

Incorrect. Only certain (very few) Vista systems have this problem - we of course scan against dozens of in-house and thousands of out of house systems before doing any releases.

 

You do realize that we have VERY FEW false positives in over 14 million users and years in the business. This was an issue that was located and resolved immediately. EVERY product has had issues such as this, AVG, MBAM, McAfee, etc. have ALL removed things they should not have and caused more widespread problems that this issue caused.

 

Any security product you use that is going to be "worth its weight" will eventually have a serious false positive - if you look back historically, any high profile product that is on the bleeding edge like we are will eventually have a false positive like this (or much worse as has been seen) i.e. AVG has, MBAM has, SpyBot has, AdAware has, etc.

It's part of the "risk" - We work very hard (as other companies do) to stay on the bleeding edge of these threats - things can happen - this didn't erase data, nor wipe the system and was easily fixed with the recovery CD - exactly why there IS a recovery CD - things happen.

 

Well I guess that is an easy fix. I also had to reflash my bios as it was acting weird by not saving settings after this happened. I don't know that the average computer user is going to know how to do these things. I also don't like that I don't know if there are any other lingering issues. As it stands, I am glad there weren't too many systems that this FP affected.

 

Well If I didn't ... I would have been like the others on here telling this user to ditch the **** and find something better...

.. I don't even want to read statistics, an critical system file shouldn't have been detected as a threat in the first place, hopefully instead of wasting your valuable time on here counteracting the aftermath.., you making steps to ensure this less likely to happen in the future on critical system files.

... I wonder the statistics regarding how many people because of this had to do Windows System Restore, or even re-format and reinstall Windows, or re-imaging of the hard drive to an earlier state to recover. I bet very limited numbers actually knew how to visit the Recovery Console and extract the right missing file off of the Windows CD/DVD and place back into their system. Let's not forget, not everyone has Windows CD/DVD with their computer...

 

Makav3l1, The removal of the system file didn't cause BIOS problems, .. if you had BIOS problems... wasn't because of SUPERAntiSpyware or it's cleaning .. or should I say removing?

 

This thread is about a bad FP from your software. What malware are you talking about?

 

i dont think it was an FP, i think it was the malware rooted into a system file. i may be wrong however.

 

http://forums.superantispyware.com/viewtopic.php?f=4&t=2546

 

The example I gave was caused by the Grandchild trojan, on my Daughter's computer. Since, I have installed Returnil and instructed them to enable it every time they go online. So far so good.

 

Hi,

Just can not afford another BSOD, especially being caused by a top notched application.

Just remembered being told that flying high, falling deep. SAS is, still (?) the number one in AS field ?

Feeling lucky and safer by adopting sandbox/virtualization concept long time ago.

When feel like to do "the catch of day" exercise, I will bring out SAS. MBAM or their likes for the fun. Not even bothering their real time stuff any more. --window dressing stuff.

 

SUPERAntiSpyware didn't cause you to reflash your bios! There are not lingering issues - it was ONE file that was removed, which you resotred. It's funny how people blame SAS (and other products) for the most amazing things....my car wouldn't start after I installed your software, my dog ran away after installing your software, etc....

 

Yes, it happens with every tool. Not a SAS specific problem. That's why you, the developers of any antimalware tool, should give a warning to people before eliminating anything your tools detect, to seek for advice on the official forum and not eliminate anything on their own, as we could be talking about a FP, that if eliminated, it could damage the system, which only a repair or even reinstall would fix.

Note, that, many users, are unknowledgeable people. If they see that their antimalware tool, that probably got installed when they bought their PC, report any malware activity, they will freak out and eliminate it.

You guys should make your products alert people for that fact, and ask for support on your official forums, and direct them the best way possible.

Regards

 

Nothing is removed without permission and we have an "Explain" button for people to get more information.........

 

Yes, I'm aware of that. But, unfortunately, not enough. A clear warning, and I'm not specifically targeting SAS, as it is a general situation, after a system scanning, if anything found, antimalware tools should give a warning to the users saying not to remove anything, before seeking advice in the official forum, or any other type of support.

This type of measure will prevent people from damaging their systems by eliminating things that could be the result of a FP, or from a true malware, but that could do what just happened.

Not everyone has the knowledge to do it on their own and know where to get help. And as I mentioned, if a user who has an antimalware tool, which got installed when bought the PC, scans the system because the guy at the computer shop said it so, and if the malware finds anything, he/she will delete it right away, scared of being a virus or spyware, etc. Unless, they know someone who is knowledgeable, which could help him/her out and advice what to do or where to seek for help.

I really think that's the best approach.

Best regards

 

You realize with the 10's of millions of scans done DAILY by users worldwide, that would never work right?