Superantispyware Killed my Computer

Discussion in 'other anti-malware software' started by Makav3l1, Jan 27, 2009.

Thread Status:
Not open for further replies.
  1. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    You can't get better Prevention than Returnil

    Ice
     
  2. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    I have to agree with the developer on this one. I mean if you are using some kind of powerful tool as SAS or other scanners, you should take care when having the product remove something. I understand your point of being extra careful but where does it end. It's like the popups you see with Comodo's D+. Sure you can have Threatcast and this cast and that cast but the bottom line there has to be some thought in allowing the security product to do certain things.

    Just my .02cents.

    Ice
     
  3. evilscribble

    evilscribble Registered Member

    Joined:
    Apr 30, 2008
    Posts:
    48
    Actually, it's called trust/confidence in the product. And you should have none in SAS. The way the developer likes to flame/disrespect/insult their own users clearly shows this.
     
  4. Ronin12

    Ronin12 Registered Member

    Joined:
    Jul 9, 2006
    Posts:
    40
    I am not necessarily defending or denying the fact that this false positive issue did not cause certain people a lot of aggravation. My system was ruined years ago by a certain antivirus software which quarantined three system files as malware. They were indeed false positives, but it was too late and the system could not be repaired. I did not stop using that software because of that issue. I stopped using it because over the years I have tested and found better performing software when it comes to resource usage, performance, speed, etc. I learned from that experience though. I have tested, used, and recommended many of the products listed here by members to clients and friends. Most of them have had a false positive on someone's system at one point or another. I am sympathetic to a client when their system has an issue because I have been there myself and I know what it feels like. The same software on a different system may cause no problem whatsoever. The point is that there is no exact control that may be used as a reference for every computer system in existence. It is hard to develop software that is compatible with every possible software and hardware system combination out there. They all try to make sure it is but each has had and will have an issue at some point or another on someone's system. I will continue to use SAS because it has helped me far more then it has harmed me when using it on a client's computer. I feel that the SAS team was quick to resolve the issue, although for those who were affected by it probably have a bad taste in their mouth right now which is understandable. I hope that all of the systems affected get repaired. The members of this forum were quick to offer some good suggestions to help another in need. It is good to have a place to go when you need some information or ideas. You and anyone else affected did nothing wrong and most people would do exactly the same and follow the directions of their trusted software. We all put a lot of faith in the software that we use in that it will be dependable and trustworthy 100% of the time. Unfortunately, that is just not possible and it does indeed stink when you are the one who experiences a severe problem because of something on your system. One should always try to get as much information as possible before making a decision. I am glad to hear that you are back up and running Makav3l1. Good luck.
     
    Last edited: Jan 29, 2009
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    But the number of infected/possible infected systems isn't a match to that number, or is it?

    I realize that would be a hard task, but, warning the users not to delete anything without being sure first and to ask for support, either at the product official page or known support forums for removing malware, specially those members of ASAP, would provide them better assistance, than doing it on their own. At least, they would be seeking for help and get some advice.

    If it was with me and I wasn't sure if I should or not to delete it, I would seek support at the official forum. And let's imagine that more people would do it at the same time. What would you say? You're too many. Get lost. We can't help.

    Otherwise, then just (every vendor) tell the user to reformat the system. That way they will safeguard their work and not go mad with an unbootable system, caused either by removing a FP or a malware that caused it.

    I know it's a tough work and that's why I dislike detection tools. Either they do the work well, or they completely mess up the system.
     
  6. Warklen

    Warklen Registered Member

    Joined:
    Jan 17, 2009
    Posts:
    112
    I have to agree with SAS.FP's can happen with any program. These company's work hard to help us with the fight against infections!!!It should be the users duty to do research in what he/she is deleting off there pc's.DONT Put 100% Trust in any program!!!Only in yourself :D
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    That's why I dislike the idea behind ThreatCast. The user still has to have information background to allow/block something. The unknowledgeable user won't have the information background. It shouldn't allow/block based on a rating, which could reflect the preferences of 80% of users.

    But, we're talking about different situation, IMO. We're talking about a detection tool that detected something, and most users, fearing it may be spyware, for example, sending information like their bank account login, will delete it right way.

    Every antimalware tool should alert the users for the fact it may be a False Positive and explain what it means, what it could happen from deleting such, etc.

    Also, point them out support forums, such as the product's official one. At least, they would have some support and not blindly delete it.

    Or as I said, simply advice to safeguard their work and reformat the machine. No one would lose their work and patience.

    Regards
     
  8. henryg

    henryg Registered Member

    Joined:
    Dec 13, 2005
    Posts:
    342
    Location:
    Boston
    Very good point. SAS saves lots of users when their systems become infected. Based on the malware infection, it's hard to determine as to how much damage it has already done to the operating system.... before it was attempted of being removed.
     
  9. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    We can understand a product having false positives ..., they all seem to have here and there, yes .., but it's not okay to have false positives on critical system files and worse .. NOT have a well-known, effortless reversal procedure.


    What exactly was it that made your in-house and thousands of out of house systems not detect usp10.dll (Uniscribe Unicode Script Processor Library)? Was this specific to certain system languages or language? ... Were you trying to target the Russian's systems? ;p


    Please excuse my ignorance ... when SUPERAntiSpyware quarantines, does it create an restore file to be accessed via Recovery Console CD/DVD? If not ... perhaps you might want to consider implementing this, and promoting this to prepare customers for future disasters.
     
  10. SimpleVLSI

    SimpleVLSI Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    2
  11. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,238
    Location:
    Sydney, Australia
    Dear Superantispyware:
    imho, unhappily this thread has taken a somewhat awkward slant:
    SAS has a hard won and enviable reputation for veracity, support, response time, development etc etc
    Noone underestimates the staggering complexity of the tools you provide.

    No-one disputes FPs occur and with every supplier of antimal utilities; some have occurred at massively disruptive international levels

    In a circumstance like this where there may be a problem why not just say 'we have made a mistake' , 'there may be a potential problem in some circumstances' and maybe 'here are some guidelines to fix if this has happened', or some such..
    Post a sticky at the forums ?
    Maybe if possible an e-mail :shifty: -heh heh- to the paid up users edit: or the registered forum members ( 14mill may be a bit of a strain :) )
    Easy way to get extra kudos.

    Fyi: I have just done a scan on my 3 home systems with updated SAS engines and detection files and have false positive Vundo detections on several .dlls: some are the same FPs as days ago and one is a new FP do you want the files ??

    Re reporting FPs : does the built in report system include a log of the scan, it is hard to type all the FPs in the box ( for me anyway).

    Regards
     
    Last edited: Jan 29, 2009
  12. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    Some people even blame Vista whenever anything happens... I think there was a happy ending, we all learned something from this event (FPs can have serious consequences), and IMO it is imperative to have backup solutions when everything else fails. Cool job from Phantom.
     
  13. Makav3l1

    Makav3l1 Registered Member

    Joined:
    Nov 26, 2007
    Posts:
    241
    If I wasn't sure about how I felt about SAS before, then I am now that I have seen your responses. I didn't have any malware infection. I scanned with your program. It flagged an important system file as malware and it's recommended actions were quarantine and delete. I couldn't reboot in regular or safe mode. I had to use the vista recovery disk. You come into this topic upset that users are disappointed by this false positive and attack them when it was your mistake. You claim it didn't effect many people, but how does that make sense? Anyone who scanned with that definition would have gotten the same system file flagged? That doesn't seem very small scale to me. I won't be using SAS anymore, good luck in the future.

    Could a mod please close this thread? I don't think anything else needs to be discussed, thanks.
     
    Last edited: Jan 29, 2009
  14. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Nice post. I learned these things about SUPERAntiSpy a long time ago.
     
  15. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    Just let me say one thing.........
    With all due respect to SAS, through this entire thread never was there anything said,such as, "Sorry for the FP and the inconvence it has caused you and/or anyone else"
    Not handled right.
    Just a whole lot of arguing and finger pointing.
    Not impressed with the way SAS handled it.
    I have not used their app in quite a while and after reading this thread it will be quite a bit longer too.
     
    Last edited: Jan 30, 2009
  16. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,121
    Location:
    Mountaineer Country
    I've been thinking the same exact thing as you LoneWolf and I agree! Mistakes do happen, but it's how they are handled that makes a difference.

    False Positives are going to happen, but they vary in severity. This one was severe.

    Like someone already mentioned, there is a lesson to be learned here. I was lucky with my first FP and only spent hours scanning with other tools. From that point on I set my scanners so I could interact with them and searched for any finding. If I scan with other tools, I run them with Returnil protection on so I can investigate first before anything automatic happens.
     
  17. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Check this out. A welcome change, eh? :thumb:
     
  18. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    There's no doubt that SUPERAntiSpy's customer service skills have been tainted. I recently submitted a support request over a minor issue with a product key and received substandard support. I sent a link (Photobucket) to a screenshot of the error and the rep stated "We don't run any links..." and kept asking for info that was provided in my initial response. I sent an email to SUPERAntiSpy (aka Nick Skrepetos) requesting that he review the support ticket and never received a reply. I posted a thread on the SAS forums and Nick never replied to the thread even though he is active on the forums.

    A week later Nick sends me a PM stating that "I didn't PM him...." and sides with the support rep who was unable to resolve the issue. He then says that he's given me "free codes" which is completely false. I have no idea what is going on in SAS land.
     
    Last edited: Jan 31, 2009
  19. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,752
    Location:
    Toronto Canada
    There's nothing like shooting yourself in the foot again is there Nick?;)
     
    Last edited: Jan 31, 2009
  20. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA
    This does seem to be a customer service slip. In fairness, I’ve been mostly a lurker here at Wilder’s for many years, and Nick has a long history of excellent customer service here – since the inception of SAS.

    Having worked with the public and having experienced constant ignorant (no reflection on this thread) accusations year after year…. It would be easy to lose one’s patience now and then. To compound Nick’s frustration, I’ll guess that the biggest complainers and 'problem children' are those who use the free product (just a guess).

    Notes to self:

    1. Quit trusting and deleting everything that every anti-malware program finds.

    2. Buy roll-back software.
     
    Last edited: Jan 31, 2009
  21. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    The bottom line we all know a FP can be just as or more destructive then malware in its self.That being said with all do respect to SAS being humble and say we our very sorry for the very serious FP,IMO It would gain more respect from the classy members here in wilders security forum.Cheers
     
    Last edited: Jan 31, 2009
  22. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    How's that item #2 working out for you? Did you purchase a solution yet? ;)
     
  23. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    Let's clear this up with some facts John. The person you were communicating with was not me in the support system. The customer service representative was asking the proper questions to assist you. They also were polite and courteous to you. You didn't want to cooperate so they could assist you, you simply wanted direct support from me (Nick Skrepetos). What you have to understand, is I simply don't have the physical time to provide basic support - that's why we have staff to help - I have to focus my time and energy on infections, technology and running the company. You showed no respect to our support staff when they let you know that mailing me for basic support that they were helping you with was not the appropriate procedure.

    You sent a link to a "image" - our representative told you they are not allowed to click links (under my direction) because many people have tried to submit links to infections - so for the safety of our systems, we don't click links - I am sure you understand that due to the type of business we are in - people (malware authors and such) constantly try to get us to "infect" ourselves using the same techniques.

    You called our support person a "moron" in your PM to me, which is NOT acceptable under any circumstances. They were trying to assist you and you didn't want to answer the questions they were asking and YOU simply closed the ticket and then went on a posting rampage - are you and adult or a 13 year old child? I really am curious.

    As for your phantom e-mail you sent me, it never arrived - so you may wish to send it again - nicks AT superantispyware.com

    We have also provided you additional free registration codes, in addition to the one you purhcase - if you want me to dig up the server logs, I can certainly do that for you.

    It's sad to see childlike behavior like this when I have been nothing but a professional to you, and helped in any way I could.
     
  24. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    There is no shooting myself in the foot here my friend. John showed disrespect to our staff and called them "morons" - which is not acceptable under any circumstances. We have been nothing but polite and courteous in our support of our users, and I expect the same in return - especially from forum members which proclaim to be "experts".

    I also PM'd John and told him we would be more than happy to help him if he wanted to be polite with our staff.

    He was more interested in posting on the forums like a child instead of getting a solution to the problem.
     
  25. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    Again, my initial response in the trouble ticket had enough information for the support rep to not ask repetitive questions. I felt I was getting the runaround so I simply asked you to look at the ticket because your support rep was a moron (not a child ;))

    Did I not make it clear in my previous post that I sent a link to Photobucket screenshot? Please read it again.

    One would think that you'd lock your support pc's down with a disallowed by default SRP and apply other countermeasures.

    I closed the ticket because your rep kept asking repetitive questions and then has the nerve to tell me that some security software on my pc was blocking SAS. I made it clear that I deactivated and activated using a NEW product key and it works fine. That is what you call poor troubleshooting skills. I never once called the rep any derogatory names in the ticket. I've only posted about my experience on this forum in this thread, and I posted the content of the ticket on your own forums which was promptly deleted. Someone on a rampage would post on numerous forums and continue to bash you and your product. I have done nothing of the sort.

    I've emailed you numerous times over the past ~3 years from the same email and you've replied before. I suppose that it's possible that you did not receive the email. In any event why did you ignore the thread I posted on your forums? You've been active replying to other threads around it so I know that you saw it.

    Again, you have NEVER provided me free codes. You've reset a couple of the codes that I paid for. Dig up those logs and provide proof to your claims.

    So referring to me as a child on a couple of occasions to somehow improve your position is professional? At least you are showing your true colors here on Wilders. :thumbd:

    I referred to one person as a moron for offering substandard support. Others would probably agree that I was receiving the runaround if they could view the ticket. The first PM you sent said nothing about what you claim above. Supposedly you sent me 2 more PM's yesterday but I have not read them yet. Did you somehow change your tone and offer assistance instead of trying to argue with me?


    * edited grammatical errors.
     
    Last edited: Feb 2, 2009
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.