Avira identify Superantispyware as virus

Discussion in 'other anti-malware software' started by southcat, Aug 13, 2011.

Thread Status:
Not open for further replies.
  1. southcat

    southcat Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    212
    Today Avira Antivir Personal Free identify Superantispyware.exe as a virus in my computer, any idea what happenned here ?

    Thank you.
     
  2. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    most probably false positive..do you have a screenshot? and please submit the file to avira :)
     
  3. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,572
    Location:
    Romania
    Yes,same here.Screenshots...

    EDIT-Submitted to Avira.
     

    Attached Files:

    Last edited: Aug 13, 2011
  4. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Looks like a proper detection to me.
     
  5. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    maybe and injection i remember Viruses used to infect exe files
    Hope it's a False positive though

    try cooking it in Virustotal
     
  6. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,572
    Location:
    Romania
    The link for Virustotal...
    *
    Waiting a response from Avira.
     
    Last edited by a moderator: Aug 13, 2011
  7. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    I see Commodo tagged it as well.
     
  8. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,572
    Location:
    Romania
    How could OP's exe file and mine be infected at the same time and with the same malware?It doesn't make any sense.
     
  9. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    great move - done very well - none need such crap - even not as a second opinion.
    furthermore - its not possible to remove malware this way - stupid advertisement from wannabes for wannabes.
    if you cant rely on ONE av-software - you cant on two or more.
     
  10. southcat

    southcat Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    212
    Thanks JoeBlack40 for the screenshot and feedback to avira, so do you encounter same situation like me ?

    To me, i think most likely is just a false positive.
     
  11. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    700
    Location:
    North of the 38th parallel.
    Comodo has issued a "non-denial denial" for the FP that certainly doesn't help their reputation. :(
     
  12. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,572
    Location:
    Romania
    YW Southcat.Yes,this morning when i've booted up my laptop Avira warned.Odd enough,last night i've updated SAS from version 4.9 to last version...Are we the only ones with this issue o_O
     
  13. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Bitter sarcasm from the support desk? Or an actual thumbs down opinion on SAS?

    Has anyone mentioned using two AV's? Are you against supplementing an AV with an AM? Because an AV should be able to catch everything?
    Or has your WSF account been hijacked?
     
  14. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    not only this product - the reality showed up that removing is quite nearly
    impossible for normal users without destroying the system or any other data.
    and in almost all cases the system is damaged so badly that system recovery
    does not help - only from scratch or proper image.
    "removing malware" is the biggest lie in advertising!
    and if the malware as a file was removed it keeps ever tracks of it in the
    system which can cause other failure. also the security gap is still present,
    it will happen again in same circumstances.
    they did - didnt you read this topic at all? Start from up again:
    only possible if those run as backgroundscanners!

    SAS itself as free version do not run in background, SAS pro do.

    The next conclusion for me: why do i use a program which i dont trust at all?
    Why do i need a second or third opinion? do i trust myself? my activity?
    Why do i not trust my activity? Offending answer - i'm a stupid!

    The 1st av/am ist inherently a second opinion - to MINE.
    "i am not sure - so i ask avira/avast/kav/aso."

    Not enough? Upload the file to VT or elsewhere - those scan with more than
    20 engines. final question: does it help at least?

    example: if 2 out of 20 show malware - would you use it anyway?
    or take it as a FP? there is always the possibility that 2 of 20 are right and 18 are wrong!
    so which part of you decides at least? your computer or your brain?
    my and your experience for SAS might say - ok, something of the code is similar to malware.

    i remember glary utilities last years when kaspersky found malware in it - and others not.
    the conclusion was that glary was compiled with a vulnerability and other software with
    same compiler had same. so kaspersky was right at least - 1 of 20.

    its ok when people use an av/am in background to feel more secure, nothing against.
    but i feel curios when people start installing next and next - just browse the forum
    or the security setup thread.

    something like future - the classical malware died in the last 10 years.
    viruses - kidding - trojans and worms are the future. those steal important data,
    you cant really imagine that all those data is collected and later sold in packages.
    1000 credit card data for $200 - reality.
    next step is that trojans dont send data - they manipulate the visual output
    on banking sites. you enter: $70 to friend - trojan modifies: $700 to stealer - visible is only first.
    its a new quality of malware - it is present and only interacts on eg banking sites.
    there is NO sign that they are present. and the code for that is varying each day 55.000 times

    there are 55 thousand (!) bad programs on the web each day, 2500 each hour!
    so none of the present av/am will find them all - not possible.

    Finally - i have some portables on my stick - mbam, avira in the first.
    Also some ISO in pocket to scan without using the hosting OS.
    if infected i recover data and setup from scratch or image.
    i dont waste time on useless work. i help people re-installing their
    legal software and to secure it. any other is their own decision with all consequences.
     
    Last edited: Aug 13, 2011
  15. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    ~ snipped out full quote of above post ~

    Ok fine, but you comment looks like a bashing on SAS
    You may not like the product but manybody does.
    I doubt the same...
     
    Last edited by a moderator: Aug 13, 2011
  16. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Almost in all cases? That is such a wild and wide generalisation and as generalisations go incorrect. Of course, there is malware that is so difficult (but rarely impossible) to remove that is easier to reimage (depending on user being that organised) but not in all cases.
     
  17. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    wasnt my purpose - sorry.

    BTW why did you have a full quote of me?
    your answer is too short for the whole text - which part did you answer?

    related to my text - what now?
    Is SAS/MBAM/<other> safe now or is user infected?
    there are no other hints that his system is not infected.

    best way is to boot from ISO, copy file elsewhere, usb stick may best,
    and test (not execute) it on a clean pc. if same there may a FP,
    but for sure ask vendor.

    #edit
    the common programs cant clean it up. finish.
    you need to investigate deeper and with special analysis tools to find all tracks.
    #2
    those specific cleaners for xyz_worm/0815 can only clean up what the know to clean up. but they cannot close any gaps.
     
  18. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    I quoted to say that I agree with you for most parts but was confused with the first part of your post #9
     
  19. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Can't clean up what? Of course they can't clean up what they don't know about. They can, however, clean what they do know. The whole point of special tools is to find out all traces and undo them and make it known. It is only a matter of time and effort (admittedly both are in short supply)
     
  20. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    So that's your reply when I ask if someone mentioned using 2 AV's.
    You write; "Sure, they use one AV; Avira and one AM; SAS; That's two AV's".
    Let me just reply; Bollocks.

    Ok, so you are saying that folks who rely on more than one antimalware program, are the insecure ones who don't trust themselves.
    Actually, they are stupid.
    Fine, everyone is entitled to an opinion but let me just quote you;

    Uh oh, do I see MBAM and Avira mentioned there?
    So you don't rely on just one AV/AM program when trying to detect/remove malware? You find it not so stupid to use multiple programs?
    You somehow are convinced that having two programs can actually be usefull...:rolleyes:
     
  21. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    be carefull on your conclusions.
    i can not force people with problems to install my prefered av program
    furthermore it's pretty stupid to install it on an infected system.

    Help: I Got Hacked. Now What Do I Do?
    http://technet.microsoft.com/de-de/library/cc512587(en-us).aspx
    Just read yourself.

    wether or not they are usefull - i dont use them parallel.
    i already told you that two of them aint usefull - so why should i do it?

    BTW it doesnt matter which two av - its always one too much.
    remember i admitted one. the reason for the second is from my point what i
    wrote - why trust a second and not the first? (later again this point)
    not exactly - its a bit of all matters. evil web - bad websites - trojans - new computer - booo!
    i wont deny that - its present. but not that much as always promoted.

    although in the past people got infected the most times they did it by purpose,
    some illegal stuff. in less cases through bad websites, but nowerdays
    its the combination of several issues - assumed the software is up-to-date.
    a combination of javascript, java and flash can infect a system - and you wont see it.

    so if you prevent such circumstances you can "kill two birds with one stone"
    the better the preparation the better is security. but for convenience and
    advertisement and gambling around with the fear of users (see above)
    people uses av programs. some experienced users call that "snake oil"
    http://en.wikipedia.org/wiki/Snake_oil

    even in my visited forums experienced users got infected - they trusted too
    much their used av and discarded the basic rules.
    at least men decides - its a finger tip or mouse click away.

    "me is secure i have ... software to protect me"
    well - with 55 thousands new malware programs each day a really risky attitude.

    so back to my question: why people use two or more anti malware programs?
    please be honest.

    to read what people use ► https://www.wilderssecurity.com/showthread.php?t=111264
     
  22. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,572
    Location:
    Romania
    Guys,no offence,we are talking about Avira's FP (or not),or about to have two AV and AM?
    Brummelchen-i believe that a huge percentage of pc users are relying on SAS as on-demand scanners,including me.Plain and simple.So what is all this fuss about o_O
    Still no mail from Avira.
     
  23. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Not to hijack thread but they should get back to you 24 hours give or take,at least my past experience with them.
     
  24. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Because the second one supplements the first one, I assume.
    They don't assume that their AV will catch everything, so they add another (AM) layer for detection.

    Brummelchen, we're not that far apart regarding opinions on security software, at least I think so.
    I like a good HIPS/BB, sandboxing/virtualization software, imaging software (for when when I've assumed too much), a LUA/SUA account, EMET, SRP, avoiding java, using AB+, Noscript (and more than often just simply booting a Linux distro), e.g. I'm pretty much convinced that no AV single-handedly will save my bacon.

    I was just 'somewhat' ticked off by your derogatory remark regarding the use of an AV and a supplemental AM program (especially one that's build to run besides an AV) and calling such a sign of stupidity.
    But about the WSF members here, they can't be compared with any helpdesk customers. The latter are usually just common folk, the first enthusiasts who don't mind sacrificing resources to try out a boat load of different security sw. Imao, don't mix up these two completely different kinds of sw users.
    My proposal; let's just agree to disagree and move on.
    And sorry folks for going OT in an Avira FP thread. My apologies.
     
  25. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Ladies and Gentlemen!

    I have 3 systems here on the LAN, 1 with Nod32 AV V5, one with MSE and the 3rd with Avira. All also have SAS.

    Only the Avira setup id'd SAS as a virus. Unfortunately the user (not me) did not remember to put their products into the standard mutlually exclusive state and now SAS has quarantined some SAS exe's and deleted or moved others.
    SAS now will not execute on that set up.

    On the prime setup with SAS professional and Nod32 V5 excluding each other Nod32 did NOT id SAS as dangerous. No surprise there.

    So as a little test I removed the exclusions for them both and ran an NOD 32 scan of all the files and executavles in the SAS folder.

    All came back clean.

    My 993.9% conclusion is that Avira has another False positive to deal with. The product has a good history of free detection BUT also a history of false positives. That has improved of late BUT this new SAS exe must have been missed.


    If some users want to use this FP as a chance to advocate for product X and bash product A or product S so be it, none are perfect none catch 100% of malware that is why most use layers to protect and catch a few more baddies.

    They will fix it eventually so for now I'll just relax and go back to watching old movies. :D
     
Thread Status:
Not open for further replies.