SuperAntispyware Free Question

Discussion in 'other anti-malware software' started by Tonto, Feb 12, 2008.

Thread Status:
Not open for further replies.
  1. Tonto

    Tonto Registered Member

    Joined:
    Dec 16, 2007
    Posts:
    20
    Location:
    Canada
    Hi All

    I am new here and have a question about SAS free version.Downloaded it the other day and configured it not to start with windows,no tray icon and not to check automatically for updates.As i can do that with a click of the button.And would like to use as a on demand scanner only.I see it is highly recommended here at Wilders even the free version.

    Problem is when i click the update button it says definitions are up to date but it is not updating as my firewall is not alerting me to the fact it wants permission.Is the free version crippled ?.Before i ran the scan i used CCleaner then scanned it found 3 tracking cookies.SAS wanted me to reboot to remove these cookies is that normal ?.

    Wouldn't CCleaner have removed them cookies before the scan.And am i to assume my box is clean if it only found cookies.
     
  2. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Hi

    1)SAS will ask for a reboot if *file(s)* are in use so i'm guessing you were still online/browser open at the time of scanning.

    2)Here is latest SAS defs what set dose the software GUI say you are running ?
    http://www.superantispyware.com/definitions.html

    The free version is not crippled from an update perspective so is it possible your firewall has some default rule already in place that is blocking SAS from updating.So what firewall are you utilizing ?
     
  3. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    1) By default SAS will ask to be rebooted once detections (including cookies) are removed.

    2) Temporarily disable your firewall and see if SAS updates.

    It's possible that SAS detected the cookies from another user account. Even though SAS has one of the best detection rates out there, it's not 100%, so it's anyones guess whether your pc is clean or not. We'd have to look at HJT & Combofix logs to even come close to giving you a clean bill of health.
     
  4. Tonto

    Tonto Registered Member

    Joined:
    Dec 16, 2007
    Posts:
    20
    Location:
    Canada
    Hi,don't suspect an infection.I got rid of adaware there a while back and wanted to have a second [on demand] scanner i still have spybot.

    Nope not updating,SAS version 3.9.1008-Core 3259and Trace-1270
    I am only user on this puter.

    No browsers were closed just a habit when i do a scan.Definitions are definitely not up to date from link fcukdat provided.I suppose i could manually update.Would be a bit of a hassle.

    Disabled firewall no go,there still is the issue of why CCleaner did not remove them cookies.Browsers must be closed to use.Do you think that when i have automatically checked for updates unchecked matters ?.

    How is the free version limited ?.Thanks
     
  5. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    I'd consider rebooting to safe mode with networking to see if SAS will update when you right-click the tray icon > check for updates

    http://www.superantispyware.com/superantispywarefreevspro.html
     
  6. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Well something is definetly not playing happy on your system.I would try uninstalling and reinstalling again to see if the issue's persist.
     
  7. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    Which firewall are you running? ZoneAlarm seems to block us automatically, we are working on them with their PASS program so that won't happen, you may have to remove and re-add SUPERANTISPYWARE.EXE otherwise it will be blocked silently and you won't receive an alert.
     
  8. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Does the free version of ZA block SAS?
     
  9. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    I believe so - we are going to be doing some internal testing again.
     
  10. Joan Archer

    Joan Archer Registered Member

    Joined:
    Aug 12, 2007
    Posts:
    73
    Location:
    Pembrokeshire, South Wales, UK
    I can verify that Zone Alarm Pro blocks SAS I had to go into it to allow SAS to run after doing that things were OK again ;)
     
  11. Philippe_FR22

    Philippe_FR22 Registered Member

    Joined:
    Sep 6, 2007
    Posts:
    249
    I confirm, SAS Update is automatically blocked (with smart defense advisor generated rule)... You can see here some informations

    https://www.wilderssecurity.com/showthread.php?t=199373

    And some SAS developer did not believe me !

    Well, if you read at the end of the post above, you will change your mind and try to uninstall SAS... Good luck, you will have to fight with files and hundreds of keys remaining on you register (nothing is uninstalled, in fact !)

    Well solution is in the post above...
    And when you will think that you succeeded in getting rid of SAS, you will see on your event log
    "Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger*:
    SASDIFSV
    SASKUTIL

    Pour plus d'informations, consultez le centre Aide et support à l'adresse http://go.microsoft.com/fwlink/events.asp."

    Then once more, you will need to search and delete those entries...
     
  12. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    We are working with ZoneAlarms PASS program so that ZoneAlarm will automatically configure itself properly for SUPERAntiSpyware. It will block the updates but you can allow them in ZoneAlarm and all will function properly.
     
  13. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    You really need to stop posting false statements regarding our product. SUPERAntiSpyware does not leave hundreds of keys or files behind - we have a complete uninstallation program that removes the files, registry keys and drivers.

    For some reason you appear to have a unique problem on your system - which likley is related to not following directions.
     
  14. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Actually between the two I would much rather get rid of anything assiciated with Zone Alarm/Check Point then SuperAntiSpyware.
    SAS is on my box and ZA will never, ever, again get near any PC of mine.
    That goes for any security software that feels it's in thier best interest to put unwanted toolbar's or the like in thier product.
     
  15. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    The only trouble I've "ever" had with SAS was having to reinstall the free version again after uninstalling, in order to delete the folder it leaves behind in Program Files, but no big deal. As far as registry entries left over. There there are a few, but they are easy to find and delete, and again no big deal. I do wonder though why my 30 Day Trial only lasted around 15 days? I tried to reinstall the latest Release Candidate, but couldn't, because my evaluation was over. The same went for the 3.9 version as well. Any ideas Nick?
     
  16. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    Well, the software is only a 15-day trial on the Professional, so that would explain why only a 15-day trial :) The 4.0 final release will allow you to re-try the 15-day Professional trial.
     
  17. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Any planned release date?
     
  18. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    Very soon :) Latest pre-release has been rock solid.
     
  19. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    LOL. That was pretty funny Nick, thanks I enjoyed that. I did just see it reads a 30 day "money back guarantee" on the website. i must have had that in the back of mind. The thing is though, that I never tried the Pro version of 3.9 before, and it still said my evaluation period was up. It updates and installs everything, folders, start menu icon, and registry keys, but when I click on the beetle icon (that I was just starting to like. LOL. ) is when I get the message my evaluation period has expired. The same thing happened when after I uninstalled the old Release Candidate to install the current one. Which is why I tried the 3.9 version to begin with.
     
  20. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Super news :thumb:
    I tried SAS a long while back, but it will be nice to be able to try SAS Pro again to see if it's compatable with the rest of my setup.
    Hopefully it is, and if that's the case you've had made another sale. :D
    By the way I have the 4.0 pre release free on demand and having no problems with it. Just waiting for the final release. :thumb:
     
  21. Tonto

    Tonto Registered Member

    Joined:
    Dec 16, 2007
    Posts:
    20
    Location:
    Canada
    Hi

    Sorry have been on the road a bit and haven't had a chance to reply.
    I am using Look ''n'' Stop firewall i uninstalled then reinstalled same situation.Just does not attempt to make a connection to SAS to update definitions,would be a simple grant or deny a connection.I would like to mention that i trialled the SAS Pro version for a couple of days a while back.Could that be part of the problem??

    Regardless it isn't the firewall as i put SAS Free on my brothers machine he is using LnS too and updated just fine nary a problem!!.I am a little concerned about what it found though.I updated spybot on his box was a new program version and it found quite a bit of crap.Don't like how Spybot reports secuirity centre disabled cause that certainly is not an infection.

    I ran Spybot than SAS one after the other and this is what SAS found is this normal stuff [a lot don't know] maybe somebody can throw out a few comments.I am not asking for help his machine seemed to be fine before and after,here it is

    Application Version : 3.9.1008

    Core Rules Database Version : 3401
    Trace Rules Database Version: 1393

    Scan type : Complete Scan
    Total Scan Time : 01:27:08

    Memory items scanned : 399
    Memory threats detected : 0
    Registry items scanned : 4636
    Registry threats detected : 33
    File items scanned : 24954
    File threats detected : 3

    Trojan.Smitfraud Variant
    HKLM\Software\Classes\CLSID\{27cb634d-c84e-4c00-9b53-f5523601dbad}
    HKCR\CLSID\{27CB634D-C84E-4C00-9B53-F5523601DBAD}
    HKCR\CLSID\{27CB634D-C84E-4C00-9B53-F5523601DBAD}\InProcServer32
    HKCR\CLSID\{27CB634D-C84E-4C00-9B53-F5523601DBAD}\InProcServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\IINQYL.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{27cb634d-c84e-4c00-9b53-f5523601dbad}
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{AA243FAA-7832-466D-82FB-F9CFF1E20320}\RP30\A0013601.DLL

    Adware.E404 Helper/Variant-A
    HKLM\Software\Classes\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}
    HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}
    HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}
    HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}\InprocServer32
    HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}\InprocServer32#ThreadingModel
    HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}\ProgID
    HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}\Programmable
    HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}\TypeLib
    HKCR\CLSID\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}\VersionIndependentProgID
    C:\PROGRAM FILES\HELPER\1202439188.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}

    Trojan.DNSChanger-Codec
    HKCR\CLSID\E404.e404mgr
    HKCR\CLSID\E404.e404mgr#UserId

    Adware.E404 Helper/Hij
    HKCR\E404.e404mgr
    HKCR\E404.e404mgr\CLSID
    HKCR\E404.e404mgr\CurVer
    HKCR\E404.e404mgr.1
    HKCR\E404.e404mgr.1\CLSID
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
    HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
    HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
    HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
    HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
    HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version

    Well what do you guys think??
     
  22. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    Eerr.. no? When I scan with browser(s) closed, and cookies are detected and removed, no reboot is asked by the SAS Free (using v3.9.something)
     
  23. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    All of the above detected items are actual threats, none of them appear to be false positives....classic infection found on adult sites....
     
  24. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    I normally see these file c/o driveby AVP infection in pr0n land.You should make sure the victim PC is up todate with M$ patch's and any old versions of Java JRE are uninstalled leaving the most recent version installed.

    The reason why SpyBot has been bypassed this time is at the point of using it the files and registry entries were not known to its database.FWIW they could be by now but the AVP infection gets a makeover frequently inorder to avoid detection by the blacklist defenders+ cleaners.

    It just so happens on this occasion SAS had this variant of AVP infection in its target database and took the infection down for you(Malware 0- 1 SAS):thumb: :cool:
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    I surely don't know the make up of SAS Lab or it's records list Nick keeps up on, just keep at it what ever you do, because IMO this is the very BEST AS i have ever had the priviledge to see in comparison to any others that take some if not most all of the worse malware to task and firmly plus safely defeat their ill purpose.
     
Loading...
Thread Status:
Not open for further replies.