Avast WEBforum
Other => General Topics => Topic started by: polonus on February 25, 2008, 11:19:39 PM
-
Hi malware fighters,
As we see from preliminary anti-malware routines some anti-malware schools/camps have their victims use Super Anti Spyware :
http://www.geekstogo.com/forum/Must-Read-Before-Posting-Hijackthis-Log-t2852.html
http://forums.majorgeeks.com/showthread.php?t=139313
I know of others that have not taken it up in their list of advised anti-malware scanning programs, because they do not like the way the program is being presented (mild way of wording this).
Sometimes programs that had a bad record once, have to sit in the waiting room quite some time, because people do not trust them or something about them anymore.
I saw a similar change of mind on an anti-spyware forum considering Hitman Pro. They made a 180% turn on it. First everybody used it, special forum section, then it was dropped and people were warned against using it. It was just like in a certain religion, the subject went anathema overnight....
I am one of those who think it is of the utmost importance to establish what kind of malware(s) has to be tackled in the anti-malware routine, to find a description of a proven anti-malware routine for a similar case, better even a description of a manual cleansing routine or a special tool designed against this particular malware, else a combination of tools and measures.
After this has been established we can take other measures like scanning, running in safe mode, going back to full admin rights to run certain tools, blocking certain real time protection that interferes with the cleansing etc. Always to be followed at the end with an advise how the victim can prevent re-infection with a "How was I infected in the first place"-kind of story,
What are your views,
polonus
anti-malware fighter
-
I believe SAS was on the rogue list a few years back - but they have now got their act together and have produced a good tool. How long for who knows, but while it works I will use it.
Personally I like to see what the system has on it and so would use an analysis tool like DSS or if I know the infection then Combofix which as you know has an analysis section as well. If there are obvious malware files evident from the HJT I would hit them first before anything else to try and cripple the malware and keep the re-inforcements at bay.
But every analyst has their own way of attacking infections and this is just my prefered method. Plus I generally tend to go for manual cleaning after I have used the tools as they will sometimes miss something
-
so SAS used to be a rouge program :o, what made them change and become a widley used Antispyware tool?
-
Hi sanctuary24,
Here we present the programs with a license to kill spyware (with test results):
http://www.webgrid.co.uk/?m=Articles&id=9#sas
And yes, SAS is now one of them. I guessed the program was considered rogue once because of the aggressive way it was presented, and some still think it is not completely without,
polonus
-
***
I also notice Spyware Terminatior is on the list. But, this part is incorrect ...
nstallation
Upon installation (through Total Uninstall) the Crawler Toolbar is installed (nothing you can do about that), which immediately demands an outgoing connection to the Internet. Also the installation immediately wanted to install the Crawler Toolbar as a Browser Helper Object, both Spyware Guard and BHO-Demon popped up to warn me (and of course I denied that installation as BHO)
The Crawler Toolbar does not have to be installed. I have ST installed and there is no toolbar present and there is no BHO present. During installation, you are asked if you want the toolbar installed and you can opt to not install it.
***
-
Hi CharleyO,
That is why we come up with all this information, so that people can make decisions themselves. Thanks for the additional info. The anti-malware landscape is changing all the time, that is why I like this forum,
polonus
-
so SAS used to be a rouge program :o, what made them change and become a widley used Antispyware tool?
Was it really a rogue program ? Or was this a rumour, because it was new.Was it ever on Spyware Warriors list,I believe once upon a time Site advisor marked it as red,but that means little,if it was remotely associated with another site.
-
Hi Micky77,
There was a thing with spam and dubious marketing practices once, I guess,
pol
-
...I know of others that have not taken it up in their list of advised anti-malware scanning programs, because they do not like the way the program is being presented (mild way of wording this).
Hi Polonus
I don't understand. Please explain exactly what you mean by "the way the program is being presented".
Sometimes programs that had a bad record once, have to sit in the waiting room quite some time, because people do not trust them or something about them anymore.
Please clarify, you're still talking here about SAS?
I've been using and recommending it since 2006 so I'm keen to read, detailed, first-hand, accountable records of bad experiences with SAS or "something" about it.
-
Hi Vladimyr,
These are not my words, and it is all in the past where SAS came from. There are some malware training web forums that use the program now, and there is one I know of because of aggressive selling methods in the past still think the program is not yet to be brought into their advised software list. What exactly was there I cannot say, I just report what I have read there, and even the owner of this forum says the program is OK now,
polonus
-
Both programs(SAS and ST) were rogue AS programs. And i use both because i think now they do a great job(ST on real time and SAS on demand).
I think they are clean now.
PD
I have installed ST without WSG, then no toolbar.
-
If web communities can make a rogue app to into clean one, I think it can be called an achievement. This is like rehabilitating a criminal.
-
I never would have thought SAS would have been considered rogue.
The name has always sounded a little dodgy but alot of anti spyware program names often do.
-
so SAS used to be a rouge program :o, what made them change and become a widley used Antispyware tool?
Was it really a rogue program ? Or was this a rumour, because it was new.Was it ever on Spyware Warriors list
It was never a rogue program (listed on Spyware warriors list). I don't know why so many people here are spreading rumors by saying "i guess", "I think"...
The fact is almost every new antispyware that comes up these days (and even back then) are/was treated with suspicion. Except maybe those from the the big boys, where you just say it sucks but dare not accuse them of being rogue.
Add the fact that many AS have similar names, you "malware fighters" always get confused... Probably one guy accused it of being rogue a long time back and some of you remember that. I notice how some software have tons of false positives but nobody calls it rogue but a newer comer with a few get hammered.
Personally I think most of the AS recommended are crap (granted the ones not recommended are even more crappy). I'm amazed people are still recommending stuff like spybot and ad-aware and even spywareblaster. Out-dated tools for an older and more innocent era if you ask me (I know you didn't).
-
Add the fact that many AS have similar names, you "malware fighters" always get confused...
*After checking through the list first time after a long period using page search function* Seems like that. I must have taken it for another app on the list. The list is huge and nowadays, I spend lesser time on checking security apps and visiting security boards since I have experienced no malware issue (Touch wood).
-
This is like rehabilitating a criminal.
Also my opinion :-[
-
I agree with Lusher,( not sure about the last bit ) I saw a post somewhere from the developer Nick Skrepetos,strenuously denying Superantispyware ever being on any rogue list.Again I agree all new programs come under suspicion.And while SAS is indeed a brilliant program,Its GUI alone makes it look a tad cheap and possibly dodgy,to anyone who doubted it.
-
SAS detected some missed samples by avast.
I think it's a good second-opinion and cleaning tool.
-
SAS detected 5 false positives on my computer (-> XP Update Files).
I guess there is something about all programs. I guess its up to each individual.
He is absolutely right.
-
I have no reservations using SAS Pro. It's a great program...
-
So far I had been "anxious" about installing the Web Crawler Toolbar with the latest edition of ST but I have it on since 21 days or so and so far everything is OK (identity theft, information stolen). It's another tool in ST. :D
-
So far, I runned HijackThis and was surprised it found a Crawler toolbar component a "parasite variant". I then checked it on Virus Total. The result is there
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - W32/HotBar.A.gen!Eldorado
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - Suspicious file
Prevx1 - - Heuristic: Suspicious Self Modifying File
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: 35f9b813bb043fb2053972276dfa0ba0
SHA1: 5d58351bbd7097e4d50c0607de3a4dec273217d4
SHA256: bd3e4a5d698eb57d661ca41cce99b2f5ad5e4a02e36117a48100a4b4611f3aa1
SHA512: acc00d58fe7ec2e2559fe1a6a2dc3d95cc0bc1f8b376bbdd3bde38dbf98f8fb3 a07c5635b88e1f51657eb0fe8aab30716c22a8f17e316e6115720d8b353d8f8c
Fichier ctbr.dll reçu le 2008.02.18 20:26:19 (CET)
Situation actuelle: terminé
Résultat: 3/32 (9.38%)
The suspect file is ctbr.dll and after all I'm uninstalling this toolbar. So far, I'm not using it after all. ???
-
Make an empty txt file and Prevx1 will mark it as suspicious! :P
Seems a false positive. Not any toolbar is bad. Although, I don't think it's necessary. I did not install it in my system. It's a bloatware in my opinion.
-
Make an empty txt file and Prevx1 will mark it as suspicious! :P
Seems a false positive. Not any toolbar is bad. Although, I don't think it's necessary. I did not install it in my system. It's a bloatware in my opinion.
Thanks, it's good to know!!! :)
-
Has anyone got any opinions on the new version (V4) and do you suggest upgrading asap or wait for a while?
-
Has anyone got any opinions on the new version (V4) and do you suggest upgrading asap or wait for a while?
It's stable and working. No problems.
-
Tech will it update over the previous version (via search for program updates) and is it compatible with Avast and Comodo Firewall V2.4?
-
It's stable and working. No problems.
and the scan time in complete scan seems faster...used to take forever :)
compatible with Avast and Comodo Firewall V2.4?
yes....it's only a spyware scanner-have no problem with it-using avast!and pctool firewall plus-used to use comodo pro-and had no problem then either :)
-
thanks, how complex is the install process from V3 to V4?
-
thanks, how complex is the install process from V3 to V4?
Takes about 1 minute,once you connect.I updated through preferences > updates,as when iused the main 'check for updates' it said I was up to date.Installed on top of old version.Easy
-
I just get a bit nervous over updating things I havent had to update before (program updates not definitions I mean)
-
I just get a bit nervous over updating things I havent had to update before (program updates not definitions I mean)
What i do is create a restore point before and after installs/upgrades.
-
Tech will it update over the previous version (via search for program updates) and is it compatible with Avast and Comodo Firewall V2.4?
Sure.
-
I have it updated now so I will keep an eye on it when I'm using it but for now everything is fine
-
I have it updated now so I will keep an eye on it when I'm using it but for now everything is fine
Enjoy it ;)
Indeed it has a good 'cleaning' procedure (if it finds anything).
Few false positives. Of course, the on demand scanning could be faster...
-
thanks again
-
If you need to see why AVG is dead and SAS is good look at this thread - first post http://www.geekstogo.com/forum/worm-win32-netsky-Can-help-t189885.html
Mindst you there is still more to remove
-
I agree with Lusher,( not sure about the last bit ) I saw a post somewhere from the developer Nick Skrepetos,strenuously denying Superantispyware ever being on any rogue list.Again I agree all new programs come under suspicion.And while SAS is indeed a brilliant program,Its GUI alone makes it look a tad cheap and possibly dodgy,to anyone who doubted it.
Hi micky
Just re-read your post and had to laugh :). Don't take this the wrong way but as you're suspicious of both new programs and old-looking GUIs, a truly dodgy program made to look "middle-aged" could be you're Achilles heel! ;D ;D
-
I agree with Lusher,( not sure about the last bit ) I saw a post somewhere from the developer Nick Skrepetos,strenuously denying Superantispyware ever being on any rogue list.Again I agree all new programs come under suspicion.And while SAS is indeed a brilliant program,Its GUI alone makes it look a tad cheap and possibly dodgy,to anyone who doubted it.
Hi micky
Just re-read your post and had to laugh :). Don't take this the wrong way but as you're suspicious of both new programs and old-looking GUIs, a truly dodgy program made to look "middle-aged" could be you're Achilles heel! ;D ;D
I'm not sure what you mean.I am not suspicious of SAS.What I meant was,when it was new and under scrutiny,its interface looked cheap,and the website looks almost fake.,and then theres the bug for a tray icon ;D.None of this bothers me,but it might put some people off.Now that AVG AS (paid) is finished,I'm sure SAS Pro sales will rocket.
-
Micky77
Don't worry about my sometimes obscure sense of humour. I realized you were not necessarily voicing your own opinion about SAS.
Re: Cheap-looking interfaces putting people off.
VET was for many years one of the best AVs around, especially for low resource usage, and some people doubted its effectiveness for no other reason than because the UI appearance was carried over from the original Windows 3.1 product right through to early 2006.
Re: Fancy-looking interfaces putting people off.
While the new AVG 8.0 UI looks great and I'm sure the program itself is as trustworthy as ever, the inclusion of a "Security Toolbar" with a Yahoo search box and a a post-install request to make 'yahoo.com' your browser home page, is causing a bit of a stir with people I know who are using it.