False positive - SuperAntiSpyware.exe

[Schvenn]

My Avast is up to date, yet it keeps saying that my SAS is infected.
So, I checked it against Virustotal.com and here's what they had to say:
http://www.virustotal.com/analisis/fdeb328e89bf990b6716cc2e5156a178
As you can see, false positive.

[Maxx_original]

what is your VPS version?

[Abraxas]

Yes , I have the same response at Boot Up into my Win XP SP3 system , just now . I then did a On demand Scan of the C:\Program Files\SUPERAntiSpyware directory which gave the same Alert .

Program version: 4.8.1201
Information about current update:
Total time: 43 s

- Vps: Already up to date
  (current version 080526-0)

I have emailed Avast! to virus@avast.com hoping the team can get an early heads up on this obvious FP .

[rdmaloyjr]

Strange, avast! on my computers didn't detect SAS as infected.

Program version: 4.8.1201
Vps: current version 080526-0

[Athene]

I am also getting the same with SAS along with c:\System Volume\...\A0105230.exe

VPS 0805260
Program version: 4.8.1201

Annie

[Abraxas]

rdmaloyjr:

Strange, avast! on my computers didn't detect SAS as infected.

That makes me wonder if SAS version is an issue , i.e. I updated the virus data base for SAS last boot , yesterday . First boot up today Avast! immediately detected SUPERANTISPYWARE.EXE , as the pic shows .

[DavidR]

Well I just fired up SAS and no alert with VPS 080526-0, I didn't get an alert yesterday either on my weekly scan and that would have been VPS 080525-0.

I'm Using SAS version 4.1.1046 (Core 3468 Trace 1459), I did an SAS signature update yesterday before my scan.

[Rodney78]

Updated my Avast today and went to fire up SAS and received a virus warning for Win32:trojan-gen {other}, it was found in my SAS.

Moved it the chest then SAS wouldn't work. Tried restoring the file (just in case it was false positive) and it still wouldn't work.

I've just run a full Avast system scan and its picked up two others:

C:\System Volume Information \_restore{16492CF9-7C45-44C4-9AC8-F42C171D4F2E}\RP409   - Original file name = A0055926.exe

C:\System Volume Information \_restore{16492CF9-7C45-44C4-9AC8-F42C171D4F2E}\RP410   - Original file name = A0055927.exe

Are these just the remnants in system restore and is it safe to delete them?

I am using the free version of SAS.

[Abraxas]

I opted to "ignore" when the alert by Avast! , i.e." C:\Program Files\SUPERAntiSpyware\ SUPERANTISPYWARE.EXE" is "Win32:Trojan-gen{other}" occurred ; seems that 'something' broke SUPERAntiSpyware though , or there's some problem with it in general .
I had to "repair" the installation of SUPERAntiSpyware to get it to function , during which there were some warnings about having adequate permissions from the re-installer .
Weird , I think I'll use GNU/Linux for a day or two ...

[coolcreator]

Just to let you all know there are others out here experiencing the exact same thing...

All was fine with my system (Vista running Avast! 4.8 Home Edition and SuperAntiSpyware)
until I booted this morning and it went haywire.

Got the exact same message from Avast! re: "Win32:Trojan-gen{other}" found in SAS.
Told it to ignore and then ran Avast! scan of system.
It said I had a trojan in active memory and asked if I wanted to run a boot scan, which I did.
It found SAS as the culprit and when I chose to "Repair" it gave me an error, so I told it to
"Ignore" and the scan and boot went on as normal.

SAS will not start at all now. It won't let me open the program.

This sucks royally. I've always counted heavily on SAS and find it a wonderful program for many uses.
Are we going to have to re-install or what? Maybe this was a virus/trojan set to go off on Memorial Day??
Anyone have any suggestions as to what to do next??? Thanks for any input or ideas!!!!! 

[Jonno52]

Hi guys

Today I also got Superantispyware.exe identified by Avast! as infected with Win32:Trojan-gen {Other}. I had been using version 4.0.0.1154 of SAS.  I shifted the SAS .exe to the Chest & then deleted it. Then installed the latest SAS (version 4.1.0.1046).  Then did a full scan with Avast, which claimed two restore points had been infected.

The Avast log shows the following for the supposed infections in Volume Info:
Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP614\A0094272.exe" file. 
26/05/2008 03:14:24 PM   [my name]   2976   Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP615\A0094290.MSI\Cabs.w1.cab\SUPERAntiSpyware.exe" file.

I'm running XP with SP3, Avast Free, Spybot S&D, Superantispyware, Windows Defender & ZoneAlarm (all up to date). Also WinPatrol & CCleaner.

Looking at the other posts here, it does look like this is a false positive (touch wood). I wasn't looking forward to endless system restores, or worse, if this had been a genuine trojan. Hopefully we can relax a bit.

[crococ]

Hello all,

I was away for few days, back to home yesterday, I powered and booted up my PC normally, and
then on my laptop, I updated my Avast signature database manually, and in doing so, I had SAS
detected as a infected file. I suspected this could be a false positive, nevertheless, I put the file
on the chest.

More surprisingly, at about the same time, I made the same Avast update on my PC, but SAS was
not detected as infected. The SAS update status on my 2 machines might be not the same. It is
only today when I tried to launch SAS on my PC, that Avast told me that SAS was infected.
I moved it into the chest as well.

Now what would be the best behavior to follow ? Download SAS again from it's original site ? But
Avast might detect again it as an infected file. As I am using SAS time to time, this could be an
annoyance ?

My VPS version on both machines is : 080526-0. I am running XP Proon both machine also.

Thanks in advance for any comments.

[justalice]

I have the samething . I'm curious if this might have something to do with xp sp3 . I mean I never had problems before with Avast . Could sp3 cause Avast not to work correctly ? Just a thought .

[coolcreator]

To justalice:   I don't think so (that XP SP3 is part of the problem), since I'm not running XP - I'm running Windows Vista Home Premium

 

[Rick F]

I opted to "ignore" when the alert by Avast! , i.e." C:\Program Files\SUPERAntiSpyware\ SUPERANTISPYWARE.EXE" is "Win32:Trojan-gen{other}" occurred ; seems that 'something' broke SUPERAntiSpyware though , or there's some problem with it in general .
I had to "repair" the installation of SUPERAntiSpyware to get it to function , during which there were some warnings about having adequate permissions from the re-installer .
Weird , I think I'll use GNU/Linux for a day or two ...

Yep, same for me.  Got the false warning of SAS being infected with Trojan, (clicked ignore). But it looks like Avast broke the installation of SAS. Even though I said to ignore SAS, SAS won't run. Says I don't have adequate permissions. Just last week I downloaded and installed SAS.   Strange.

BTW, I'm still on avast 4.7 with 080526-0 definitions.  WinXP Media Ctr. with SP-2