Author Topic: ¿False Positive in SuperAntispyware v4.25.1012?  (Read 10258 times)

0 Members and 1 Guest are viewing this topic.

cazoza

  • Guest
¿False Positive in SuperAntispyware v4.25.1012?
« on: January 29, 2009, 06:59:46 PM »
I have installed SuperAntispyware Professional, on my machine, and when i run memory test of avast, it detects three virus, but is after i have istalled super antispyware, and when i use malwarebytes, and avast, and outpost scans, my system is free of infections, what could it be? Maybe a false possitive?

I attached the log of avast, i will be waiting for answers. Thanks.

micky77

  • Guest
Re: ¿False Positive in SuperAntispyware v4.25.1012?
« Reply #1 on: January 29, 2009, 08:09:03 PM »
Have you considered uninstalling SAS, is it the trial version ? Are you saying a scan shows nothing ?

Jtaylor83

  • Guest
Re: ¿False Positive in SuperAntispyware v4.25.1012?
« Reply #2 on: January 29, 2009, 09:35:35 PM »
Have you in the past had these in infections (mentioned in your warning log) in your hard drive?


cazoza

  • Guest
Re: ¿False Positive in SuperAntispyware v4.25.1012?
« Reply #3 on: January 29, 2009, 10:26:50 PM »
No I have not had these infections before. I think is a false positive from SAS, I mean that when i scan my pc, with avast, or malwarebytes, or SAS, It shows there are no infections. But Avast memory scan, shows that they were on memory.

I have SAS Registered Version, and i ask SAS Support, and they told me, that is a false possitive from Avast. But i want to be 100% sure about that. Because if this is not a false possitive, i will ask for a refund.

What could it be?
« Last Edit: January 29, 2009, 10:30:01 PM by cazoza »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87298
  • No support PMs thanks
Re: ¿False Positive in SuperAntispyware v4.25.1012?
« Reply #4 on: January 29, 2009, 11:00:52 PM »
I'm confused you are saying this is an FP of avast on SAS Pro, I have SAS Pro (see my signature) and I have no such alerts.

How do you know this is a detection on SAS Pro ?
There is nothing in your log that specifically indicates SAS.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

cazoza

  • Guest
Re: ¿False Positive in SuperAntispyware v4.25.1012?
« Reply #5 on: January 30, 2009, 05:15:57 AM »
No, im saying Avast has a false positive, as detecting SAS components as virus. As in my log.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87298
  • No support PMs thanks
Re: ¿False Positive in SuperAntispyware v4.25.1012?
« Reply #6 on: January 30, 2009, 02:58:09 PM »
But as I said your log doesn't say who the memory detections are associated or belong to and that is why I asked how you made that determination ?

Where does it say this belongs to SAS:
Quote
Sign of "Win32:Delf-HWF [trj]" has been found in "*PROCESS\6ac\10060000\800000" file. 

If they were truly SAS Pro modules/processes loaded in memory that were being detected then I would have the same detections since I too have SAS Pro and I don't have any detections for memory modules/processes.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

micky77

  • Guest
Re: ¿False Positive in SuperAntispyware v4.25.1012?
« Reply #7 on: January 30, 2009, 04:11:20 PM »
I have installed SuperAntispyware Professional, on my machine, and when i run memory test of avast, it detects three virus, but is after i have istalled super antispyware, and when i use malwarebytes, and avast, and outpost scans, my system is free of infections, what could it be? Maybe a false possitive?

I attached the log of avast, i will be waiting for answers. Thanks.

When you say you scan with outpost,what is that an AV or antispyware, what realtime protection do you have running.

cazoza

  • Guest
Re: ¿False Positive in SuperAntispyware v4.25.1012?
« Reply #8 on: January 30, 2009, 07:15:35 PM »
Well, i have recognized one infection, that appeared with SAS Pro, Win32:Autorun-OKA; since i installed SAS, i have that infection. All others dissapeared. And, Outpost, has a built in anti spyware/malware/virus, scanner. And I have Avast Pro resident protection enabled, and SAS PRO real time protection. And none of these can detect the autorun infection. I think, is a false positive from Avast identifying SAS Autorun as a virus process, when windows boots.

Avast just notifies, that was a memory process infected. But after a full scan of HDD, there is no infected archive. And I dont know what to do, as my system is clean. If i could have boot scan, that would be great! I have Win Vista 64 bits, and a quad core, with virtualization built in. And I would like to have boot up scan for 64 bits systems, in avast next release. because is annoying not to have that scan.

I just made that conclusion, because before buying SAS Pro, my system was clean, and after installing SAS and enabling SAS Autorun, everytime windows starts, that process is infected. But there is no infected files on my machine. So i think, is the SAS Process detected as a virus. So is an Avast Pro False Positive. But i need your guidance, to be sure.
« Last Edit: January 30, 2009, 07:22:07 PM by cazoza »

Spiritsongs

  • Guest
Re: ¿False Positive in SuperAntispyware v4.25.1012?
« Reply #9 on: January 30, 2009, 08:12:36 PM »
 :)  Hi :

 SUPERAntiSpyware is a credible, trustworthy program . Since the "subject" is
 "autorun", I recommend a "2nd Opinion" by running the FREE "Flash
 Disinfector" with Info about this program at
 http://experi3nc3.wordpress.com/2007/05/10/flash-disinfector-by-subs .

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87298
  • No support PMs thanks
Re: ¿False Positive in SuperAntispyware v4.25.1012?
« Reply #10 on: January 30, 2009, 08:58:25 PM »
I too use Agnitum Outpost Firewall Pro, the 2009 version, now when you install that it detects avast and normally suggests you disable the Outpost anti-spyware module and I would recommend that course of action.

The Outpost (OP) anti-spyware is very noisy, in that it opens many files and that fact alone causes avast to also intercept that and scan the file before handing over to OP. This can extent boot-times and since avast has anti-spyware built in I would suggest the OP anti-spyware module is unnecessary, especially since you now have SAS.

You may well notice an improvement in boot times and system performance.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

cazoza

  • Guest
Re: ¿False Positive in SuperAntispyware v4.25.1012?
« Reply #11 on: January 31, 2009, 05:16:06 AM »
Well, I have disabled the Outpost Pro 2009 malware/spyware protection, and Now, only have Avast Pro and SAS Pro protecting my pc. I have tried the Flash Disinfector, but in 64 bits OS, is not functioning, I tried to ran it in compatibility mode and with administrator privileges, but nothing happens. Can anyone, help me for another second opinion? Also I have tried Malwarebytes, but it says, no infections found.

Here is an extract of my log of Avast

30/01/2009   10:15:31 p.m.   1233375331   Luis   4608   Sign of "Win32:AutoRun-AKO [Wrm]" has been found in "*PROCESS\acc\4d10000\990000" file. 

Since SAS installation, it appears everytime, but i have no idea, why is this happening. But, maybe is a false positive. Can anyone tell me another tool for scanning my pc? Thanks in advice.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87298
  • No support PMs thanks
Re: ¿False Positive in SuperAntispyware v4.25.1012?
« Reply #12 on: January 31, 2009, 03:32:37 PM »
The problem here is the process is continually changing *PROCESS\6ac\ in the first batch and now *PROCESS\acc\, now this doesn't resemble any process I'm used to seeing in the Task Manager PID column, see image, though I have no idea if this is different in the 64bit OS.

Well you could try this tool MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

For some info on this check this link, Win32:AutoRun-Ako, look in the More Information tab and check if any of this files or the registry entry are on your system.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

cazoza

  • Guest
Re: ¿False Positive in SuperAntispyware v4.25.1012?
« Reply #13 on: February 01, 2009, 03:54:16 AM »
I have tried Malwarebytes, and my system is clean, also i searched for the info you supplied me, and nothing. What could it be? I have attached my malwarebytes log.

ANd my latest Avast memory scan results.

31/01/2009   09:05:21 p.m.   1233457521   Luis   2036   Sign of "Win32:AutoRun-AKO [Wrm]" has been found in "*PROCESS\aa4\4c30000\657000" file. 
31/01/2009   09:05:22 p.m.   1233457522   Luis   2036   Sign of "Win32:Dialer-DW [trj]" has been found in "*PROCESS\aa4\5296000\32a000" file. 
31/01/2009   09:05:25 p.m.   1233457525   Luis   2036   Sign of "Win32:Agent-ZRP [trj]" has been found in "*PROCESS\aa4\e9e0000\20000" file. 
31/01/2009   09:05:25 p.m.   1233457525   Luis   2036   Sign of "Win32:Tiny-IF [trj]" has been found in "*PROCESS\aa4\f260000\387000" file. 
31/01/2009   09:05:26 p.m.   1233457526   Luis   2036   Sign of "Win32:Femad-R [trj]" has been found in "*PROCESS\aa4\f8e1000\e9000" file. 

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87298
  • No support PMs thanks
Re: ¿False Positive in SuperAntispyware v4.25.1012?
« Reply #14 on: February 01, 2009, 04:12:41 AM »
Whilst I don't know if it will make any difference, but I would suggest a Full scan not Quick/Examen Rápido. If you didn't run it from safe mode that too is more efficient.

Unfortunately, with a 64bit OS you aren't able to do a boot-time scan as when avast detects malware in memory it normally suggest a boot-time scan. So the next best thing would be to boot into safe mode (avast doesn't start), use the desktop icon to start avast and run a scan from safe mode.

Other than this I really don't know what else to suggest.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security