Author Topic: Superantispyware scan conflict with avast  (Read 8271 times)

0 Members and 1 Guest are viewing this topic.

Offline angelina_h

  • Newbie
  • *
  • Posts: 9
Superantispyware scan conflict with avast
« on: March 25, 2012, 07:45:55 PM »
Hi i have superantispyware free and avast free on my pc and never had a problem with using both of them but today a scan came up from sas that it detected a trojan.agent/gen-autorun[swisyn] in the file c: \windows\temp\_avast_\unp1925...tmp would this be a false positive?

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 30440
  • malware fighter
Re: Superantispyware scan conflict with avast
« Reply #1 on: March 25, 2012, 07:52:22 PM »
Hi angelina_h,

Thanks for reporting. Most probably a SAS FP. Report here: http://www.superantispyware.com/support.html?
As it is a temporal file  and emptied after avast scanning is done, this may not be an issue.

polonus
« Last Edit: March 25, 2012, 08:00:41 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 80054
  • No support PMs thanks
Re: Superantispyware scan conflict with avast
« Reply #2 on: March 25, 2012, 08:04:25 PM »
Well since SAS free isn't a resident scanner, how/when did it detect this file ?

The c:\windows\temp\_avast_ folder is where avast sends/unpacks files that it is going to scan and the unp9999999.tmp is the file format used for these temporary files. On successful completion of the scan the contents of this folder should be empty, with exception of the webshlock.txt file.

That is why this detection on an avast created temp file is strange it shouldn't be there ordinarily, so there appears to be something interfering with avast removing these after a scan.

The most likely cause is another resident security application hooking this file to also scan it, which blocks the avast scan and its clearance of the folder. Again this is strange as SAS free isn't resident, though it does have a service running, SAS Core Service "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" this is used for context scans not resident on-access scans.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 18.4.2338/ Outpost Firewall Pro9.3/ Firefox 52.8.1 ESR, uBlock Origin, uMatrix/ MailWasher Pro7.8.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline GA

  • Newbie
  • *
  • Posts: 2
Re: Superantispyware scan conflict with avast
« Reply #3 on: May 13, 2012, 01:08:19 PM »
Hi
I use Avast Pro 7.

I also have Super-anti spyware on my computer.

When I do a complete avast scan it finds the following trojans when it scans superantispyware.exe

Win32:Agent-HZV (trojan)
Win32:Prorat-AB (trojan)
Win32:Small-GR (trojan)
I am also unable to remove or put them in the chest or do anything with them

I already asked Superantispyare about this. Their  response:
"I do not know what Avast is detecting, obviously if they are detecting part of SUPERAntiSpyware as a threat it is a false positive. SUPERAntiSpyware is designed to run with anti-virus programs like Avast and you shouldn't have any issues running both in real-time. You shouldn't run two anti-virus products together but an anti-virus and an anti-malware are fine.

Regards,

Customer Service Representative
SUPERAntiSpyware"

Please note I don't have the real time protection turned on for the SAS as they suggest as I have read and heard that can cause trouble.

so I was wondering are they false positives or is there a more serious problem with my computer?
Hopefully I can get this problem figured out.



Here's the response from Avast when I submitted a ticket.

"We don´t recommend to use two or more security programs at the same time. It can cause many problems and the operating system may become unstable. Also the results of virus scan can be affected"

So Avast does not recommend the the use of SAS.
« Last Edit: May 13, 2012, 01:10:15 PM by GA »

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34555
Re: Superantispyware scan conflict with avast
« Reply #4 on: May 13, 2012, 01:17:13 PM »
where was the file detected found..... exact location ?

was this a custom scan?
have you selected "scan memory" ?
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 80054
  • No support PMs thanks
Re: Superantispyware scan conflict with avast
« Reply #5 on: May 13, 2012, 01:22:22 PM »
@ GA
I rather think that you are doing a custom scan and have elected to scan memory and not the pre-defined Full System Scan and this is the root of your problem ?

Since you don't give any more more information on the detection, e.g. the remainder of the information contained in the detection, but I suspect that will be prefixed with Process and memory block (indicating the process which loaded the data in that memory block). Since they aren't physical files they can't be moved to the chest, deleted, etc. so there is no action that can be taken, hence the Apply button being greyed out.

Having set off a scan of memory by an antivirus application looking for virus signatures, don't be too surprised if it finds some in memory.

Avast isn't alerting on superantispyware, but its unencrypted signatures it loads into memory. So don't be too surprised when you set loose a scan, which is looking for virus signatures that it alerts when they are found. I have


So support isn't fully aware of what you have done and why there is an alert (custom scan, and scanning memory). I have had SuperAntiSpyware for years almost as long as I have had avast (just over 8 years) and in that time I haven't had any conflict.



Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 18.4.2338/ Outpost Firewall Pro9.3/ Firefox 52.8.1 ESR, uBlock Origin, uMatrix/ MailWasher Pro7.8.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline GA

  • Newbie
  • *
  • Posts: 2
Re: Superantispyware scan conflict with avast
« Reply #6 on: May 13, 2012, 01:50:10 PM »
It was a custom scan. I'm not sure where the location was or how to find it. I'm not an expert by any means.  I had memory selected. So that was most likely the  the problem?

Process 2700(superantispyware.exe),m     Is what it said in the scan logs.

So I don't need to scan memory?  The alertsare really nothing to worry about then?

Thanks for the responses they are greatly appreciated.

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34555
Re: Superantispyware scan conflict with avast
« Reply #7 on: May 13, 2012, 01:57:34 PM »
unless you have some special need...or know something the avast guys dont......use the default quick/full scan with default settings

what you are detecting is superantispyware signatures loaded in memory
« Last Edit: May 13, 2012, 02:01:53 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 80054
  • No support PMs thanks
Re: Superantispyware scan conflict with avast
« Reply #8 on: May 13, 2012, 03:15:45 PM »
It was a custom scan. I'm not sure where the location was or how to find it. I'm not an expert by any means.  I had memory selected. So that was most likely the  the problem?

Process 2700(superantispyware.exe),m     Is what it said in the scan logs.

Yes that was the reason for A) the alert and B) the inability to do anything with it (not a physical file, but a memory location).

So I don't need to scan memory?  The alertsare really nothing to worry about then?

Thanks for the responses they are greatly appreciated.

In this instance they are nothing to worry about, though the main point is do you even need the custom scan, you haven't said why you chose to do that and what areas ?

I would say the custom scan isn't really required and is complicated further in that when you select scan memory in a custom scan, it is the most thorough sensitivity memory scan.

####
- With a resident on-access antivirus like avast, the need for frequent on-demand scans is much depreciated. For the most part the on-demand scan is going to be scanning files that would be otherwise be dormant or inert. If they were active files then the on-access file system shield would be scanning them before being created, modified, opened or executed.

I have avast set to do a scheduled weekly Quick scan, set at a time and day that I know the computer will be on. If for some reason my system wasn't on, no big deal I will catch up on the next scheduled scan.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 18.4.2338/ Outpost Firewall Pro9.3/ Firefox 52.8.1 ESR, uBlock Origin, uMatrix/ MailWasher Pro7.8.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security