Jump to content

SuperAntispyware faked odd numerical entry in "Image Name" Windows on task manager


arkhaan
 Share

Recommended Posts

I have an odd MS-DOS "entry" in place of SuperAntispyware's usual .exe it is a series of numbers and letters all lettering is lowercase this series of number/lettering is followed by .com. I have noticed other file and folder names as this have appeared in my C:\ root directory. as well as D:\root which is an additional partition(extended from the same drive). SuperAntispyware appears in my lower right screen in the taskbar area but does not open nor can I access the commands to update nor scan right click context for this task icon does not register. this is likely a fakeware disguiesed as Superantispyware and the site is fake, it did not have the https, only www.superantispyware.com I only noticed this when I did a second google sreach and it was purpled out meaning I had been there. also this time there was another site labeled $ that was referred to as https//superantispyware.com but google headed the title "$" very odd. MBAM detected nothing.

I have in addition to farbar results uploaded a screenshot of the offending .com file in the SAS directory for any aid's quick reference before beginning.

FRST.txt

Addition.txt

SASentry.PNG

Link to post
Share on other sites

  • Root Admin

Sorry for the delay.

Upload the file to www.virustotal.com and let them scan it to see what it is. We can do some local scans but a flat file just sitting in a folder probably would not be detected. I'm not seeing in the logs that any file like that is being asked to load.

Give that a try and let me know what they find. Aside from that observation are you having any signs of an infection?

 

 

Link to post
Share on other sites

On 11/2/2016 at 0:56 AM, arkhaan said:

 

SASentry.PNG

I am trying to get rid of the above screenshot in the reply but am unable.

sorry.

for the result of that scan,

The detection ratio on www.virustotal.com is 0/57 they list it is probably harmless.  I would also send an analysis screenshot of that but it seems to bog up the replies with my screenshots.

Link to post
Share on other sites

  • Root Admin

At this point if it's got a 0/57 then I would not worry about it. On a side note though SuperAntispyware is a pretty old program now days. Not sure how much additional protection it's adding but maybe some.

Is there anything else I can assist you with then? If you like we can run some other scans to check if there is any type of malware related threats on the comptuer, just let me know.

Thank you

Ron

 

Link to post
Share on other sites

the thing that concerned me the most was when Superantispyware was launched the first time after I installed it it was in the taskbar but would not open. it did not go to the website as it always did before and it did not indicate anything was enabled the first time nor could I do a manual scan. upon rebooting I could launch the utility but no indication of any protection. I didn't try a manual scan as I was worried it was not even SuperAntispyware software at all. right now, it is showing green(real-time is enabled) but this happened only the day after I rebooted a second time in the morning after doing this software's installation. after two reboots it worked but not until then.  though I don't use the features, autoupdate and auto schedule were turned on when I installed but did not indicate they were on it was "red" but settings were on.

Link to post
Share on other sites

I will likely remove SAS I would still feel safer with this PC if we do some other scans to be sure it is not loading malware/virues and then when it is safe, I will gladly remove SAS from my computer.

much appreciated!

Link to post
Share on other sites

  • Root Admin

Not saying you have to remove SAS, just that (IMHO) it has not been the same since they sold the company many years ago. Up to you.

 

 

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

JRT and Adaware cleaner came up pretty clean JRT had a few deletions. I uploaded those logs regardless even though they are clean. Sophos installed fine but did not execute upon hitting finish, I noticed that  after finishing the install of Sohpos my hard disk ran for 5 minutes nearly constantly. when it stopped spinning(I heard clearly via the noise and the indicator light) I ran the Sophos scan manually with its installed executable.   I did not include a log entry for it, it came up clean and did not indicate it had needed to make one so I assume that means it is okay too. FRST and Additon Farbar scan results below also.

JRT.txt

AdwCleaner[S0].txt

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Root Admin

Yes, things look pretty good overall. Might want to check on your Windows Search as it crashed for some reason but overall nothing bad going on there.

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot


Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.


 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

 

Link to post
Share on other sites

ran delfix

I checked windows search a few times and it didn't seem to crash, I did disable the indexing feature via each hard disk manually but the service is still enabled.

Java doesn't seem to be on my computer or the browsers(unless windows hides it well)

I will make a hard copy of all the information so I can read it away from the computer screen more closely

thanks for the reassurance though I will probably remove SAS from my PC as MS-DOS files are not a proper way to run a program in Windows.

 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.