dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
14608

jbob
Reach Out and Touch Someone
Premium Member
join:2004-04-26
Little Rock, AR
·Comcast XFINITY
Asus GT-AX6000
Asus RT-AC66U B1

1 edit

jbob

Premium Member

SUPERAntiSpyware software

Anyone seen or tried this yet? There are free and paid versions.
»www.superantispyware.com/

This guy started promoting his product on some USENET groups (alt.privacy.spyware)recently. He posts using the name Nick Skrepetos and claims to be the developer. It's not on the Spyware Warrior Rogue list although there is one listed as Super Spyware Remover.

dadkins
Can you do Blu?
MVM
join:2003-09-26
Hercules, CA

dadkins

MVM

We need a new AS nowadays! If this is really going to remove *ALL* spyware, I'll give it a go!
Getting sick of this BS of removing detections because the spyware makers bitch about it, know what I mean?

Thanks jbob!

GadgetsRme
RIP lilhurricane and CJ
Premium Member
join:2002-01-30
Canon City, CO

GadgetsRme to jbob

Premium Member

to jbob
I can't speak for that particular piece of software but if you look over the links from Google on Nick he seems legit.
»www.google.com/search?q= ··· .mozilla

jbob
Reach Out and Touch Someone
Premium Member
join:2004-04-26
Little Rock, AR

jbob

Premium Member

So far on those USENET groups I have seen him post no one has yet to say anything negative except some do have issues with what appears to be his hijacking threads by promoting his product. I'm reserving judgement.

John2g
Qui Tacet Consentit
Premium Member
join:2001-08-10
England

John2g to jbob

Premium Member

to jbob
The big problem for newcomers is the lack of a database and the forever trying to catch up. 2 that I know of have partially overcome this problem by decoding anothers database and using that as a starting point.

Skipdawg
The Original

join:2001-04-19
Mount Vernon, WA

Skipdawg to jbob

to jbob
I'll jump in and get my feet wet and test it out.

dadkins
Can you do Blu?
MVM
join:2003-09-26
Hercules, CA

dadkins to jbob

MVM

to jbob
A couple of hiccups with the installer, kept popping up with the Modify installation box... needs to restart after installation.

SUPERAntiSpyware to John2g

Anon

to John2g
Hello, Nick Skrepetos from SUPERAntiSpyware.com here. I understand and respect your concerns regarding the database issue. Our database has been in development for several years - all done in house. We have hundreds of thousands of file samples and system diagnostics that are acquired through our FileResearchCenter.com and SuperAdBlocker.com products and services. Users submit diagnostic reports and files which we analyze for threat characteristics. This is in addition of course to the general scouring of the web for threats by our research team.

We go to great lengths to make ensure the integrity and reliability of our defintions and rules. Our database is updated on a daily basis.

We do realize that no single product can catch everything all the time - we do our best to stay in line with zero-day variants as well as clean up traces, etc.

I am happy to answer any technical or non-technical questions anyone may have.

John2g
Qui Tacet Consentit
Premium Member
join:2001-08-10
England

John2g

Premium Member

I wish you the best of luck.

dadkins
Can you do Blu?
MVM
join:2003-09-26
Hercules, CA

dadkins to jbob

MVM

to jbob
Click for full size
Uhhh... Hmmm... Clues anyone?

jbob
Reach Out and Touch Someone
Premium Member
join:2004-04-26
Little Rock, AR

jbob

Premium Member

Well looks like the developer is on board now so let's see if he chimes in. Maybe he'll register.
aquias0
join:2005-09-05
Niagara Falls, NY

aquias0 to dadkins

Member

to dadkins
This is all I can find on the vfilt registry entry.

»www.pestpatrol.com/spywa ··· 53094380

Buddel
If it ain't broke, don't fix it.
Premium Member
join:2004-03-06
EU

1 recommendation

Buddel to jbob

Premium Member

to jbob
False Postives? Would be my guess.:o

SpannerITWks
Premium Member
join:2005-04-22

SpannerITWks to jbob

Premium Member

to jbob
If the quality etc of any previous products in general are anything to go by - PanicWares PopUpStopper which i've been using very effectively for several years, which he was connected with, is first rate !

Yes i know the difference between a PopUpStopper + AntiSpyware lol.

Spanner

dadkins
Can you do Blu?
MVM
join:2003-09-26
Hercules, CA

1 edit

1 recommendation

dadkins to aquias0

MVM

to aquias0

#1

#2
Thanks, but I have found references to ATI, Outpost, and even BIOS... Me thinks it is still needing work.

»www.outpostfirewall.com/ ··· p?t=6906

I'm not going to kill my firewall by removing these, sorry.

Scan times aren't stellar either... 15 minutes on Quick Scan for a 7.3GB drive.
Maybe at a later time, after it gets some more refinement.

Thanks anyways!
David

BTW, Thanks for the extra desktop Icons too!

jbob
Reach Out and Touch Someone
Premium Member
join:2004-04-26
Little Rock, AR
·Comcast XFINITY
Asus GT-AX6000
Asus RT-AC66U B1

1 recommendation

jbob

Premium Member

Yep looks like VFILT is the firewall filter driver for Outpost. Pestpatrol however does show vfilt as a possible nasty. David are you still running Pestpatrol or maybe the new version?

As far as scan time how does it compare to MSAS? From my experiece MSAS wasn't so speedy either. Not sure about the newer version (Defender) though.

dadkins
Can you do Blu?
MVM
join:2003-09-26
Hercules, CA

3 edits

dadkins

MVM

Windows Defender is about 3:05 on a Quick Scan.
No PestPatrol on this laptop.

EDIT: VERY clean uninstall of SUPERAntiSpyware! Tuneup 1Click found *nothing* left over!

1 recommendation

SUPERAntiSpyware to dadkins

Anon

to dadkins
I am sorry you are offended by the "extra icons". We simply want to let people know about our other products. No one needs to purhase anything to use SUPERAntiSpyware.

We find the VFILT kernel driver installed from FreeSerials.com and WarezEnergy.com (do not go there as they install literally dozens of harmful applications).

We have suspended the VFILT rule for now, so if you check for rules updates, it won't be detected. We are further investigating the issue as we do see it installed on clean bases with only the spyware/malware installed.

I appreciate you taking the time to report this - as you can see, we turn these items around quickly with updates.

As far as the scanning time - I would think that users would rather have a product detect and remove the harmful items than simply "scan fast" and miss 50% of the items. The size of the drive should not really be a factor, it is the number of files, and registry items that play the biggest factor.

I welcome any suggestions, ideas and issues with our product.

Regards,

Nick Skrepetos
SUPERAntiSpyware.com

P.S. I will be happy to register and participate.

Default_Uzer
join:2006-02-13
Springville, NY

Default_Uzer to dadkins

Member

to dadkins
Hi Nick...

Ive always been hesitant to install software that makes changes to my system.. such as AV/spyware removal, etc. I was just curious, have you benchmarked your software against some of the highly rated spyware removal softwares such as Adaware, Spybot and what not. If so, do you have any results you can post?

I've always been the type to let everyone else jump first and see if they make it.

- Paul

dadkins
Can you do Blu?
MVM
join:2003-09-26
Hercules, CA

1 recommendation

dadkins to SUPERAntiSpyware

MVM

to SUPERAntiSpyware
Thanks Nick!

Personally, I'm not worried about anything being on these laptops, as I scan with more scanners weekly than most even know about. It's a weird hobby.
Cookies are irrelavent, and I always research what is found(if anything) by *ANY* scanner - no matter who mfgrs it!

I look forward to the progress of this tool and will keep it archived for future installation.
Ask anyone, it's nothing against your product, but I really don't "need" another scanner at this time.

Thank you!
David
SUPERAntiSpy
Premium Member
join:2006-03-16
Eugene, OR

SUPERAntiSpy to Default_Uzer

Premium Member

to Default_Uzer
Paul,

We have tested our software against dozens of other products such as AdAware, SpyBot, SpySweeper, Spyware Doctor, etc.

What we find is that we get items that they miss, and sometimes they get items we miss. The spyware game is a tough one - prioritizing on what to focus on. We focus on getting the tough rootkit and most harmful applications first, then work on the traces as a second priority. Meaning that if the harmful files are no longer running or on your system, damage can't be done - leaving a few registry keys or cookies won't "harm" your system.

Of course we try and clean up the systems completely, but we focus on getting rid of the most harmful items and not just "go for numbers" as far as detections go.

We also have a complete "repair" system that allows you to reset most of the items altered by spyware such as home page changes, search page changes, broken LSP chains, etc. so that you can get a system "back to normal" quickly.

Nick Skrepetos
SUPERAntiSpyware.com

David
Premium Member
join:2002-05-30
Granite City, IL

David

Premium Member

Well welcome to the Security forum! Stick around for a while. We tend to grow on people...

muf9
Captain of the axe
Premium Member
join:2003-01-04
uk

2 edits

muf9 to jbob

Premium Member

to jbob
Well SuperAdBlocker is very well respected. Take a look around the net and you'll see it praised to high heaven. I've trialled it and was very impressed(tested it at »www.popuptest.com - only SuperAdBlocker and Ad Muncher passed all tests).

Why i said this? Regarding this being a possible rogue. This SuperAntiSpyware comes from a well respected company.

Anyway, here's my question/s. SuperAdBlocker includes SuperAntiSpyware built in. Is this the same application or is this dedicated version more advanced. And what are the differences. So if a user considers purchasing SuperAntiSpyware, why not just purchase SuperAdBlocker and get SuperAntiSpyware thrown in as well?

muf
SUPERAntiSpy
Premium Member
join:2006-03-16
Eugene, OR

1 recommendation

SUPERAntiSpy

Premium Member

Thank you for the compliments on our product. The SUPERAntiSpyware that is built into Super Ad Blocker is kind of an "in-between" version of the Free Edition and Professional.

SUPERAntiSpyware Professional has the Repairs system that the Super Ad Blocker version does not, and features finer control over the scanning options. The Professional also has the abiltity to trust/allow applications, perform custom scans, and exclude folders from scanning. We also have more advanced control for detection and removal of rootkit style infections in the stand alone versions.

Our primary reason for having the Free Edition and Professional versions is that many users already have different forms of ad blockers, and it didn't quite make sense for them to be downloading and ad-blocker to remove spyware. The core rules sets are shared between the FileResearchCenter, Super Ad Blocker and SUPERAntiSpyware, so they all will detect the same infections.

Users of this group may also be interested in our free FileResearchCenter.com (»www.fileresearchcenter.com) which shows processes running, both good and bad. It's a handy way to see if a computer has a blatent infection.

I am always happy to answer any questions regarding our products, or any technical issues regarding spyware, adware, etc.

Nick Skrepetos
SUPERAntiSpyware.com
»www.superantispyware.com

norwegian
Premium Member
join:2005-02-15
Outback

norwegian to jbob

Premium Member

to jbob
Here's my logs, and the MCHINJDRV entries according to this link »forums.spybot.info/showt ··· hp?t=774 could be a false posative, unless there is a 020 entry, so i ran the tool and came back with this entry

O20 - Winlogon Notify: SASWinLogon - C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll

but the strange thing is during scanning of files, i had what i considered simple files of another program get KAV alarm me 3 times to Trojan-Dropper.Win32.Agent.aks
»www.viruslist.com/en/sea ··· gent.aks

How do you interpretate all this. Mostly either false posatives or a mess, or what ? FP maybe ?

Trojan.Mad Code Hook Injector HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#Capabilities HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000\LogConf

Adware.Elite Media
HKU\S-1-5-21-1229272821-861567501-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\elitemediagroup.net
Adware.IST/YourSiteBar
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoursitebar.com
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoursitebar.com
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoursitebar.com
HKU\S-1-5-21-1229272821-861567501-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoursitebar.com
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoursitebar.com
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com
HKU\S-1-5-21-1229272821-861567501-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com

SpannerITWks
Premium Member
join:2005-04-22

SpannerITWks to jbob

Premium Member

to jbob
Hi Nor,

About the MCHINJDRV + Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

MCHINJDRV is code licenced and used by several vendors, perfectly ligit.

The ZoneMap\Domains entries are where the bad www's are located to be blocked, as in the HOSTS etc, so no worries.

Spanner

norwegian
Premium Member
join:2005-02-15
Outback

2 edits

norwegian to jbob

Premium Member

to jbob
The scanners .exe started - superantispyware.exe then calcs.exe started with this commandline entry

"C:\windows\system32\calcs.exe" "C:\system restore volume information" /e /r everyone

Went to a cmd prompt, and run the calcs /? and got an error on not a batchfile etc as if it doesn't exist ?

EDIT: noticed it also ran with

"c:\windows\system32\calcs.exe" "c:\system volume information" /e /g everyone

first, before the cmd line mentioned above

Sorry for not giving all the info properly. Too late to be testing

John2g
Qui Tacet Consentit
Premium Member
join:2001-08-10
England

John2g to SpannerITWks

Premium Member

to SpannerITWks
said by SpannerITWks:

The ZoneMap\Domains entries are where the bad www's are located to be blocked, as in the HOSTS etc, so no worries.

Spanner
And the ones in your Trusted Zone!
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned) to SUPERAntiSpy

Member

to SUPERAntiSpy
said by SUPERAntiSpy:

Thank you for the compliments on our product. The SUPERAntiSpyware that is built into Super Ad Blocker is kind of an "in-between" version of the Free Edition and Professional.

SUPERAntiSpyware Professional has the Repairs system that the Super Ad Blocker version does not, and features finer control over the scanning options. The Professional also has the abiltity to trust/allow applications, perform custom scans, and exclude folders from scanning. We also have more advanced control for detection and removal of rootkit style infections in the stand alone versions.

Our primary reason for having the Free Edition and Professional versions is that many users already have different forms of ad blockers, and it didn't quite make sense for them to be downloading and ad-blocker to remove spyware. The core rules sets are shared between the FileResearchCenter, Super Ad Blocker and SUPERAntiSpyware, so they all will detect the same infections.

Users of this group may also be interested in our free FileResearchCenter.com (»www.fileresearchcenter.com) which shows processes running, both good and bad. It's a handy way to see if a computer has a blatent infection.

I am always happy to answer any questions regarding our products, or any technical issues regarding spyware, adware, etc.

Nick Skrepetos
SUPERAntiSpyware.com
»www.superantispyware.com
Great site (fileresearchcenter) Very very handy.
SUPERAntiSpy
Premium Member
join:2006-03-16
Eugene, OR

SUPERAntiSpy to norwegian

Premium Member

to norwegian
The SASWINLO.DLL is our WinLogon processor that scans your startup entries and removes in-use files and registry keys before Explorer has a chance to load.

The MCHINJDRV is a "Notify/Warning" (not removed by default) as it is legit on some systems, but also we see it installed purely on a spyware only installation. It appears the spyware vendors are licensing it also - so we simply notify of its existence.

The Zone Domains should only be detected if they are in your "TRUSTED" zones and not blocked zones. We have a new release coming out next week (auto-update) that will resolve any FP's with those.

Thank you for taking the time to post your log.

Nick Skrepetos
SUPERAntiSpyware.com
»www.superantispyware.com