jbobReach Out and Touch Someone Premium Member join:2004-04-26 Little Rock, AR ·Comcast XFINITY Asus GT-AX6000 Asus RT-AC66U B1
1 edit |
jbob
Premium Member
2006-Mar-16 12:01 pm
SUPERAntiSpyware softwareAnyone seen or tried this yet? There are free and paid versions. » www.superantispyware.com/This guy started promoting his product on some USENET groups (alt.privacy.spyware)recently. He posts using the name Nick Skrepetos and claims to be the developer. It's not on the Spyware Warrior Rogue list although there is one listed as Super Spyware Remover. |
|
|
dadkinsCan you do Blu? MVM join:2003-09-26 Hercules, CA |
We need a new AS nowadays! If this is really going to remove *ALL* spyware, I'll give it a go! Getting sick of this BS of removing detections because the spyware makers bitch about it, know what I mean? Thanks jbob! |
|
GadgetsRmeRIP lilhurricane and CJ Premium Member join:2002-01-30 Canon City, CO |
to jbob
I can't speak for that particular piece of software but if you look over the links from Google on Nick he seems legit. » www.google.com/search?q= ··· .mozilla |
|
jbobReach Out and Touch Someone Premium Member join:2004-04-26 Little Rock, AR |
jbob
Premium Member
2006-Mar-16 12:36 pm
So far on those USENET groups I have seen him post no one has yet to say anything negative except some do have issues with what appears to be his hijacking threads by promoting his product. I'm reserving judgement. |
|
John2gQui Tacet Consentit Premium Member join:2001-08-10 England |
John2g to jbob
Premium Member
2006-Mar-16 12:45 pm
to jbob
The big problem for newcomers is the lack of a database and the forever trying to catch up. 2 that I know of have partially overcome this problem by decoding anothers database and using that as a starting point. |
|
SkipdawgThe Original
join:2001-04-19 Mount Vernon, WA |
to jbob
I'll jump in and get my feet wet and test it out. |
|
dadkinsCan you do Blu? MVM join:2003-09-26 Hercules, CA |
to jbob
A couple of hiccups with the installer, kept popping up with the Modify installation box... needs to restart after installation. |
|
|
SUPERAntiSpyware to John2g
Anon
2006-Mar-16 1:28 pm
to John2g
Hello, Nick Skrepetos from SUPERAntiSpyware.com here. I understand and respect your concerns regarding the database issue. Our database has been in development for several years - all done in house. We have hundreds of thousands of file samples and system diagnostics that are acquired through our FileResearchCenter.com and SuperAdBlocker.com products and services. Users submit diagnostic reports and files which we analyze for threat characteristics. This is in addition of course to the general scouring of the web for threats by our research team.
We go to great lengths to make ensure the integrity and reliability of our defintions and rules. Our database is updated on a daily basis.
We do realize that no single product can catch everything all the time - we do our best to stay in line with zero-day variants as well as clean up traces, etc.
I am happy to answer any technical or non-technical questions anyone may have. |
|
John2gQui Tacet Consentit Premium Member join:2001-08-10 England |
John2g
Premium Member
2006-Mar-16 1:31 pm
I wish you the best of luck. |
|
dadkinsCan you do Blu? MVM join:2003-09-26 Hercules, CA |
to jbob
Uhhh... Hmmm... Clues anyone? |
|
jbobReach Out and Touch Someone Premium Member join:2004-04-26 Little Rock, AR |
jbob
Premium Member
2006-Mar-16 1:42 pm
Well looks like the developer is on board now so let's see if he chimes in. Maybe he'll register. |
|
aquias0 join:2005-09-05 Niagara Falls, NY |
to dadkins
This is all I can find on the vfilt registry entry. » www.pestpatrol.com/spywa ··· 53094380 |
|
BuddelIf it ain't broke, don't fix it. Premium Member join:2004-03-06 EU
1 recommendation |
to jbob
False Postives? Would be my guess.:o |
|
|
to jbob
If the quality etc of any previous products in general are anything to go by - PanicWares PopUpStopper which i've been using very effectively for several years, which he was connected with, is first rate !
Yes i know the difference between a PopUpStopper + AntiSpyware lol.
Spanner |
|
dadkinsCan you do Blu? MVM join:2003-09-26 Hercules, CA 1 edit
1 recommendation |
to aquias0
#1 | #2 |
Thanks, but I have found references to ATI, Outpost, and even BIOS... Me thinks it is still needing work. » www.outpostfirewall.com/ ··· p?t=6906I'm not going to kill my firewall by removing these, sorry. Scan times aren't stellar either... 15 minutes on Quick Scan for a 7.3GB drive. Maybe at a later time, after it gets some more refinement. Thanks anyways! David BTW, Thanks for the extra desktop Icons too! |
|
jbobReach Out and Touch Someone Premium Member join:2004-04-26 Little Rock, AR ·Comcast XFINITY Asus GT-AX6000 Asus RT-AC66U B1
1 recommendation |
jbob
Premium Member
2006-Mar-16 1:55 pm
Yep looks like VFILT is the firewall filter driver for Outpost. Pestpatrol however does show vfilt as a possible nasty. David are you still running Pestpatrol or maybe the new version?
As far as scan time how does it compare to MSAS? From my experiece MSAS wasn't so speedy either. Not sure about the newer version (Defender) though. |
|
dadkinsCan you do Blu? MVM join:2003-09-26 Hercules, CA 3 edits |
Windows Defender is about 3:05 on a Quick Scan. No PestPatrol on this laptop. EDIT: VERY clean uninstall of SUPERAntiSpyware! Tuneup 1Click found *nothing* left over! |
|
1 recommendation |
SUPERAntiSpyware to dadkins
Anon
2006-Mar-16 2:17 pm
to dadkins
I am sorry you are offended by the "extra icons". We simply want to let people know about our other products. No one needs to purhase anything to use SUPERAntiSpyware.
We find the VFILT kernel driver installed from FreeSerials.com and WarezEnergy.com (do not go there as they install literally dozens of harmful applications).
We have suspended the VFILT rule for now, so if you check for rules updates, it won't be detected. We are further investigating the issue as we do see it installed on clean bases with only the spyware/malware installed.
I appreciate you taking the time to report this - as you can see, we turn these items around quickly with updates.
As far as the scanning time - I would think that users would rather have a product detect and remove the harmful items than simply "scan fast" and miss 50% of the items. The size of the drive should not really be a factor, it is the number of files, and registry items that play the biggest factor.
I welcome any suggestions, ideas and issues with our product.
Regards,
Nick Skrepetos SUPERAntiSpyware.com
P.S. I will be happy to register and participate. |
|
|
to dadkins
Hi Nick...
Ive always been hesitant to install software that makes changes to my system.. such as AV/spyware removal, etc. I was just curious, have you benchmarked your software against some of the highly rated spyware removal softwares such as Adaware, Spybot and what not. If so, do you have any results you can post?
I've always been the type to let everyone else jump first and see if they make it.
- Paul |
|
dadkinsCan you do Blu? MVM join:2003-09-26 Hercules, CA
1 recommendation |
to SUPERAntiSpyware
Thanks Nick! Personally, I'm not worried about anything being on these laptops, as I scan with more scanners weekly than most even know about. It's a weird hobby. Cookies are irrelavent, and I always research what is found(if anything) by *ANY* scanner - no matter who mfgrs it! I look forward to the progress of this tool and will keep it archived for future installation. Ask anyone, it's nothing against your product, but I really don't "need" another scanner at this time. Thank you! David |
|
|
to Default_Uzer
Paul,
We have tested our software against dozens of other products such as AdAware, SpyBot, SpySweeper, Spyware Doctor, etc.
What we find is that we get items that they miss, and sometimes they get items we miss. The spyware game is a tough one - prioritizing on what to focus on. We focus on getting the tough rootkit and most harmful applications first, then work on the traces as a second priority. Meaning that if the harmful files are no longer running or on your system, damage can't be done - leaving a few registry keys or cookies won't "harm" your system.
Of course we try and clean up the systems completely, but we focus on getting rid of the most harmful items and not just "go for numbers" as far as detections go.
We also have a complete "repair" system that allows you to reset most of the items altered by spyware such as home page changes, search page changes, broken LSP chains, etc. so that you can get a system "back to normal" quickly.
Nick Skrepetos SUPERAntiSpyware.com |
|
David Premium Member join:2002-05-30 Granite City, IL |
David
Premium Member
2006-Mar-16 7:04 pm
Well welcome to the Security forum! Stick around for a while. We tend to grow on people... |
|
muf9Captain of the axe Premium Member join:2003-01-04 uk 2 edits |
muf9 to jbob
Premium Member
2006-Mar-16 7:51 pm
to jbob
Well SuperAdBlocker is very well respected. Take a look around the net and you'll see it praised to high heaven. I've trialled it and was very impressed(tested it at » www.popuptest.com - only SuperAdBlocker and Ad Muncher passed all tests). Why i said this? Regarding this being a possible rogue. This SuperAntiSpyware comes from a well respected company. Anyway, here's my question/s. SuperAdBlocker includes SuperAntiSpyware built in. Is this the same application or is this dedicated version more advanced. And what are the differences. So if a user considers purchasing SuperAntiSpyware, why not just purchase SuperAdBlocker and get SuperAntiSpyware thrown in as well? muf |
|
1 recommendation |
Thank you for the compliments on our product. The SUPERAntiSpyware that is built into Super Ad Blocker is kind of an "in-between" version of the Free Edition and Professional. SUPERAntiSpyware Professional has the Repairs system that the Super Ad Blocker version does not, and features finer control over the scanning options. The Professional also has the abiltity to trust/allow applications, perform custom scans, and exclude folders from scanning. We also have more advanced control for detection and removal of rootkit style infections in the stand alone versions. Our primary reason for having the Free Edition and Professional versions is that many users already have different forms of ad blockers, and it didn't quite make sense for them to be downloading and ad-blocker to remove spyware. The core rules sets are shared between the FileResearchCenter, Super Ad Blocker and SUPERAntiSpyware, so they all will detect the same infections. Users of this group may also be interested in our free FileResearchCenter.com (» www.fileresearchcenter.com) which shows processes running, both good and bad. It's a handy way to see if a computer has a blatent infection. I am always happy to answer any questions regarding our products, or any technical issues regarding spyware, adware, etc. Nick Skrepetos SUPERAntiSpyware.com » www.superantispyware.com |
|
norwegian Premium Member join:2005-02-15 Outback |
to jbob
Here's my logs, and the MCHINJDRV entries according to this link » forums.spybot.info/showt ··· hp?t=774 could be a false posative, unless there is a 020 entry, so i ran the tool and came back with this entry O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll but the strange thing is during scanning of files, i had what i considered simple files of another program get KAV alarm me 3 times to Trojan-Dropper.Win32.Agent.aks » www.viruslist.com/en/sea ··· gent.aksHow do you interpretate all this. Mostly either false posatives or a mess, or what ? FP maybe ? Trojan.Mad Code Hook Injector HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#Capabilities HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000\LogConf Adware.Elite Media HKU\S-1-5-21-1229272821-861567501-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\elitemediagroup.net Adware.IST/YourSiteBar HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoursitebar.com HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoursitebar.com HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoursitebar.com HKU\S-1-5-21-1229272821-861567501-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoursitebar.com HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yoursitebar.com HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com HKU\S-1-5-21-1229272821-861567501-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com |
|
|
to jbob
Hi Nor,
About the MCHINJDRV + Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
MCHINJDRV is code licenced and used by several vendors, perfectly ligit.
The ZoneMap\Domains entries are where the bad www's are located to be blocked, as in the HOSTS etc, so no worries.
Spanner |
|
norwegian Premium Member join:2005-02-15 Outback 2 edits |
to jbob
The scanners .exe started - superantispyware.exe then calcs.exe started with this commandline entry
"C:\windows\system32\calcs.exe" "C:\system restore volume information" /e /r everyone
Went to a cmd prompt, and run the calcs /? and got an error on not a batchfile etc as if it doesn't exist ?
EDIT: noticed it also ran with
"c:\windows\system32\calcs.exe" "c:\system volume information" /e /g everyone
first, before the cmd line mentioned above
Sorry for not giving all the info properly. Too late to be testing |
|
John2gQui Tacet Consentit Premium Member join:2001-08-10 England |
to SpannerITWks
said by SpannerITWks:The ZoneMap\Domains entries are where the bad www's are located to be blocked, as in the HOSTS etc, so no worries. Spanner And the ones in your Trusted Zone! |
|
Nanaki (banned)aka novaflare. pull punches? Na join:2002-01-24 Akron, OH |
to SUPERAntiSpy
said by SUPERAntiSpy:Thank you for the compliments on our product. The SUPERAntiSpyware that is built into Super Ad Blocker is kind of an "in-between" version of the Free Edition and Professional. SUPERAntiSpyware Professional has the Repairs system that the Super Ad Blocker version does not, and features finer control over the scanning options. The Professional also has the abiltity to trust/allow applications, perform custom scans, and exclude folders from scanning. We also have more advanced control for detection and removal of rootkit style infections in the stand alone versions. Our primary reason for having the Free Edition and Professional versions is that many users already have different forms of ad blockers, and it didn't quite make sense for them to be downloading and ad-blocker to remove spyware. The core rules sets are shared between the FileResearchCenter, Super Ad Blocker and SUPERAntiSpyware, so they all will detect the same infections. Users of this group may also be interested in our free FileResearchCenter.com (» www.fileresearchcenter.com) which shows processes running, both good and bad. It's a handy way to see if a computer has a blatent infection. I am always happy to answer any questions regarding our products, or any technical issues regarding spyware, adware, etc. Nick Skrepetos SUPERAntiSpyware.com » www.superantispyware.com Great site (fileresearchcenter) Very very handy. |
|
|
to norwegian
The SASWINLO.DLL is our WinLogon processor that scans your startup entries and removes in-use files and registry keys before Explorer has a chance to load. The MCHINJDRV is a "Notify/Warning" (not removed by default) as it is legit on some systems, but also we see it installed purely on a spyware only installation. It appears the spyware vendors are licensing it also - so we simply notify of its existence. The Zone Domains should only be detected if they are in your "TRUSTED" zones and not blocked zones. We have a new release coming out next week (auto-update) that will resolve any FP's with those. Thank you for taking the time to post your log. Nick Skrepetos SUPERAntiSpyware.com » www.superantispyware.com |
|