SASW Portable [Wow]

[Tim Clark]

This post is in reply to the one made by robin about superantispware's new
portable scanner, [which is not showing in the webview]

WOW,

I was very disappointed that SASW Portable found 1,347 threats on my system !
EVEN more so since the installed version found None !!,
EVEN MORE so since no program in my arsenal finds Anything !!!
EVEN MORE SO since none of the files that it claimed were infected even
exist on my system !!!!

An no folks, I don't even mean cookies

Seems like ScareWare to me :/

Assuming SASW has not gone rouge , they have a lot of work to do.

:-/
Tim

 

[1PW]

This post is in reply to the one made by robin about superantispware's new
portable scanner, [which is not showing in the webview]

WOW,

I was very disappointed that SASW Portable found 1,347 threats on my system !
EVEN more so since the installed version found None !!,
EVEN MORE so since no program in my arsenal finds Anything !!!
EVEN MORE SO since none of the files that it claimed were infected even
exist on my system !!!!

An no folks, I don't even mean cookies

Seems like ScareWare to me :/

Assuming SASW has not gone rouge , they have a lot of work to do.

:-/
Tim

Hello Tim:

I'm not seeing where SUPERAntiSpyware.com calls it specifically SASW
in their legitimate portable current version. If you could reply with
an obfuscated URL from the exact download location, it might be worthy
of further investigation.

I reported months ago on an early beta version and I was disappointed
to find that if the portable version found an installed SAS, and it
would run the installed version instead. This leads to a theory that
the portable version could surrender control to a possible rogue.

I did download a current legitimate portable version and it found no
problems on a test system of mine.

Another possible scenario to consider is a legitimate but corrupted
download. I would be happy to compare MD5 or SHA-1 hashes with you if
desired.

Please reply.

 

[Tim Clark]

1PW Replied to my post using NNTP at 9:45 PM CST but as it has not shown up
here in the webview I repost it here and reply below, Tim

Hello Tim:

I'm not seeing where SUPERAntiSpyware.com calls it specifically SASW in
their legitimate portable current version. If you could reply with an
obfuscated URL from the exact download location, it might be worthy of
further investigation.

I reported months ago on an early beta version and I was disappointed to
find that if the portable version found an installed SAS, and it would
run the installed version instead. This leads to a theory that the
portable version could surrender control to a possible rogue.

I did download a current legitimate portable version and it found no
problems on a test system of mine.

Another possible scenario to consider is a legitimate but corrupted
download. I would be happy to compare MD5 or SHA-1 hashes with you if
desired.

Please reply.

1PW

SASW is merely my standard abbreviation for superantispyware, it is nowhere
seen/shown in the product I downloaded, sorry if that caused a confusion.

The URL that I used to get to the download link is the one that Robin
provided in her post, which I am not inclined to repeat at the moment as it
would show up in the webview.

I assume the actual download link at the time [yesterday] was something like
this one which I took note of when starting a download just now [I did not
allow the download to last any longer than was needed to capture the link]


http://updates9.superantispyware.com/downloads/temp/SAS_1743.COM

The name of the file I downloaded was SAS_96620.COM [which will not work if
inserted in the url right now]
The md5 is 8f4cc4a4a6cb53bdcff26b386d993273 but i don't know how much good
that will do you as I'm sure you can't download the same file now as I did
yesterday.

:-/
Tim

 

[1PW]

1PW Replied to my post using NNTP at 9:45 PM CST but as it has not shown up
here in the webview I repost it here and reply below, Tim



1PW

SASW is merely my standard abbreviation for superantispyware, it is nowhere
seen/shown in the product I downloaded, sorry if that caused a confusion.

OK. That's clear now.

The URL that I used to get to the download link is the one that Robin
provided in her post, which I am not inclined to repeat at the moment as it
would show up in the webview.

OK. I suppose it's just as well if the virus definitions in that
individual download became corrupted in some manner.

I assume the actual download link at the time [yesterday] was something like
this one which I took note of when starting a download just now [I did not
allow the download to last any longer than was needed to capture the link]

I'm sure it's reasonable to assume that the portable scanner's
download changes with each data base update.

http://updates9.superantispyware.com/downloads/temp/SAS_1743.COM

The name of the file I downloaded was SAS_96620.COM [which will not work if
inserted in the url right now]
The md5 is 8f4cc4a4a6cb53bdcff26b386d993273 but i don't know how much good
that will do you as I'm sure you can't download the same file now as I did
yesterday.

:-/
Tim

At this point Tim, the only suggestion I have is to download the most
recent version of the portable scanner again and retry. I for one
would be very interested in the outcome.

Thank you.

 

[Tim Clark]

P1 has replied using NNTP at 9:15am CST today, I have pasted his response
below, followed by my Reply:

1PW

SASW is merely my standard abbreviation for superantispyware, it is nowhere seen/shown in the product I downloaded, sorry if that caused a confusion.

OK. That's clear now.

The URL that I used to get to the download link is the one that Robin provided in her post, which I am not inclined to repeat at the moment as it would show up in the webview.

OK. I suppose it's just as well if the virus definitions in that
individual download became corrupted in some manner.

I assume the actual download link at the time [yesterday] was something like this one which I took note of when starting a download just now [I did not allow the download to last any longer than was needed to capture the link]

I'm sure it's reasonable to assume that the portable scanner's download
changes with each data base update.

http://updates9.superantispyware.com/downloads/temp/SAS_1743.COM

The name of the file I downloaded was SAS_96620.COM [which will not work if inserted in the url right now]
The md5 is 8f4cc4a4a6cb53bdcff26b386d993273 but i don't know how much good that will do you as I'm sure you can't download the same file now as I did yesterday.

At this point Tim, the only suggestion I have is to download the most recent
version of the portable scanner again and retry. I for one would be very
interested in the outcome.

Thank you.

--
1PW



Yes 1PW that is my intent,
I will do so tomorrow at work where I have high speed access, it's a big
download on a modem. I intend to download a few times and compare the md5
checksums of all of them. I noted on my second download on Friday that the
two files Did Not Match but I attributed that to the possibility that the
second download might have a later database then the first .

I also intend to run the file I have now on a couple of other machines to
see if I get similar results. Maybe I accidentally got a "special" file that
was intended for "special" purposes. :-/

The folks at SASW could have made this a lot easier if they at included the
md5 checksum for the file on the download page or at least given the database
version and time the file was last updated. Better yet, they should have
digitally signed the file [I'm not sure you can digitally sign a .com, if not
then they should have made it a .exe

I will report back, and thanks for you attention,

:-/
Tim

 

[1PW]

Hello Tim:

I apologize for my suggestion to use comparative hash calculations
such as MD5 or SHA-1. SAS employs a self protection scheme for the
portable scanner downloads that randomizes the filename and therefore
calculates a different hash even though the executable & database may
be unchanged.

This was not researched very well on my part. However - my suggestion
to download again and retest remains.

Best wishes to you,

 

[Tim Clark]

1PW replied using NNTP 11:35am CST and I repost here, with my reply afterward:

Hello Tim:

I apologize for my suggestion to use comparative hash calculations such as
MD5 or SHA-1. SAS employs a self protection scheme for the portable scanner
downloads that randomizes the filename and therefore calculates a different
hash even though the executable & database may be unchanged.

This was not researched very well on my part. However - my suggestion to
download again and retest remains.

Best wishes to you,

1PW


Yes, 1PW
I found that out.
I download several copies of the tool within a half hour, they all had
different MD5 checksums.

BUT,
NOW, the plot thickens.
The latest version found 110 cookies on my work machine [which I will accept
as valid] and 2 what I know to be false positives, I can deal with that.
SASW Portable does not seem to like my home machine.
I tried it again with the latest version download as of 6:30pm CST USA
Again, 1348 things found.
Again, No other program is finding anything, including the installed version
of SASW [which is told not to look for cookies]
I find it unlikely that no other program is finding anything and that I
truly have 1348 things wrong on my computer.

So, the question becomes, why a mess of FP on the home machine, but not the
work machines, they are very similar.
Another odd thing, it says the 1348 things are Files,
but it showed them BEFORE it began the file scan,
and AGAIN, the files I took the time to check DON'T EVEN EXIST on my system.

Now, I'm willing to admit that it is unlikely this is malicious if no one
else is having this problem,
But, it is a glitch, and a Serious one. Nothing should trigger1348 FP's on
a system, even if half of them could be cookies, it's just too much. So what
could be triggering it.

And yes, I have scanned the system with EVERYTHING in my arsenal.
It's clean.

I really can't recommend this product till I find out what is wrong, because
if it can happen to me, it can happen to someone else.

Ideas ?

:-/
Tim

 

[Ǝиçεl]

Hi Tim,

SASW ? First time I hear SASW. Maybe is a rouge

Give this a try and see how many threats/cookies detect................

SUPERAntiSpyware just put up a Online Safe Scan at
<http://www.superantispyware.com/onlinescan.html>
if you cannot install and/or run the current SUPERAntiSpyware (SAS) product
due to an infection.
-=-

 

[Tim Clark]

engel,

I guess you did not read the whole thread,

SASW is just my abbreviation for superantispyware :-/

Tim

 

[Ǝиçεl]

Why the *W*

engel,

I guess you did not read the whole thread,

SASW is just my abbreviation for superantispyware :-/

Tim

 

[Tim Clark]

Why Not?

It's just an abbreviation I use, I always have, never really thought about it.

Tim

 

[1PW]

Why Not?

It's just an abbreviation I use, I always have, never really thought about it.

Tim

Hello Tim:

I believe your experiences would be of interest to SAS.

That many FPs with different data bases is worthy of pursuit.

You may wish to begin a thread on their forum within false positives:

<http://forums.superantispyware.com/index.php?/forum/32-false-positives/>

 

[Tim Clark]

Well, I found the culprit,

Anyone want to guess what it was ?

It was superantispyware itself, the installed version :O !!!

I was trying to figure out what the differences were between the 2 work
machines and the one at the one at home.

One of the few differences is that the machines at work Don't have
superantispyware .

Then I remembered what 1PW had said about something that was a problem he
reported earlier,
So, I uninstalled the superantispyware on the home machine and ran the
portable version again, changing no settings.

Guess what, all it found was a few cookies :O

Now granted, the version I had installed at home was not the latest version,
but still, for superantispyware portable to freak because of the presence of
another version of superantispyware is just inexcusable, I mean it's their
own product for Pete's sake.

If I decide to reinstall superantispyware with the latest version I will
report back if it is still a problem, but for the moment I may just not even
bother.

Much thanks to 1PW for pointing me to the idea that superantispyware itself
could be the problem.

:-/
Tim

 

[1PW]

Well, I found the culprit,

Anyone want to guess what it was ?

It was superantispyware itself, the installed version :O !!!

I was trying to figure out what the differences were between the 2 work
machines and the one at the one at home.

One of the few differences is that the machines at work Don't have
superantispyware .

Then I remembered what 1PW had said about something that was a problem he
reported earlier,

So, I uninstalled the superantispyware on the home machine and ran the
portable version again, changing no settings.

Guess what, all it found was a few cookies :O

Now granted, the version I had installed at home was not the latest version,
but still, for superantispyware portable to freak because of the presence of
another version of superantispyware is just inexcusable, I mean it's their
own product for Pete's sake.

If I decide to reinstall superantispyware with the latest version I will
report back if it is still a problem, but for the moment I may just not even
bother.

Much thanks to 1PW for pointing me to the idea that superantispyware itself
could be the problem.

:-/
Tim

Hello Tim:

Imagine the unrestrained joy a computer tech would have
troubleshooting an unfamiliar system with SAS already installed. I'm
sure one of the conclusions drawn from over a thousand FP's might be
to level and rebuild.

Before anyone else might misunderstand, I believe SAS *is* a fine
product and I will continue to recommend it, and MBAM for antimalware
as well as Avira AntiVir Personal for antivirus help.

If you haven't already done so Tim, I would carefully document your
scenario in the SAS forum for the benefit of others.

Good troubleshooting job Tim. Congratulations on a good outcome.