Superantispyware threats?

hi all.

my scheduled scan took almost two hours last nite (it usually only takes about 35 minutes)and reported it had found a bunch of threats:

Process4052(superantispyware.exe),memory block0x0000000008E2000 Threat:Win32:Rimecud-B(worm)
" " " Win32:Autorun-AZ(worm)
" " " Win32:Kobcka-M(Trj)
" " " Win32:Zlob-RF(Trj)
" " " Win32:Tiny-IF(Trj)
" " " Win32:FakeAlerT-ZF(Trj)

all of these were “high” severity, but i wasn’t able to apply an action (the “apply” button was greyed out).

i ran another full scan this morning, with no threats found, taking the normal amount of time to run.

comments?

(i’d have posted an image of the results, but couldn’t seem to…)

thanks!

Most likely decrypted virus signatures in superantispyware’s memory are detected.
I’d suggest not to use the memory scan, or ignore those results.

A lot of people will disagree with me on this one but my advice would be to uninstall SuperAntiSpyware and just use AIS and MBAM.

I used SuperAntiSpyware for a while and did not like the way it behaved.

Which has nothing to do with the actual topic and is entirely the users choice.

If the User is happy with how it behaves, what’s the problem; if they weren’t happy with the way it behaves I guess they wouldn’t still have it installed. Nothing to stop them having both SAS and MBAM installed provided they aren’t both resident.

thanks for all the advice, folks. it’s great to have a place where one can have questions answered so quickly! i like superantispyware, i was just concerned when i saw all those threats… :-*

Welcome to forums moosedry :slight_smile:

Actually it is relevant as SAS has given a certain set of results one night then a different set of results the next morning. Like Igor said, ‘Most likely decrypted virus signatures in superantispyware’s memory’. I did say ‘alot of people will disagree with me.’ It’s only my opinion, take it or leave it. Has anyone had this problem with AIS or MBAM??? MMmm!

Sorry it is totally irrelevant as this is avast detecting SAS signatures in memory.

Nothing to do with SAS behaviour, but the user doing a custom scan and electing to scan memory - Something which Igor/Vlk says is a waste of time as if it is in memory it is already too late. and guess what MBAM and a number of other security applications also put unencrypted signatures in memory. You really need to check out the viruses and worms forum to see this is correct.

Scanning memory is always too late…
Why does the manufacturer load unencrypted signatures? To force the conflict? To bash another product (with the false positive)?
I’m not saying MBAM or SAS are doing that… It will be FUD. But, after all, why is this happening?
Are they losing the “battle” for the resident antivirus programs? ???

Effectively they aren’t false positives, since the user has elected to scan memory looking for virus signatures (a pointless exercise as has been stated), so you shouldn’t be too surprised when it finds some and that can’t be considered a false positive. It has done as you asked and found some.

I can also remember the same thing being reported with avast signatures in memory, so we aren’t whiter than white, it is all about electing to scan memory.

As to why is it happening, we all know that running programs from memory is faster than running them from the hard disk and that is no different to security applications loading and using signatures from memory.

Everyone is looking for an edge in having their programs scan more quickly, if they were encrypted in memory some of that edge would be lost as they would have to be decrypted and that would possibly be done in memory too (quicker). So we are still in a catch 22 situation, as memory management is done by windows and having run a scan those signatures are likely to still be in memory for a while. If you happen to run a memory scan during that period they could be detected.