Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

When malware isn't malware


  • Please log in to reply
6 replies to this topic

#1 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 03 April 2009 - 11:54 AM

Recently I had a situation with Super Anti Spyware which I have resolved. I don't need any help but I thought that it was odd and someone else might benefit from what happened. About a month ago, Super Anti Spyware detected a temp file called Virus Remover as malware. I deleted it but it returned on subsequent scans. There was also an attack that disabled Norton which I reinstalled. Malware Bytes picked it up and it was deleted. So this Virus Remover kept returning and continued to be detected by SAS. I thought there was something fishy going on and it wasn't affecting my computer. So i contacted SAS because I didn't think it was a real virus. They had me scan in safe mode. I did that and nothing was detected but when I scanned with SAS the next morning in regular mode, it detected the same temp file. I was asked to use an SAS diagnostic tool on their website. They told me that SAS is detecting a virus but it's not harmful because it is a jpg file as opposed to an exe file. It seems I'm picking it up from a website I go to regularly. They said SAS will continue to detect it but I can just ignore it. They said they might do something on their end to correct the problem. I'm not concerned because CCleaner cleans out my temp files each time I boot up but it sure is odd. Sometimes malware isn't really malware.

BC AdBot (Login to Remove)

 


#2 JamesFrance

JamesFrance

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France/Spain
  • Local time:07:10 PM

Posted 03 April 2009 - 12:51 PM

Hi Frank,

From your topic title I thought you were going to post this:

http://www.youtube.com/watch?v=3lmQlyUITTA...et=1238780153.2
James

#3 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:11:10 AM

Posted 03 April 2009 - 01:07 PM

Please, in the future, refrain from posting links to videos outside of the forum intended for them. While it may be relevant, we try to keep the vast majority of the forums dialup friendly. Thank you for your understanding.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#4 burn1337

burn1337

  • Banned
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 AM

Posted 05 April 2009 - 01:30 PM

frank - Malware, if it is malware, is malware... Even with cookies, a script kiddie, could steal information from, or infect your computer with something worse... Once you have one back door, many back doors is inevitable.

#5 frankp316

frankp316
  • Topic Starter

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 05 April 2009 - 07:04 PM

That's not what they say. They say because it's a jpg file, it won't do anything. So it's a kind of false positive. It's been over a month now so if it was going to do something, it would have done it already. And it's not like I went to some random guy. I went to SAS and they interpreted the diagnostic. Cookies are harmless and that's kind of what this is. It's just not being interpreted that way.

#6 burn1337

burn1337

  • Banned
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:10 AM

Posted 05 April 2009 - 07:13 PM

frank - It is good you went to SAS, but coming from a hackers point of view... It isn't hard to use cookies to get information about the person, or about the computer... Spying on a persons network is easy... Intercepting a persons network traffic is easy... Although it might be a jpg, even still if the program in question is a polymorphic, it wouldn't matter what the file is it will still have effects... Though I will say you could have gotten lucky and this in particular one is not of high harm... But that doesn't mean it doesn't come with security risks...
What my point was, is that if you know a website is causing spyware alerts, in my personal opinion, I would suggest either blocking the content that is causing the alerts, or stop going to the website.... Or at the very least, take precaution when going to the site...

#7 frankp316

frankp316
  • Topic Starter

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 06 April 2009 - 05:58 AM

I already do that. CCleaner cleans out tracking cookies and temp files automatically each time I boot up. So whatever it is is getting deleted anyway so it's not hanging around long enough to do anything. It's a temp file, not an exe in the registry. I know the difference. The SAS interpretation is it's a false positive and not harmful and they're the experts.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users