Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SUPERAntiSpyware - Scanning Prefences Question


  • Please log in to reply
6 replies to this topic

#1 Katrex

Katrex

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 22 December 2009 - 03:41 PM

Hi everyone.

Quite a bit over the forum when I see helpers having people run SAS, they 90-100% of the time have the following (or something similar):

Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.


When I got the program, it came with a few other options checked by default, such as:

Scan Alternate Data Streams
Use Kernal Direct File Access (recommended)
Use Kernal Direct Registry Access (recommended)
Use Direct Disc Access (recommended)

Is there any particular reason it is recommended to uncheck these? Does it improve scanning time, detection rates, or.. well, anything of the sort? I've left them checked myself, but their actual purpose or the reason they are not advised to be checked has been nagging me.

BC AdBot (Login to Remove)

 


#2 RedDawn

RedDawn

  • Members
  • 454 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:10 PM

Posted 22 December 2009 - 06:30 PM

Hi Katrex,

I'm not sure where you came across that quote, but under normal circumstances, the default settings are the optimum settings for SAS. If you have changed them and cannot remember which ones were checked, simply open SAS, click Preferences and on the General and Startup tab, click Reset Program Options.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 AM

Posted 22 December 2009 - 06:38 PM

Those are the recommended settings in the Bleeping Computer canned speech prepared by quietman7.

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#4 RedDawn

RedDawn

  • Members
  • 454 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:10 PM

Posted 23 December 2009 - 07:56 AM

Thanks Budapest.

I may very well be wrong, but I'm not sure if Quietman7 is implying those settings be applied for the normal/everyday running of SAS. Hopefully he may see this thread and be able to offer some clarification.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:10 PM

Posted 23 December 2009 - 12:05 PM

Scanning Control options allow you to customize the way SUPERAntiSpyware scans your computer as well as manage Allowed Items and Excluded Folders.

The instructions for scan settings are those we provide to folks asking for help with infected systems and not general scanning. The 3 settings which are recommend for using Direct Access (checked by default) are there to help find malware which attempts to hide itself from the operating system or the scanning engine. However, if enabled, these options can cause the scan to stall, hang or result in a BSOD. Unchecking them helps to ensure that does not occur. The setting for Resolve Links/Shortcuts during scan using the MSI API can also cause locks ups or hangs during the scan on some systems so its best to uncheck it.

Closing all browsers before scanning is recommended because leave it open can result in the inability to remove files that may be in use or the installation of additional malware. When disinfecting a system, we also want to scan all files not just known file types to ensure "trace" malicious files with other extensions are found and removed. Same reason applies for unchecking ignore System Restore/Volume Info, large and non-executable files. Malware can hide anywhere so why limit the search. The main drawback for doing this is that the scan will take longer to complete. SUPERAntispyware includes a help file in its program folder which you can refer to for more information about each scanning option.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 RedDawn

RedDawn

  • Members
  • 454 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:10 PM

Posted 23 December 2009 - 05:54 PM

Thanks for the explanation Quietman, much appreciated.


EDIT: Wording

Edited by RedDawn, 23 December 2009 - 05:55 PM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:10 PM

Posted 24 December 2009 - 09:42 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users