Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Rogue MSE 2010?


  • Please log in to reply
5 replies to this topic

#1 damientalrose

damientalrose

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 27 August 2010 - 05:31 PM

Recently while I was at work I got a couple of viruses. I handled them as I often do by looking around on the net for answers (and wound up on this site). This leads me to what is presently wrong. I use 3 different pieces of software regularly and 2 others from time to time. SUPERantispyware (to be called SAS for the rest of this post), AVG, and Spybot (Search & Destroy) are my main malware combatants. I use Malwarebyte's Anti Malware and (recently) combofix when necessary. Today, I decided to play it safe and run a scan with SAS (which is usually a fantastic program), and found something incredibly disturbing. It found over 1700 instances of "Rogue.SecurityEssential2010" in my computer. This is odd as I haven't been anywhere I don't normally peruse on the Internet and I have AVG running weekly scheduled scans. So I checked some of the files it said were attached to this, and many of them are files related to other programs (like Skype). Thinking that SAS had gone bonkers I decided to run an AVG and Malwarebyte scan to see if they could pick this up. Malwarebyte's found but one file not even related to this, and after it cleaned that up, AVG has found nothing so far (I'm typing this up as AVG scans). I checked the "Spyware Removal" tab and found the info on the fake Microsoft Security Essentials removal, and ran HijackThis v2.0.4 to see if either of the symptomatic files were listed. They weren't.

My question: Is SAS broken? And if not, what's really going on? I know I'll likely have to post up some info, so I'll try to stay by my computer to keep checking on this. Thanks for whatever help y'all give me :thumbsup:

And for reference, I'm running Windows 7 Home Premium.

BC AdBot (Login to Remove)

 


#2 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:09:56 PM

Posted 27 August 2010 - 11:29 PM

Hey,
Ah, ... It could be a number of things. First of all, I've never seen the tab of SAS called "Spyware Removal". That may simply be since I haven't looked for it. Another question. have you searched any of the current trends in the news, big events, selebrities? I ask you this because according to research by antivirus firms, it has been determined that malware writers, especially the distributors of rogue security software, love using those kind of searches to redirect you to fake sites so that their nasty will install automatically on you. I'm guessing that's what's happening to you. I find it odd however, that files related to other programs are coming up as a rogue. The real program is called Microsoft Security Essentials, not security Essentials 2010. Check the files in the log again, and then see if you overlooked anything.

Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#3 damientalrose

damientalrose
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 28 August 2010 - 02:32 PM

I don't check up on any news or anything else that's not from one of three or four major sites (msn, yahoo weather, etc.). But no matter how it happened, it happened. SAS has a button that allows for running a scan of one's computer and then that button leads to a screen where you'd pick how thorough the search would be. Oh wait... you mean what I was referring to. I was talking about this site. Up at the top there are several tabs, one of them being 'Spyware Removal'. As for checking, I overlooked nothing. No other program is seeing these files as rogue or faulty. I think the most likely culprit is SAS, though I don't know why nor how since none of the other programs I use to counter that stuff encountered anything. Then again, nothing is certain, especially since it happened. I think my best bet will be reinstalling SAS. But I wanted to post here first to see if anyone else had encountered such a thing.

Thanks for the feedback.

#4 bluesjunior

bluesjunior

  • Members
  • 761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 AM

Posted 28 August 2010 - 03:00 PM

SAS has just come out with a new version today, so maybe you should use a program like Revo Uninstaller on maximum to uninstall your present version of SAS then reboot and install the latest version and see what it finds.
Motherboard: Gigabyte GA-MA770T-UD3, CPU: AMD Athlon II X3 450 Processor, Memory: OCZ 4GB (2x2GB) DDR3 1333MHz,Graphics: PowerColor HD 5750 1GB GDDR5,
PSU: Corsair 430W CX PSU 4x SATA 1x PCI-E, Hard Drive:Samsung SpinPoint F3 500GB Hard Drive SATAII 7200rpm 16MB Cache.

#5 damientalrose

damientalrose
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 29 August 2010 - 02:05 AM

Well, after a full uninstall of SAS and the subsequent reinstall (and update), I ran SAS again. This time it didn't go crazy and start naming just about everything rogue (I dub it the McCarthy Faux Pas). Thanks for the help :thumbsup:

#6 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:09:56 PM

Posted 05 September 2010 - 01:42 AM

In the future, I'd recommend avoiding Revo, since it nowadays has a tendency to corrupt files that belong to programs installation configurations. It has done it to me on more than one occasion including when trying to uninstall the following software:
MSSQL server Express 2008, Cain and abel 2.89, Zone Alarm free 9, and EPrompter 2.0. I used to recommend Revo to lots of folks, but unfortunately due to these situations, it's lost my recommendation.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users