TechSpot

New SAS updated format....hmmm a red flag?

By steveow
Aug 8, 2011
  1. 1st....my PC has updated Windows Pro, SAS, Spywareblaster, Avira, Malwarebytes, TFC, Comodo w/Sandbox. Thanks Bobbye! Fort Knox is holding up well, thank you!

    Last night I did the usual SAS update and it has a new look, which is not the problem.......I think????
    some history...... Now about 3 weeks ago I added a legetimate website that has been started that gives us surfers another avenue to check out the local waves, weather, tides etc. for our local beaches (Solespot.com). I see names on there I know via their Facebook page, so that's why I believe it's full on legit.
    So that night I ran my frequent SAS scan and it found Solespot spyware which I removed. I went to the site once more ASAP and sure enough the SAS scan found more spyware. I removed Solespot from favorites and then I deleted all browsing history, ran SAS and then TFC. All's been clean since.

    Fast forward to last night when I did my usual SAS update:
    I ran SAS, "but walked away for 10 minutes" and then found Solespot on the scan again. 3 wks later? Odd! Now today when I ran SAS it only took 25 seconds verses 5+ minutes with the non-updated SAS. I ran quick scan again to make sure and it finished in 25 seconds again. 25 seconds for all 3 sections?!! It also says,"Last update 4 days ago." How can that be when I updated last night and ended up with this new look?
    This doesn't seem right unless they've updated their speed in scanning capabilities.
    Or could this be a virus or something? My update last night was directly from the SAS program on my desk top if you're wondering.

    Thanks!!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,895   +344

  3. steveow

    steveow TS Rookie Topic Starter Posts: 67

    Will do. Thanks
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    What 'spyware'?
    What location?


    Paste the excerpt from the SAS entry here and let me have a look.

    You might want to run Malwarebytes to have something to compare SAS to. Then run a scan with the Eset Online Virus. Leave the logs so I can see what's going on.
    ====================================
    [​IMG]
    Malwarebytes' Anti-Malware
    • Please download Malwarebytes' Anti-Malware from from HERE
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      [o] Update Malwarebytes' Anti-Malware
      [o] and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick scan, then click Scan.
      * When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach this log with your reply
      [o] If you accidentally close it, the log file is saved here and will be named like this:
      [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    ========================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ========================================
    Regarding Solespot.com: You might want to have a look here: http://whois.domaintools.com/solespot.com
    Basically, this is a hosting site. The owner also has 94 other domains

    While I'm thinking about it, please remove TFC. We pulled from our steps due to a glitch that was removing programs it shouldn't have and they were unrecoverable. I have not heard anything about the problem being resolved.
     
  5. steveow

    steveow TS Rookie Topic Starter Posts: 67

    spelled it wrong Solspot.com is correct spelling. ok heading to eset and getting nec scans
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    That makes a difference. But I can't tell anything until I see what SAS if finding and if Eset has entries.
     
  7. steveow

    steveow TS Rookie Topic Starter Posts: 67

    OK, Bobbye,
    deleted TFC.

    ESET found nothing at all.
    Since January...50+ Malwarebyte scans with zero infections.
    I will paste the SAS scan from last month and the current one with the Solspot tracking infection. Also notice the scan times. Faster is better if it's working right.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/07/2011 at 11:03 AM

    Application Version : 4.55.1000

    Core Rules Database Version : 7373
    Trace Rules Database Version: 5185

    Scan type : Quick Scan
    Total Scan Time : 00:08:55

    Memory items scanned : 407
    Memory threats detected : 0
    Registry items scanned : 1476
    Registry threats detected : 0
    File items scanned : 4225
    File threats detected : 1

    Adware.Tracking Cookie
    C:\Documents and Settings\steve r warner\Cookies\steve_r_warner@ads.solspot[1].txt

    **********************
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 08/06/2011 at 05:55 PM

    Application Version : 5.0.1108

    Core Rules Database Version : 6203
    Trace Rules Database Version: 4015

    Scan type : Quick Scan
    Total Scan Time : 00:00:49

    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 418
    Memory threats detected : 0
    Registry items scanned : 30711
    Registry threats detected : 0
    File items scanned : 3528
    File threats detected : 1

    Adware.Tracking Cookie
    C:\Documents and Settings\steve r warner\Cookies\steve_r_warner@ads.solspot[2].txt
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    That's just an adware Tracking Cookie. Do the following:
    Reset Cookies

    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List

    For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)

    You will have to allow the first party Cookie for the site itself, but the reset should block the junk.

    If you use Firefox, the 2 addons with prevent them. If you still get ad Cookies from the site:

    Go to Internet Options> Security tab> Restricted sites> Sites> tye in the following:
    *.ads.solspot.com
    *.solspot.net

    After each> click on Block. Then Apply> OK.

    There is no problem here. It isn't spyware, or virus/Trojan. Be sure to delete the 3 cookies you have- SAS an do that..

    Not to worry but let me know if have have any questions.
     
  9. steveow

    steveow TS Rookie Topic Starter Posts: 67

    The resetting of cookies was already set as per your instructions. Since it's just an adware tracking cookie then I guess all is well. Now I know.

    Thanks Bobbye!
    stevo
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    If you use Firefox, put the 2 addons in. They will block the banners, ads, Tracking, etc.

    I may have given this to you last time, but if I didn't, it will be handy:

    Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editior in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o] [o]Avast-Free Antivirus
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Do regular Maintenance
      Clean the temporary internet files often:
      [o] ATF Cleaner by Atribune
    6. Restore Points:
      [o]See System Restore Guide
    7. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad link.

    [​IMG]Peace
     
  11. steveow

    steveow TS Rookie Topic Starter Posts: 67

    Yes, I have and reg update everything except #5..I'll get that one. I'll have to double check the WOT....it's been awhile and I think it was giving me problems. However, what you've helped with all the others is more than I could have imagined to protect my PC. Thanks!

    Re: SAS. They responded and said their new program for scanning has been significantly enhanced for super fast scans. Boy have they come through :) big time! The Complete Scan is faster than the old quick scan.
    stevo
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I've had WOT for a while now and have no reason to think there are any problems related to it. I do a lot of searching and only choose the site in Green- darkest green first, lighter green if needed. If you look at the 4 categories they rate, I think you'll appreciate what they do.

    Between WOT, Firefox and Nod32 security, I cannot access a site that is consider fraudulent, suspicious or with poor reputation. This has served me well.

    Since we've resolved your issue, I'm going to close the thread. Let us know if you need us in the future.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...