SAS found malware that others wouln't [Detecting own malware samples as malware]

Today, I opened my blog and realized that I had two link pages to it. At the control panel, not the blog it self.

I was going to test those links on a VM and by mistake I clicked in 1 of the links and I automatically got redirected to scanner(dot)powerantivirus2009(dot)com. I closed the ■■■■ page right away.

I disconnected the net and performed a scanning with NOD32 3.0 and SUPERAntispyware. NOD32 found nothing, but SAS found 10 malware on my system.

At this moment I didnt clean the system yet. I checked for rookits with GMER and it found 4.

I then cleaned with SAS and then asks me to reboot the system and I do it. I checked again with GMER and no more rookits found. SAS did a ■■■■ good job! I just love it.

I also checked with Hijackthis and all seems fine.

I’m sad, though, that CFP with D+ set in Safe Mode did not protect me at all. But well, nothing is perfect and hopefully it will in the future.

Just out of curiosity I tried with Spybot S&D, MalwareBytes Antimalware, AVG8 Free, Ad-aware 2008 Free. None found nothing either!!!

Ain’t SAS amazing or what?

I later tested 1 of the links and each times it redirects for a different page. The second was a trojan fake coded page.

Hi Dark, according to Vettetech, Nod32 V3.0 should’ve caught it on the link click, just goes to show how well we know the AV we’re using, care to comment on this one Vette? Remember objectivity counts…

Xman :THNK (:KWL)

Hello Xma :wink:

Yes, indeed, we never know how will our security set up act in real threats situations.

We also don’t know how would any other AV perform. And powerantivirus2009 is recent.
According to MalwareBytes was first found in August 5, though 10 days passed and it seems that only SAS was able to detect and clean the system. At least, when comparing with all other tools I test with.

MalwareBytes Antimalware can’t detect it either. Not sure about the Rogue Remover, though. Didn’t try it, but perhaps it could detect and eliminate it.

Not ever av or as can find everything. I still love my NOD32 no matter what. Which is also why I love Sandboxie. Empty your Sandbox and problem gone. No security software is 100 % effective. Hey Dark do you have IE and FF under NOD32 HTTP “active mode”. I always put IE,FF,uTorrent and Frostwire under Active Mode.

Actually, no. I thought I had, but it seems I forgot it…

Now the funny thing… I updated SAS and now detects 3 more malwares, in a total of 13, including the latest 10.
I checked with GMER and found no rootkits.

I think I’ll just restore my system to a point before this ■■■■ happened.

Best regards

If you need help setting up Active Mode I can tell you how. :■■■■

True, SAS is something of a gem.

What’s worrying is how you got so many invasions, DarkButterfly

SAS is my favorite on-demand malware scanner. It helped me removed Win2009 in the past as well, No Files or Registry Keys were left behind. Just wait for v4.2… :slight_smile:


I restored my system to a previous point and will make a new scan with SAS, and see what happens.

Just a bloody mistake… and voila… infections… lol

Anyway, this weekend I got to format my system. I’m going to install Windows Vista SP1.

I already got version 4.2.

SAS does not find any malicious processes or registry keys, only malicious files. But GMER found 4 rootkits and after I cleaned the system with SAS, GMER would no longer find any rookit.

As I said above I restored my system. I will perform a new scan and see how it goes.


By the way powerantivirus2009 is a real pain in the ■■■. It was only recently discovered, and seems quite hard to remove.

For the info I could find, nothing seems able to detect it yet but SAS. But not so efficientely…

Well, it seems that the restore point didn’t work out. I never had great expectations about that, but we never know.

SAS stills detects those 13 malware.

Could those be false positives? It would be one well of a coincidence, no? I mean, at the same day I get redirected to powerantivirus2009, I get my system infected. It would be a hell of a coincidence…

SAS is the only detecting and fails to remove ;/

You must uncheck System restore, and delecting in Safe Mode.
Do yuou know how delecting an infection? :smiley:

I’m running Windows Vista.

Yes, I do know how to turn off Vista’s restore point. The thing is disabling Windows’s restore must only come has a last resource to fight malware.

Why? What if deleting malware and somehow, restoring the items from the quarantine won’t be enough?
No malware, no system… Not what I am looking for.

And no, I still haven’t verified in Safe Mode. I was going to, though. But I pretty much forgot about it, though.
It just crossed my mind when I was reading some on-line news on a pc magazine and they were talking how to disable restore points in Windows XP and Vista. :smiley:

Thank you for the concern… :wink:

Hi Dark, you really should get into the habit of surfing “sandboxed” with ‘Sandboxie’ you would’ve avoided the whole mess completely…
Live & learn, right Vette?

Cheers anyhow Dark :■■■■ (:KWL)


Yes your right Xman. Remember my thread.

uhuh, and I really think that Superantispyware has sandboxie in it …



Maybe it will come in version 10. in the year 2020…

Yeah right…

hey, why do we have a fight under mods, you should follow me by telling that it was off-topic >:(



You’re right.

Do you know what is the funnt thing? I work alot with virtual machines and I always search the web inside them, cause won’t be wasting my time disconnecting their net connection, so that I can use net on the real system.

Yesterday, it was no different from any other day. I just was going to copy & paste 2 bloody suspicious links and voilá, a mistake made me open of them… arghhh…

You know what? It’s just like SOAD say, “eat all the grass that you can, accidents will happen in the dawn […] Accidents happen”

Couldn’t be more true!!!

Edit: I verified the system with SAS in Safe Mode and still can’t eliminate that ■■■■. :THNK

Well, a format is coming down the way…

Hi again Dark, I sincerely hope your reformat solves your infection, in the meantime I wonder if Rising AV would’ve caught and cleaned out completely especially during its’ bootup scan, we can only speculate…
Next time sandbox yourself!

Good luck dude with the cleanup

Cheers man
Xman :-TU 8)