SuperAntiSpyware false positives of CIS v6.1.276867.2813

Have done a routine scan with EAM, MBAM and SAS I have got false positives with the SAS scan on CIS v6, and a couple of SAS own files to, I paste the log below:-

SUPERAntiSpyware Scan Log

Generated 05/27/2013 at 04:01 AM

Application Version : 5.6.1020

Core Rules Database Version : 10447
Trace Rules Database Version: 8259

Scan type : Quick Scan
Total Scan Time : 00:02:12

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 558
Memory threats detected : 3
Registry items scanned : 60562
Registry threats detected : 0
File items scanned : 10531
File threats detected : 5

Trojan.Agent/Gen-Zbot
C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CIS.EXE
C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CIS.EXE
C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CMDHTML.DLL
C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CMDHTML.DLL
C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\Windows\Prefetch\CIS.EXE-F3F81C94.pf
C:\Windows\Prefetch\SUPERANTISPYWARE.EXE-D7978FB2.pf

I have submitted a false positive report using SAS inbuilt report tool, hopefully they can fix this soon

After doing additional scans SAS seems to be behaving erratically, I get between 3 - 5 detections when I run scans, so have no clue whats up, I did a scan yesterday and all was fine, after doing update tonight SAS is detecting FP’s and is not consistent, but is always same files it detects

I have uploaded all files to virustotal and they all got 0 / 47, just retested cis.exe, heres the VT url

[at]wasgij6: thanks for moving this to the right board :-TU

After an update scans no longer detect CIS v6 as malware, so looks like they fixed the false positives, but still detecting its own files as Zbot ;D

SUPERAntiSpyware Scan Log

Generated 05/27/2013 at 10:46 AM

Application Version : 5.6.1020

Core Rules Database Version : 10448
Trace Rules Database Version: 8260

Scan type : Quick Scan
Total Scan Time : 00:01:16

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 543
Memory threats detected : 1
Registry items scanned : 60561
Registry threats detected : 0
File items scanned : 10532
File threats detected : 2

Trojan.Agent/Gen-Zbot
C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\Windows\Prefetch\SUPERANTISPYWARE.EXE-D7978FB2.pf

I’m tempted to click Remove Threats to see what happens XD

Okay it removed itself, is to funny, hmm…not funny as have to reinstall XD

Re-installed SAS and did some more scans, now its back to detecting CIS v6 files as Zbot again, have sent another false positive report, attached a log

SUPERAntiSpyware Scan Log

Generated 05/27/2013 at 11:18 AM

Application Version : 5.6.1020

Core Rules Database Version : 10448
Trace Rules Database Version: 8260

Scan type : Quick Scan
Total Scan Time : 00:01:41

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 557
Memory threats detected : 2
Registry items scanned : 60549
Registry threats detected : 0
File items scanned : 10527
File threats detected : 3

Trojan.Agent/Gen-Zbot
C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CIS.EXE
C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CIS.EXE
C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CMDHTML.DLL
C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CMDHTML.DLL
C:\Windows\Prefetch\CIS.EXE-F3F81C94.pf

It looks like SAS fixed the FP’s with DB version 10449. :-TU

Yes, have done a number of scans through out today, and looks like they have finally been fixed :-TU

Had to delete all the SAS files, folders and registry keys by hand due to it removing itself earlier…lol…thankfully now installed and working properly ;D

Looks like this has upset quite a few people on the SAS boards.

http://forums.superantispyware.com/index.php?/topic/7429-trojanagentgen-zbot/