Superantispyware & Windows Defender

birdiebd · Mar 26, 2024

Wondering if I got a virus or the new owner (since Jan 23) made changes.
I have Superantispyware Professional version & windows 11 operating system.
All going well until this am. I clicked on the spyware link to run as usual (its set for regular times but sometimes I turn my computer off & it doesn't run).
Error msg from Windows Defender. Spyware was kicked out because it was listed as 'unwanted app'. Listed as softcnapp.

I contacted tech support with Superantispyware. Long & short I felt I was being sold a new product.

Now my shortcut link for superanti... doesn't work. And I can't find the folder for the spyware (I didn't delete it).
Is it possible I got a virus that drove me to calling superantispyware but it was another company?

Anyone else have issues with this software? I have had a subscription for 5 years on current computer was well as older ones.

Oh My! · Mar 26, 2024

Greetings and welcome to the Major Geeks Malware Forum.

Please do this

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

Right click on FRST64, select Save Link As..., and save the file on your Desktop

If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english

Right click on the icon and select Run as administrator

Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option

Click Yes to the disclaimer

Click Scan and allow the program to run

When completed, FRST.txt and Addition.txt reports will be saved on the Desktop

Please attach the reports to your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

Attached reports

birdiebd · Mar 26, 2024

Just chatted with Superantispyware. They now say their techs are working on an attack. Obviously my software is not cloud driven but someone was good enough to send out a virus. I'm guessing the update I got this morning which looked just like the regular update was the virus attack. Sure hope they can fix this.
I will follow FarBar recovery too.

Oh My! · Mar 26, 2024

Thank you for the update. Once you run a FRST scan and provide the reports we will get started on this end.

birdiebd · Mar 27, 2024

I saved FRST link to desktop. However. Right click does not offer run as admin. Just gives me all the windows options. FRST said it downloaded but takes me to a website, bleepingcomputer.com. Sure doesn't offer what your referring to.

Oh My! · Mar 27, 2024

Left click on the link (it is from BleepingComputer) and save the file. The right click on the downloaded file and select Run as administrator.

birdiebd · Mar 27, 2024

Hey Expert- The first method of running FRST worked.
Attaching the two files.
I will say I was able to reload superantispyware & run it. Seemed fine. But sure had some quirky things going on.
Thank you so much. I will keep this FRST for future use.

Oh My! · Mar 28, 2024

Thank you for the update.

Things look pretty good. While we are here let's clean out some clutter and check the health of Windows.

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

Right click on the FRST64 icon and select Run as administrator
Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
There is no need to paste the information anywhere, FRST64 will do it for you

Code:

Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
S3 IntcSdwBus; \SystemRoot\System32\DriverStore\FileRepository\intcsdwbus.inf_amd64_97232396cdfee532\IntcSdwBus.sys [X] 
HKU\S-1-5-21-2666680673-3668294695-3712481685-1001\...\Run: [EPSDNMON] => "" (No File) 
Task: {21BCF383-AF12-4660-A0B7-E7D520D86950} - System32\Tasks\Microsoft\Windows\Setup\EM => %windir%\system32\EM.exe  (No File) 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [No File] 
ShellIconOverlayIdentifiers: [Offline Files] -> {4E77131D-3629-431c-9818-C5679DC83E81} =>  -> No File 
FirewallRules: [{F96A5688-4F33-470E-9F6A-79468C3B6926}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SecondScreen_1.0.8.0_x64__wyx1vj98g3asy\SecondScreenDesktop\SecondScreenDesktop.exe => No File 
FirewallRules: [{83DF57BC-C4EB-45F0-8087-432499B0EC4A}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SecondScreen_1.0.8.0_x64__wyx1vj98g3asy\SecondScreenDesktop\SecondScreenDesktop.exe => No File 
FirewallRules: [{9923E5C7-491F-42E9-8700-A0BC8B84D43B}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungQuickShare_1.1.28.0_x64__wyx1vj98g3asy\Win32\QSSystray.exe => No File 
FirewallRules: [{43FD7430-9F22-4150-A9D4-2B86DC6A6EB4}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungQuickShare_1.1.28.0_x64__wyx1vj98g3asy\Win32\QSSystray.exe => No File 
FirewallRules: [{C9864EF8-0B11-410E-A949-5629DD35D104}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungQuickShare_1.1.28.0_x64__wyx1vj98g3asy\Win32\QSSystray.exe => No File 
FirewallRules: [{98A96F9B-F447-40F4-A385-9CAAE0D275CE}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungQuickShare_1.1.28.0_x64__wyx1vj98g3asy\Win32\QSSystray.exe => No File 
FirewallRules: [{B75BF09F-B975-4E0F-9E2F-B2111E92720C}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.6.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe => No File 
FirewallRules: [{47B6E400-8EE7-4B76-AC91-14690063DE99}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.6.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe => No File 
FirewallRules: [{AACE96D1-AB1B-4A31-B673-28290FFEA2C6}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.6.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe => No File 
FirewallRules: [{C2145556-2F7B-4713-9B8D-AABA9A8E22BF}] => (Allow) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.6.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe => No File 
FirewallRules: [TCP Query User{9058E1CD-63F3-4B60-9769-101AFD9E3D75}C:\program files (x86)\act\act for windows\act!.exe] => (Allow) C:\program files (x86)\act\act for windows\act!.exe => No File 
FirewallRules: [UDP Query User{03609307-7EDC-4946-A701-587F53C46B9B}C:\program files (x86)\act\act for windows\act!.exe] => (Allow) C:\program files (x86)\act\act for windows\act!.exe => No File 
FirewallRules: [TCP Query User{6092DA6B-B9FD-4486-9628-3ABFE80D0AA3}C:\act!_pro_v19_sp2x146\actstd\program files\act\actinstalldir\act!.exe] => (Allow) C:\act!_pro_v19_sp2x146\actstd\program files\act\actinstalldir\act!.exe => No File 
FirewallRules: [UDP Query User{A3DA926D-810B-40B1-837D-2D54AD76875C}C:\act!_pro_v19_sp2x146\actstd\program files\act\actinstalldir\act!.exe] => (Allow) C:\act!_pro_v19_sp2x146\actstd\program files\act\actinstalldir\act!.exe => No File 
FirewallRules: [{327810C9-61DE-433B-A064-0AE076E83003}] => (Allow) C:\Users\robyn\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File 
FirewallRules: [{1FA6B7E3-C0CB-4C34-9C92-77B46BEACF65}] => (Allow) C:\Users\robyn\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => No File 
HKU\S-1-5-21-2666680673-3668294695-3712481685-1001\...\Run: [EPSDNMON] => "" (No File) 
Task: {21BCF383-AF12-4660-A0B7-E7D520D86950} - System32\Tasks\Microsoft\Windows\Setup\EM => %windir%\system32\EM.exe  (No File) 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi => not found 
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi => not found 
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi => not found 
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [No File] 
HKU\S-1-5-21-2666680673-3668294695-3712481685-1001\...\MountPoints2: {af7a7d01-0baf-11ee-a833-701ab8c369a4} - "E:\RTK_NIC_DRIVER_INSTALLER.sfx.exe"
ShellServiceObjects: No Name -> {C51F0A6B-2A63-4cf4-8938-24404EAEF422} =>
SearchScopes: HKU\S-1-5-21-2666680673-3668294695-3712481685-1001 -> {56F65858-61BB-4E52-843F-E3177845EEAD} URL =
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::

Click Fix
When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

Fixlog

Log in or Sign up

Superantispyware & Windows Defender

birdiebd Private E-2

Oh My! Malware Expert Staff Member

birdiebd Private E-2

Oh My! Malware Expert Staff Member

birdiebd Private E-2

Oh My! Malware Expert Staff Member

birdiebd Private E-2

Attached Files:

Addition.txt

FRST.txt

Oh My! Malware Expert Staff Member

Log in or Sign up

Superantispyware & Windows Defender

birdiebd Private E-2

Oh My! Malware Expert Staff Member

birdiebd Private E-2

Oh My! Malware Expert Staff Member

birdiebd Private E-2

Oh My! Malware Expert Staff Member

birdiebd Private E-2

Attached Files:

Addition.txt

FRST.txt

Oh My! Malware Expert Staff Member

Useful Searches