Thread: O.T. SuperantiSpyware
View Single Post
  #8  
Old February 16th 20, 07:49 AM posted to microsoft.public.windowsxp.general
Robert in CA
external usenet poster
  
Posts: 785
Default O.T. SuperantiSpyware


File : Capture Events.

Select it and the tick box should go away.

That stops the trace. Then set up a filter.

*******

A File Explorer dialog really should not be
opening for this exercise.

In the Filter : Filter item, a dialog box should appear
where you select the filter scheme you want.

Process is SuperAntiSpyWare.exe then Include

When a trace is collected, the program "remembers" all
the EXE files it saw. The Filter menu, when you select
a Process event, the name of the programs were assembled
during the trace, so every EXE thing is supposed to be
in there. I don't know what the actual SuperAntiSpyWare.exe
is, but you can examine the menu in the Filter : Filter
subsection and see for yourself what was captured.

If the executable simply did not run *at all*, that's
a possibility. You could search (using the Filter),
an attempt to

Operation is ReadFile

and then go looking for the shortcut name to the SAS program.
If the shortcut is on your desktop, the file has a name, and
you can look in the trace after the filter is added and applied
and see if that entry is present. Sometimes programs don't load
for various reasons.

There are plenty of things I cannot hope to reproduce here, and
I'd practically have to solve it remotely, to even get one of
my setups doing that (screwing up). I think even checking with
Task Manager (the control-alt-delete thing) for a currently
running SAS instance, may give a hint why it's annoyed with
what it finds at runtime (when you try to start it and it
refuses to start or exits so abruptly you don't see it).

But Process Monitor sees a lot of what is going on. It would
take a pretty fancy rootkit to prevent Process Monitor from
seeing stuff happening. The way of doing that on Linux, isn't
nearly as good (strace).

Paul



I did untick the capture events and then tried to
filter it but am totally lost in doing this.

https://postimg.cc/zLhDHqMM

https://postimg.cc/MX56QPPW

https://postimg.cc/56kfPHWT

https://postimg.cc/jCMT5W22

https://postimg.cc/phkwp724

However, SuperAntiSpyWare now comes up with one
click. I will now do a restart to see if 'remembers'
and causes it to double click or whether the single
click still works.


Robert
Ads