A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » General XP issues or comments
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

O.T. SuperantiSpyware



 
 
Thread Tools Display Modes
  #1  
Old February 14th 20, 08:40 AM posted to microsoft.public.windowsxp.general
Robert in CA
external usenet poster
 
Posts: 785
Default O.T. SuperantiSpyware

I have a Dell XPS 8500, with Windows 7 Professional, SP1,
with Spywareblaster, SuperantiSpyware, Malwarebytes, Avast ,
Windows Defender and Windows firewall.

(1) TB HD
Intel (R) Core (TM) i7-33-3770 CPU @ 3.40 GHz
Ram 12.0 GB
System type : 64-bit operating system

I also have

I have a Dell Optiplex 780 Tower, with Windows 7 Professional,
SP1, with Spywareblaster, SuperantiSpyware, Malwarebytes, Avast ,
Windows Defender and Windows firewall.

Seagate Desktop HDD ST2000DM001 2TB 64MB
Cache SATA 6.0Gb/s 3.5"
System type : 64-bit operating system

and (external hard drives)

(8500)
WD BLACK SERIES WD2003FZEX 2TB 7200
RPM 64MB Cache SATA 6.0Gb/s 3.5" Internal
Hard Drive

(780)
Seagate Desktop HDD ST2000DM001 2TB 64MB
Cache SATA 6.0Gb/s 3.5"
Internal Hard Drive


I have a question involving the 8500. Whenever I click
the SuperantiSpyware icon on the 780 it comes up with no
problem but when I click the same icon on the 8500 I
have to do it twice before it comes up.

My question is; why do I have to click it twice on the 8500
and is there a way so that I only have to click it once?

Thanks,
Robert
Ads
  #2  
Old February 15th 20, 07:35 AM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default O.T. SuperantiSpyware

Robert in CA wrote:

snippage
I have a question involving the 8500. Whenever I click
the SuperantiSpyware icon on the 780 it comes up with no
problem but when I click the same icon on the 8500 I
have to do it twice before it comes up.

My question is; why do I have to click it twice on the 8500
and is there a way so that I only have to click it once?

Thanks,
Robert


It's unlikely that someone has "looked at the undercarriage
of every program out there", to answer this without doing some work.

I would use Process Monitor.

https://docs.microsoft.com/en-us/sys...nloads/procmon

1) Start the procmon.exe running.
2) Go back to the desktop, double click SuperantiSpyware.
The program fails etc.
3) Return to Process Monitor program window.
In the File menu, untick the tick mark to stop the trace.
4) In the filter menu, select

Program Name is procmon.exe Include

and apply that filter to the now-frozen trace.

This reduces the amount of junk to look through.

5) See if you can see any file it was accessing before it
quit or dropped dead.

That's about the best I can offer, in terms of a
"what approach could I use".

Even if I installed the program here, you just know
SAS isn't going to drop dead for me, and I won't
be able to reproduce it.

Paul
  #3  
Old February 15th 20, 03:15 PM posted to microsoft.public.windowsxp.general
Robert in CA
external usenet poster
 
Posts: 785
Default O.T. SuperantiSpyware

On Friday, February 14, 2020 at 10:35:30 PM UTC-8, Paul wrote:
Robert in CA wrote:

snippage
I have a question involving the 8500. Whenever I click
the SuperantiSpyware icon on the 780 it comes up with no
problem but when I click the same icon on the 8500 I
have to do it twice before it comes up.

My question is; why do I have to click it twice on the 8500
and is there a way so that I only have to click it once?

Thanks,
Robert


It's unlikely that someone has "looked at the undercarriage
of every program out there", to answer this without doing some work.

I would use Process Monitor.

https://docs.microsoft.com/en-us/sys...nloads/procmon

1) Start the procmon.exe running.
2) Go back to the desktop, double click SuperantiSpyware.
The program fails etc.
3) Return to Process Monitor program window.
In the File menu, untick the tick mark to stop the trace.
4) In the filter menu, select

Program Name is procmon.exe Include

and apply that filter to the now-frozen trace.

This reduces the amount of junk to look through.

5) See if you can see any file it was accessing before it
quit or dropped dead.

That's about the best I can offer, in terms of a
"what approach could I use".

Even if I installed the program here, you just know
SAS isn't going to drop dead for me, and I won't
be able to reproduce it.

Paul




I tried to follow your instructions but it
didn't offer anything to untick and filters
and when I opened filters it didn't seem to
offer procmon.exe

Process Monitor

https://postimg.cc/3yhq8tZG

File Menu

https://postimg.cc/Xpwcj412

Filter menu

https://postimg.cc/K4TtfmbZ


Thanks,
Robert
  #4  
Old February 15th 20, 03:17 PM posted to microsoft.public.windowsxp.general
Robert in CA
external usenet poster
 
Posts: 785
Default O.T. SuperantiSpyware


It's not a huge issue; I just thought if
it was something that could be fixed easily
I could do it but I'll just live with clicking
it twice.


Many thanks,
Robert
  #5  
Old February 15th 20, 07:21 PM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default O.T. SuperantiSpyware

Robert in CA wrote:
On Friday, February 14, 2020 at 10:35:30 PM UTC-8, Paul wrote:
Robert in CA wrote:

snippage
I have a question involving the 8500. Whenever I click
the SuperantiSpyware icon on the 780 it comes up with no
problem but when I click the same icon on the 8500 I
have to do it twice before it comes up.

My question is; why do I have to click it twice on the 8500
and is there a way so that I only have to click it once?

Thanks,
Robert

It's unlikely that someone has "looked at the undercarriage
of every program out there", to answer this without doing some work.

I would use Process Monitor.

https://docs.microsoft.com/en-us/sys...nloads/procmon

1) Start the procmon.exe running.
2) Go back to the desktop, double click SuperantiSpyware.
The program fails etc.
3) Return to Process Monitor program window.
In the File menu, untick the tick mark to stop the trace.
4) In the filter menu, select

Program Name is procmon.exe Include

and apply that filter to the now-frozen trace.

This reduces the amount of junk to look through.

5) See if you can see any file it was accessing before it
quit or dropped dead.

That's about the best I can offer, in terms of a
"what approach could I use".

Even if I installed the program here, you just know
SAS isn't going to drop dead for me, and I won't
be able to reproduce it.

Paul


I tried to follow your instructions but it
didn't offer anything to untick and filters
and when I opened filters it didn't seem to
offer procmon.exe

Process Monitor

https://postimg.cc/3yhq8tZG

File Menu

https://postimg.cc/Xpwcj412

Filter menu

https://postimg.cc/K4TtfmbZ


Thanks,
Robert


In your picture, the ProcMon program window has a "File"
menu item. Click that and you should see a "tick mark".
That "tick mark" controls capturing. You untick the
tick mark under the File menu, to stop the tracing action.

You want Filter : Filter item to select the filters
desired for the output trace. Setting a filter reduces
the visual amount of output seen, hiding the irrelevant
stuff. The Filter menu and its subitem "Filter" exist,
because of the nature of hunting for a "needle in a haystack".

The trace runs at lightning speed, and you can end up with
100,000 entries in seconds. And then having to shovel through
those can be painful.

By setting the filter to just include SuperantiSpyware items,
the job of analysis will be a little easier. You would then
scroll to the bottom of the trace, and see where SAS is exiting.
Then look a little above that, to see "what file is it ****ed about".
Something happened to upset it. That's what you would be
looking for.

This isn't easy to do, this needle in the haystack stuff.

To give you an example, I got lucky once. I'd installed
two sound cards. After the installer for the second
sound card was installed, *both* sound cards would not
work. I was baffled as to how that could happen. I ran
a trace with ProcMon, and there were a hundred thousand
entries to go through. And just by accident, I saw a
registry entry. It was an entry the second card should
not have "clobbered". I returned the registry entry
to a "normal" value and *both* sound cards worked.
Then all you had to do, was select in the Windows control,
which sound card you wanted to use for your output.

Many times I use that tool and learn... nothing.

That's why it's a tool of last resort.

But in theory, it has a lot of information to offer.
It's a matter of human persistence, as to whether
anything can be learned from it.

What leaves me in awe, in those traces, is all the
bull**** the OS is doing underneath. Quite often in there,
I'm distracted by the stuff I'm seeing.

*******

In terms of program design, if the program discovers a copy
is already running, it may choose to terminate. You might
check Task Manager and see if a copy is running at the time
you try your first "click". A good program would print on
the screen, that it had discovered a copy already running.

Paul
  #6  
Old February 16th 20, 01:48 AM posted to microsoft.public.windowsxp.general
Robert in CA
external usenet poster
 
Posts: 785
Default O.T. SuperantiSpyware

On Saturday, February 15, 2020 at 10:21:18 AM UTC-8, Paul wrote:
Robert in CA wrote:
On Friday, February 14, 2020 at 10:35:30 PM UTC-8, Paul wrote:
Robert in CA wrote:

snippage
I have a question involving the 8500. Whenever I click
the SuperantiSpyware icon on the 780 it comes up with no
problem but when I click the same icon on the 8500 I
have to do it twice before it comes up.

My question is; why do I have to click it twice on the 8500
and is there a way so that I only have to click it once?

Thanks,
Robert
It's unlikely that someone has "looked at the undercarriage
of every program out there", to answer this without doing some work.

I would use Process Monitor.

https://docs.microsoft.com/en-us/sys...nloads/procmon

1) Start the procmon.exe running.
2) Go back to the desktop, double click SuperantiSpyware.
The program fails etc.
3) Return to Process Monitor program window.
In the File menu, untick the tick mark to stop the trace.
4) In the filter menu, select

Program Name is procmon.exe Include

and apply that filter to the now-frozen trace.

This reduces the amount of junk to look through.

5) See if you can see any file it was accessing before it
quit or dropped dead.

That's about the best I can offer, in terms of a
"what approach could I use".

Even if I installed the program here, you just know
SAS isn't going to drop dead for me, and I won't
be able to reproduce it.

Paul


I tried to follow your instructions but it
didn't offer anything to untick and filters
and when I opened filters it didn't seem to
offer procmon.exe

Process Monitor

https://postimg.cc/3yhq8tZG

File Menu

https://postimg.cc/Xpwcj412

Filter menu

https://postimg.cc/K4TtfmbZ


Thanks,
Robert


In your picture, the ProcMon program window has a "File"
menu item. Click that and you should see a "tick mark".
That "tick mark" controls capturing. You untick the
tick mark under the File menu, to stop the tracing action.

You want Filter : Filter item to select the filters
desired for the output trace. Setting a filter reduces
the visual amount of output seen, hiding the irrelevant
stuff. The Filter menu and its subitem "Filter" exist,
because of the nature of hunting for a "needle in a haystack".

The trace runs at lightning speed, and you can end up with
100,000 entries in seconds. And then having to shovel through
those can be painful.

By setting the filter to just include SuperantiSpyware items,
the job of analysis will be a little easier. You would then
scroll to the bottom of the trace, and see where SAS is exiting.
Then look a little above that, to see "what file is it ****ed about".
Something happened to upset it. That's what you would be
looking for.

This isn't easy to do, this needle in the haystack stuff.

To give you an example, I got lucky once. I'd installed
two sound cards. After the installer for the second
sound card was installed, *both* sound cards would not
work. I was baffled as to how that could happen. I ran
a trace with ProcMon, and there were a hundred thousand
entries to go through. And just by accident, I saw a
registry entry. It was an entry the second card should
not have "clobbered". I returned the registry entry
to a "normal" value and *both* sound cards worked.
Then all you had to do, was select in the Windows control,
which sound card you wanted to use for your output.

Many times I use that tool and learn... nothing.

That's why it's a tool of last resort.

But in theory, it has a lot of information to offer.
It's a matter of human persistence, as to whether
anything can be learned from it.

What leaves me in awe, in those traces, is all the
bull**** the OS is doing underneath. Quite often in there,
I'm distracted by the stuff I'm seeing.

*******

In terms of program design, if the program discovers a copy
is already running, it may choose to terminate. You might
check Task Manager and see if a copy is running at the time
you try your first "click". A good program would print on
the screen, that it had discovered a copy already running.

Paul




I did as you instructed and opened the file
but there was nothing to tick or untick only
the reflect folder. Am I doing something wrong?

https://postimg.cc/8fMJPMWn

https://postimg.cc/LnFgQQFd

If it's a needle in a haystack as you say I have
no interest in pursuing this. I thought this would
be an easy fix and I just had triple bypass surgery
so not interested in a long drawn out problem.

Thanks,
Robert


  #7  
Old February 16th 20, 05:04 AM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default O.T. SuperantiSpyware

Robert in CA wrote:

I did as you instructed and opened the file
but there was nothing to tick or untick only
the reflect folder. Am I doing something wrong?

https://postimg.cc/8fMJPMWn

https://postimg.cc/LnFgQQFd

If it's a needle in a haystack as you say I have
no interest in pursuing this. I thought this would
be an easy fix and I just had triple bypass surgery
so not interested in a long drawn out problem.

Thanks,
Robert


File : Capture Events.

Select it and the tick box should go away.

That stops the trace. Then set up a filter.

*******

A File Explorer dialog really should not be
opening for this exercise.

In the Filter : Filter item, a dialog box should appear
where you select the filter scheme you want.

Process is SuperAntiSpyWare.exe then Include

When a trace is collected, the program "remembers" all
the EXE files it saw. The Filter menu, when you select
a Process event, the name of the programs were assembled
during the trace, so every EXE thing is supposed to be
in there. I don't know what the actual SuperAntiSpyWare.exe
is, but you can examine the menu in the Filter : Filter
subsection and see for yourself what was captured.

If the executable simply did not run *at all*, that's
a possibility. You could search (using the Filter),
an attempt to

Operation is ReadFile

and then go looking for the shortcut name to the SAS program.
If the shortcut is on your desktop, the file has a name, and
you can look in the trace after the filter is added and applied
and see if that entry is present. Sometimes programs don't load
for various reasons.

There are plenty of things I cannot hope to reproduce here, and
I'd practically have to solve it remotely, to even get one of
my setups doing that (screwing up). I think even checking with
Task Manager (the control-alt-delete thing) for a currently
running SAS instance, may give a hint why it's annoyed with
what it finds at runtime (when you try to start it and it
refuses to start or exits so abruptly you don't see it).

But Process Monitor sees a lot of what is going on. It would
take a pretty fancy rootkit to prevent Process Monitor from
seeing stuff happening. The way of doing that on Linux, isn't
nearly as good (strace).

Paul

  #8  
Old February 16th 20, 08:49 AM posted to microsoft.public.windowsxp.general
Robert in CA
external usenet poster
 
Posts: 785
Default O.T. SuperantiSpyware



File : Capture Events.

Select it and the tick box should go away.

That stops the trace. Then set up a filter.

*******

A File Explorer dialog really should not be
opening for this exercise.

In the Filter : Filter item, a dialog box should appear
where you select the filter scheme you want.

Process is SuperAntiSpyWare.exe then Include

When a trace is collected, the program "remembers" all
the EXE files it saw. The Filter menu, when you select
a Process event, the name of the programs were assembled
during the trace, so every EXE thing is supposed to be
in there. I don't know what the actual SuperAntiSpyWare.exe
is, but you can examine the menu in the Filter : Filter
subsection and see for yourself what was captured.

If the executable simply did not run *at all*, that's
a possibility. You could search (using the Filter),
an attempt to

Operation is ReadFile

and then go looking for the shortcut name to the SAS program.
If the shortcut is on your desktop, the file has a name, and
you can look in the trace after the filter is added and applied
and see if that entry is present. Sometimes programs don't load
for various reasons.

There are plenty of things I cannot hope to reproduce here, and
I'd practically have to solve it remotely, to even get one of
my setups doing that (screwing up). I think even checking with
Task Manager (the control-alt-delete thing) for a currently
running SAS instance, may give a hint why it's annoyed with
what it finds at runtime (when you try to start it and it
refuses to start or exits so abruptly you don't see it).

But Process Monitor sees a lot of what is going on. It would
take a pretty fancy rootkit to prevent Process Monitor from
seeing stuff happening. The way of doing that on Linux, isn't
nearly as good (strace).

Paul




I did untick the capture events and then tried to
filter it but am totally lost in doing this.

https://postimg.cc/zLhDHqMM

https://postimg.cc/MX56QPPW

https://postimg.cc/56kfPHWT

https://postimg.cc/jCMT5W22

https://postimg.cc/phkwp724

However, SuperAntiSpyWare now comes up with one
click. I will now do a restart to see if 'remembers'
and causes it to double click or whether the single
click still works.


Robert

  #9  
Old February 16th 20, 09:16 AM posted to microsoft.public.windowsxp.general
Robert in CA
external usenet poster
 
Posts: 785
Default O.T. SuperantiSpyware

Unfortunately, you were right and it
remembered and I had to double click
it again after I re-started the computer.

Robert

  #10  
Old February 16th 20, 04:23 PM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default O.T. SuperantiSpyware

Robert in CA wrote:
Unfortunately, you were right and it
remembered and I had to double click
it again after I re-started the computer.

Robert


Perhaps it's related to some "service" that SAS needs ?
Something didn't start properly, on the first click.
Then the first click made the service start, and the
second click allowed SAS to start OK.

In the discussion thread here, Avast detects some information
that SuperantiSpyware has put in memory. Perhaps checking
some Avast log will indicate its interest in something SAS related.

https://forum.avast.com/index.php?topic=96174.0

There is also free and paid versions of SAS, and it's
possible what runs in each case is different.

SAS Core Service "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE"

Paul
  #11  
Old February 16th 20, 05:23 PM posted to microsoft.public.windowsxp.general
Robert in CA
external usenet poster
 
Posts: 785
Default O.T. SuperantiSpyware

On Sunday, February 16, 2020 at 7:23:24 AM UTC-8, Paul wrote:
Robert in CA wrote:
Unfortunately, you were right and it
remembered and I had to double click
it again after I re-started the computer.

Robert


Perhaps it's related to some "service" that SAS needs ?
Something didn't start properly, on the first click.
Then the first click made the service start, and the
second click allowed SAS to start OK.

In the discussion thread here, Avast detects some information
that SuperantiSpyware has put in memory. Perhaps checking
some Avast log will indicate its interest in something SAS related.

https://forum.avast.com/index.php?topic=96174.0

There is also free and paid versions of SAS, and it's
possible what runs in each case is different.

SAS Core Service "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE"

Paul



Avast hasn't detected anything on my end but am
wondering if I just reinstall SuperAntiSpyWare if
it will resolve the problem?

Robert

  #12  
Old February 16th 20, 07:53 PM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default O.T. SuperantiSpyware

Robert in CA wrote:
On Sunday, February 16, 2020 at 7:23:24 AM UTC-8, Paul wrote:
Robert in CA wrote:
Unfortunately, you were right and it
remembered and I had to double click
it again after I re-started the computer.

Robert

Perhaps it's related to some "service" that SAS needs ?
Something didn't start properly, on the first click.
Then the first click made the service start, and the
second click allowed SAS to start OK.

In the discussion thread here, Avast detects some information
that SuperantiSpyware has put in memory. Perhaps checking
some Avast log will indicate its interest in something SAS related.

https://forum.avast.com/index.php?topic=96174.0

There is also free and paid versions of SAS, and it's
possible what runs in each case is different.

SAS Core Service "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE"

Paul



Avast hasn't detected anything on my end but am
wondering if I just reinstall SuperAntiSpyWare if
it will resolve the problem?

Robert


Is it worth the trouble ?

It's only an extra click.

Paul
  #13  
Old February 16th 20, 10:44 PM posted to microsoft.public.windowsxp.general
Robert in CA
external usenet poster
 
Posts: 785
Default O.T. SuperantiSpyware

On Sunday, February 16, 2020 at 10:53:19 AM UTC-8, Paul wrote:
Robert in CA wrote:
On Sunday, February 16, 2020 at 7:23:24 AM UTC-8, Paul wrote:
Robert in CA wrote:
Unfortunately, you were right and it
remembered and I had to double click
it again after I re-started the computer.

Robert

Perhaps it's related to some "service" that SAS needs ?
Something didn't start properly, on the first click.
Then the first click made the service start, and the
second click allowed SAS to start OK.

In the discussion thread here, Avast detects some information
that SuperantiSpyware has put in memory. Perhaps checking
some Avast log will indicate its interest in something SAS related.

https://forum.avast.com/index.php?topic=96174.0

There is also free and paid versions of SAS, and it's
possible what runs in each case is different.

SAS Core Service "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE"

Paul



Avast hasn't detected anything on my end but am
wondering if I just reinstall SuperAntiSpyWare if
it will resolve the problem?

Robert


Is it worth the trouble ?

It's only an extra click.

Paul


Well since we've done everything else
and nothing's worked I thought it was
worth a try.

It just bugs me that with the 780 is
comes up fine.

Robert
  #14  
Old February 16th 20, 11:03 PM posted to microsoft.public.windowsxp.general
Robert in CA
external usenet poster
 
Posts: 785
Default O.T. SuperantiSpyware


I reinstalled it and now it comes
up with one click like the 780.


Many Thanks,
Robert
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 06:59 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.