If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
O.T. SuperantiSpyware
I have a Dell XPS 8500, with Windows 7 Professional, SP1,
with Spywareblaster, SuperantiSpyware, Malwarebytes, Avast , Windows Defender and Windows firewall. (1) TB HD Intel (R) Core (TM) i7-33-3770 CPU @ 3.40 GHz Ram 12.0 GB System type : 64-bit operating system I also have I have a Dell Optiplex 780 Tower, with Windows 7 Professional, SP1, with Spywareblaster, SuperantiSpyware, Malwarebytes, Avast , Windows Defender and Windows firewall. Seagate Desktop HDD ST2000DM001 2TB 64MB Cache SATA 6.0Gb/s 3.5" System type : 64-bit operating system and (external hard drives) (8500) WD BLACK SERIES WD2003FZEX 2TB 7200 RPM 64MB Cache SATA 6.0Gb/s 3.5" Internal Hard Drive (780) Seagate Desktop HDD ST2000DM001 2TB 64MB Cache SATA 6.0Gb/s 3.5" Internal Hard Drive I have a question involving the 8500. Whenever I click the SuperantiSpyware icon on the 780 it comes up with no problem but when I click the same icon on the 8500 I have to do it twice before it comes up. My question is; why do I have to click it twice on the 8500 and is there a way so that I only have to click it once? Thanks, Robert |
Ads |
#2
|
|||
|
|||
O.T. SuperantiSpyware
Robert in CA wrote:
snippage I have a question involving the 8500. Whenever I click the SuperantiSpyware icon on the 780 it comes up with no problem but when I click the same icon on the 8500 I have to do it twice before it comes up. My question is; why do I have to click it twice on the 8500 and is there a way so that I only have to click it once? Thanks, Robert It's unlikely that someone has "looked at the undercarriage of every program out there", to answer this without doing some work. I would use Process Monitor. https://docs.microsoft.com/en-us/sys...nloads/procmon 1) Start the procmon.exe running. 2) Go back to the desktop, double click SuperantiSpyware. The program fails etc. 3) Return to Process Monitor program window. In the File menu, untick the tick mark to stop the trace. 4) In the filter menu, select Program Name is procmon.exe Include and apply that filter to the now-frozen trace. This reduces the amount of junk to look through. 5) See if you can see any file it was accessing before it quit or dropped dead. That's about the best I can offer, in terms of a "what approach could I use". Even if I installed the program here, you just know SAS isn't going to drop dead for me, and I won't be able to reproduce it. Paul |
#3
|
|||
|
|||
O.T. SuperantiSpyware
On Friday, February 14, 2020 at 10:35:30 PM UTC-8, Paul wrote:
Robert in CA wrote: snippage I have a question involving the 8500. Whenever I click the SuperantiSpyware icon on the 780 it comes up with no problem but when I click the same icon on the 8500 I have to do it twice before it comes up. My question is; why do I have to click it twice on the 8500 and is there a way so that I only have to click it once? Thanks, Robert It's unlikely that someone has "looked at the undercarriage of every program out there", to answer this without doing some work. I would use Process Monitor. https://docs.microsoft.com/en-us/sys...nloads/procmon 1) Start the procmon.exe running. 2) Go back to the desktop, double click SuperantiSpyware. The program fails etc. 3) Return to Process Monitor program window. In the File menu, untick the tick mark to stop the trace. 4) In the filter menu, select Program Name is procmon.exe Include and apply that filter to the now-frozen trace. This reduces the amount of junk to look through. 5) See if you can see any file it was accessing before it quit or dropped dead. That's about the best I can offer, in terms of a "what approach could I use". Even if I installed the program here, you just know SAS isn't going to drop dead for me, and I won't be able to reproduce it. Paul I tried to follow your instructions but it didn't offer anything to untick and filters and when I opened filters it didn't seem to offer procmon.exe Process Monitor https://postimg.cc/3yhq8tZG File Menu https://postimg.cc/Xpwcj412 Filter menu https://postimg.cc/K4TtfmbZ Thanks, Robert |
#4
|
|||
|
|||
O.T. SuperantiSpyware
It's not a huge issue; I just thought if it was something that could be fixed easily I could do it but I'll just live with clicking it twice. Many thanks, Robert |
#5
|
|||
|
|||
O.T. SuperantiSpyware
Robert in CA wrote:
On Friday, February 14, 2020 at 10:35:30 PM UTC-8, Paul wrote: Robert in CA wrote: snippage I have a question involving the 8500. Whenever I click the SuperantiSpyware icon on the 780 it comes up with no problem but when I click the same icon on the 8500 I have to do it twice before it comes up. My question is; why do I have to click it twice on the 8500 and is there a way so that I only have to click it once? Thanks, Robert It's unlikely that someone has "looked at the undercarriage of every program out there", to answer this without doing some work. I would use Process Monitor. https://docs.microsoft.com/en-us/sys...nloads/procmon 1) Start the procmon.exe running. 2) Go back to the desktop, double click SuperantiSpyware. The program fails etc. 3) Return to Process Monitor program window. In the File menu, untick the tick mark to stop the trace. 4) In the filter menu, select Program Name is procmon.exe Include and apply that filter to the now-frozen trace. This reduces the amount of junk to look through. 5) See if you can see any file it was accessing before it quit or dropped dead. That's about the best I can offer, in terms of a "what approach could I use". Even if I installed the program here, you just know SAS isn't going to drop dead for me, and I won't be able to reproduce it. Paul I tried to follow your instructions but it didn't offer anything to untick and filters and when I opened filters it didn't seem to offer procmon.exe Process Monitor https://postimg.cc/3yhq8tZG File Menu https://postimg.cc/Xpwcj412 Filter menu https://postimg.cc/K4TtfmbZ Thanks, Robert In your picture, the ProcMon program window has a "File" menu item. Click that and you should see a "tick mark". That "tick mark" controls capturing. You untick the tick mark under the File menu, to stop the tracing action. You want Filter : Filter item to select the filters desired for the output trace. Setting a filter reduces the visual amount of output seen, hiding the irrelevant stuff. The Filter menu and its subitem "Filter" exist, because of the nature of hunting for a "needle in a haystack". The trace runs at lightning speed, and you can end up with 100,000 entries in seconds. And then having to shovel through those can be painful. By setting the filter to just include SuperantiSpyware items, the job of analysis will be a little easier. You would then scroll to the bottom of the trace, and see where SAS is exiting. Then look a little above that, to see "what file is it ****ed about". Something happened to upset it. That's what you would be looking for. This isn't easy to do, this needle in the haystack stuff. To give you an example, I got lucky once. I'd installed two sound cards. After the installer for the second sound card was installed, *both* sound cards would not work. I was baffled as to how that could happen. I ran a trace with ProcMon, and there were a hundred thousand entries to go through. And just by accident, I saw a registry entry. It was an entry the second card should not have "clobbered". I returned the registry entry to a "normal" value and *both* sound cards worked. Then all you had to do, was select in the Windows control, which sound card you wanted to use for your output. Many times I use that tool and learn... nothing. That's why it's a tool of last resort. But in theory, it has a lot of information to offer. It's a matter of human persistence, as to whether anything can be learned from it. What leaves me in awe, in those traces, is all the bull**** the OS is doing underneath. Quite often in there, I'm distracted by the stuff I'm seeing. ******* In terms of program design, if the program discovers a copy is already running, it may choose to terminate. You might check Task Manager and see if a copy is running at the time you try your first "click". A good program would print on the screen, that it had discovered a copy already running. Paul |
#6
|
|||
|
|||
O.T. SuperantiSpyware
On Saturday, February 15, 2020 at 10:21:18 AM UTC-8, Paul wrote:
Robert in CA wrote: On Friday, February 14, 2020 at 10:35:30 PM UTC-8, Paul wrote: Robert in CA wrote: snippage I have a question involving the 8500. Whenever I click the SuperantiSpyware icon on the 780 it comes up with no problem but when I click the same icon on the 8500 I have to do it twice before it comes up. My question is; why do I have to click it twice on the 8500 and is there a way so that I only have to click it once? Thanks, Robert It's unlikely that someone has "looked at the undercarriage of every program out there", to answer this without doing some work. I would use Process Monitor. https://docs.microsoft.com/en-us/sys...nloads/procmon 1) Start the procmon.exe running. 2) Go back to the desktop, double click SuperantiSpyware. The program fails etc. 3) Return to Process Monitor program window. In the File menu, untick the tick mark to stop the trace. 4) In the filter menu, select Program Name is procmon.exe Include and apply that filter to the now-frozen trace. This reduces the amount of junk to look through. 5) See if you can see any file it was accessing before it quit or dropped dead. That's about the best I can offer, in terms of a "what approach could I use". Even if I installed the program here, you just know SAS isn't going to drop dead for me, and I won't be able to reproduce it. Paul I tried to follow your instructions but it didn't offer anything to untick and filters and when I opened filters it didn't seem to offer procmon.exe Process Monitor https://postimg.cc/3yhq8tZG File Menu https://postimg.cc/Xpwcj412 Filter menu https://postimg.cc/K4TtfmbZ Thanks, Robert In your picture, the ProcMon program window has a "File" menu item. Click that and you should see a "tick mark". That "tick mark" controls capturing. You untick the tick mark under the File menu, to stop the tracing action. You want Filter : Filter item to select the filters desired for the output trace. Setting a filter reduces the visual amount of output seen, hiding the irrelevant stuff. The Filter menu and its subitem "Filter" exist, because of the nature of hunting for a "needle in a haystack". The trace runs at lightning speed, and you can end up with 100,000 entries in seconds. And then having to shovel through those can be painful. By setting the filter to just include SuperantiSpyware items, the job of analysis will be a little easier. You would then scroll to the bottom of the trace, and see where SAS is exiting. Then look a little above that, to see "what file is it ****ed about". Something happened to upset it. That's what you would be looking for. This isn't easy to do, this needle in the haystack stuff. To give you an example, I got lucky once. I'd installed two sound cards. After the installer for the second sound card was installed, *both* sound cards would not work. I was baffled as to how that could happen. I ran a trace with ProcMon, and there were a hundred thousand entries to go through. And just by accident, I saw a registry entry. It was an entry the second card should not have "clobbered". I returned the registry entry to a "normal" value and *both* sound cards worked. Then all you had to do, was select in the Windows control, which sound card you wanted to use for your output. Many times I use that tool and learn... nothing. That's why it's a tool of last resort. But in theory, it has a lot of information to offer. It's a matter of human persistence, as to whether anything can be learned from it. What leaves me in awe, in those traces, is all the bull**** the OS is doing underneath. Quite often in there, I'm distracted by the stuff I'm seeing. ******* In terms of program design, if the program discovers a copy is already running, it may choose to terminate. You might check Task Manager and see if a copy is running at the time you try your first "click". A good program would print on the screen, that it had discovered a copy already running. Paul I did as you instructed and opened the file but there was nothing to tick or untick only the reflect folder. Am I doing something wrong? https://postimg.cc/8fMJPMWn https://postimg.cc/LnFgQQFd If it's a needle in a haystack as you say I have no interest in pursuing this. I thought this would be an easy fix and I just had triple bypass surgery so not interested in a long drawn out problem. Thanks, Robert |
#7
|
|||
|
|||
O.T. SuperantiSpyware
Robert in CA wrote:
I did as you instructed and opened the file but there was nothing to tick or untick only the reflect folder. Am I doing something wrong? https://postimg.cc/8fMJPMWn https://postimg.cc/LnFgQQFd If it's a needle in a haystack as you say I have no interest in pursuing this. I thought this would be an easy fix and I just had triple bypass surgery so not interested in a long drawn out problem. Thanks, Robert File : Capture Events. Select it and the tick box should go away. That stops the trace. Then set up a filter. ******* A File Explorer dialog really should not be opening for this exercise. In the Filter : Filter item, a dialog box should appear where you select the filter scheme you want. Process is SuperAntiSpyWare.exe then Include When a trace is collected, the program "remembers" all the EXE files it saw. The Filter menu, when you select a Process event, the name of the programs were assembled during the trace, so every EXE thing is supposed to be in there. I don't know what the actual SuperAntiSpyWare.exe is, but you can examine the menu in the Filter : Filter subsection and see for yourself what was captured. If the executable simply did not run *at all*, that's a possibility. You could search (using the Filter), an attempt to Operation is ReadFile and then go looking for the shortcut name to the SAS program. If the shortcut is on your desktop, the file has a name, and you can look in the trace after the filter is added and applied and see if that entry is present. Sometimes programs don't load for various reasons. There are plenty of things I cannot hope to reproduce here, and I'd practically have to solve it remotely, to even get one of my setups doing that (screwing up). I think even checking with Task Manager (the control-alt-delete thing) for a currently running SAS instance, may give a hint why it's annoyed with what it finds at runtime (when you try to start it and it refuses to start or exits so abruptly you don't see it). But Process Monitor sees a lot of what is going on. It would take a pretty fancy rootkit to prevent Process Monitor from seeing stuff happening. The way of doing that on Linux, isn't nearly as good (strace). Paul |
#8
|
|||
|
|||
O.T. SuperantiSpyware
File : Capture Events. Select it and the tick box should go away. That stops the trace. Then set up a filter. ******* A File Explorer dialog really should not be opening for this exercise. In the Filter : Filter item, a dialog box should appear where you select the filter scheme you want. Process is SuperAntiSpyWare.exe then Include When a trace is collected, the program "remembers" all the EXE files it saw. The Filter menu, when you select a Process event, the name of the programs were assembled during the trace, so every EXE thing is supposed to be in there. I don't know what the actual SuperAntiSpyWare.exe is, but you can examine the menu in the Filter : Filter subsection and see for yourself what was captured. If the executable simply did not run *at all*, that's a possibility. You could search (using the Filter), an attempt to Operation is ReadFile and then go looking for the shortcut name to the SAS program. If the shortcut is on your desktop, the file has a name, and you can look in the trace after the filter is added and applied and see if that entry is present. Sometimes programs don't load for various reasons. There are plenty of things I cannot hope to reproduce here, and I'd practically have to solve it remotely, to even get one of my setups doing that (screwing up). I think even checking with Task Manager (the control-alt-delete thing) for a currently running SAS instance, may give a hint why it's annoyed with what it finds at runtime (when you try to start it and it refuses to start or exits so abruptly you don't see it). But Process Monitor sees a lot of what is going on. It would take a pretty fancy rootkit to prevent Process Monitor from seeing stuff happening. The way of doing that on Linux, isn't nearly as good (strace). Paul I did untick the capture events and then tried to filter it but am totally lost in doing this. https://postimg.cc/zLhDHqMM https://postimg.cc/MX56QPPW https://postimg.cc/56kfPHWT https://postimg.cc/jCMT5W22 https://postimg.cc/phkwp724 However, SuperAntiSpyWare now comes up with one click. I will now do a restart to see if 'remembers' and causes it to double click or whether the single click still works. Robert |
#9
|
|||
|
|||
O.T. SuperantiSpyware
Unfortunately, you were right and it
remembered and I had to double click it again after I re-started the computer. Robert |
#10
|
|||
|
|||
O.T. SuperantiSpyware
Robert in CA wrote:
Unfortunately, you were right and it remembered and I had to double click it again after I re-started the computer. Robert Perhaps it's related to some "service" that SAS needs ? Something didn't start properly, on the first click. Then the first click made the service start, and the second click allowed SAS to start OK. In the discussion thread here, Avast detects some information that SuperantiSpyware has put in memory. Perhaps checking some Avast log will indicate its interest in something SAS related. https://forum.avast.com/index.php?topic=96174.0 There is also free and paid versions of SAS, and it's possible what runs in each case is different. SAS Core Service "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" Paul |
#11
|
|||
|
|||
O.T. SuperantiSpyware
On Sunday, February 16, 2020 at 7:23:24 AM UTC-8, Paul wrote:
Robert in CA wrote: Unfortunately, you were right and it remembered and I had to double click it again after I re-started the computer. Robert Perhaps it's related to some "service" that SAS needs ? Something didn't start properly, on the first click. Then the first click made the service start, and the second click allowed SAS to start OK. In the discussion thread here, Avast detects some information that SuperantiSpyware has put in memory. Perhaps checking some Avast log will indicate its interest in something SAS related. https://forum.avast.com/index.php?topic=96174.0 There is also free and paid versions of SAS, and it's possible what runs in each case is different. SAS Core Service "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" Paul Avast hasn't detected anything on my end but am wondering if I just reinstall SuperAntiSpyWare if it will resolve the problem? Robert |
#12
|
|||
|
|||
O.T. SuperantiSpyware
Robert in CA wrote:
On Sunday, February 16, 2020 at 7:23:24 AM UTC-8, Paul wrote: Robert in CA wrote: Unfortunately, you were right and it remembered and I had to double click it again after I re-started the computer. Robert Perhaps it's related to some "service" that SAS needs ? Something didn't start properly, on the first click. Then the first click made the service start, and the second click allowed SAS to start OK. In the discussion thread here, Avast detects some information that SuperantiSpyware has put in memory. Perhaps checking some Avast log will indicate its interest in something SAS related. https://forum.avast.com/index.php?topic=96174.0 There is also free and paid versions of SAS, and it's possible what runs in each case is different. SAS Core Service "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" Paul Avast hasn't detected anything on my end but am wondering if I just reinstall SuperAntiSpyWare if it will resolve the problem? Robert Is it worth the trouble ? It's only an extra click. Paul |
#13
|
|||
|
|||
O.T. SuperantiSpyware
On Sunday, February 16, 2020 at 10:53:19 AM UTC-8, Paul wrote:
Robert in CA wrote: On Sunday, February 16, 2020 at 7:23:24 AM UTC-8, Paul wrote: Robert in CA wrote: Unfortunately, you were right and it remembered and I had to double click it again after I re-started the computer. Robert Perhaps it's related to some "service" that SAS needs ? Something didn't start properly, on the first click. Then the first click made the service start, and the second click allowed SAS to start OK. In the discussion thread here, Avast detects some information that SuperantiSpyware has put in memory. Perhaps checking some Avast log will indicate its interest in something SAS related. https://forum.avast.com/index.php?topic=96174.0 There is also free and paid versions of SAS, and it's possible what runs in each case is different. SAS Core Service "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" Paul Avast hasn't detected anything on my end but am wondering if I just reinstall SuperAntiSpyWare if it will resolve the problem? Robert Is it worth the trouble ? It's only an extra click. Paul Well since we've done everything else and nothing's worked I thought it was worth a try. It just bugs me that with the 780 is comes up fine. Robert |
#14
|
|||
|
|||
O.T. SuperantiSpyware
I reinstalled it and now it comes up with one click like the 780. Many Thanks, Robert |
Thread Tools | |
Display Modes | |
|
|