SUPERAntiSpyware falsely detecting Trojan.Agent/Gen-Kryptik

Many SUPERAntiSpyware users are experiencing an annoying (and possibly costly) problem this morning.  Apparently their system became infected with hundreds of copies of Trojan.Agent/Gen-Kryptik over the weekend.

After looking in-depth at a number of client systems, it would appear the alerts are false-positives.

One such customer had gone through a full scan, removing 433 instances of the supposed virus, and it turned out it had removed many necessary system DLLs, rendering her system inoperable.

For the moment, it’s best to disable proactive protection on SUPERAntiSpyware, but don’t forget to re-enable it once they post a fix.

It seems the issue came in with today’s definition updates.

I’ll post updates as they come in, or if you have thoughts or questions, please leave a comment below.

Update @ 12:35pm Eastern:
Michael G (Customer Service for SUPERAntiSpyware) posted: “There was an issue affecting some users which has been corrected with the latest release, please update your definitions now. Any items removed can be restored by opening SUPERAntiSpyware, clicking Manage Quarantine, selecting the detection and clicking Restore.”

Update @ 1:08pm Eastern:
Well, Michale G was right; they found and fixed the problem, and restoring deleted files from Quarantine was extremely easy.  I returned to the client’s system, updated their definitions, and then visited the quarantine.  Fortunately it let me check box the whole tree and press Restore (no one-by-one, and no having to figure out where files go).  Great recovery, and all in all, SUPERAntiSpyware was quite fast with the fix.  Reminds me of when McAfee entirely fobbed up all their business users’ networks.  Except this one was much easier and quicker to recover.

2 thoughts on “SUPERAntiSpyware falsely detecting Trojan.Agent/Gen-Kryptik

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">