RickNCN

It might help if I gave the site... monicanevi.com

Hi, A friend's website is blocked "Due to Reputation" (This website is suspected of being compromised or hosting a potential privacy or security threat.) I'm wondering what's the process to review that website, fix issues if necessary and remove the block? It's a WordPress site hosted at GoDaddy Thanks

In the last month roughly Malwarebytes is slowing Windows PCs, and I'd like to know why and what is being done to address the issue. I run an IT services business and MBAM is on dozens of client PCs at my recommendation. Lately, clients are calling me and the PC is at a crawl. They can't open Sage or QuickBooks or a document in less than 5 minutes. I uninstall MBAM and the problem disappears immediately. It's happened on around half a dozen PCs already. It may not directly be Malwarebytes' fault, it may be a Windows Update that's breaking something, but it is Malwarebytes' problem to identify and address.

I know that the plural of anecdote is not evidence, but this exact issue has been plaguing me for months. I manage a few hundred client pcs and recently, some have been reporting very slow performance, not just DNS but also general program use. As soon as I remove MBAM- boom- like new again. I haven't personally experienced that, but I have experienced the abysmal DNS performance issues.

One additional note - Another reason I'm thinking this way, and expecting MBAM to update itself is because we are seeing more and more programs do it - We've always had Microsoft Updates able to install themselves, but now Firefox, Chrome, and even Flash asks if it can update itself unattended.

The program (MBAM) notifies the user that a new version is out and needs to be updated. This is the way its designed. >>Ok, yes, I understand that's the way you've designed it. Most if not all security programs operate the same way, they will not auto update the program (software) itself, user interaction is required. >> Trend Micro Worry Free Business Security does not make users of the client PC update the engine. They call it engine and pattern. So I assume "engine" corresponds with "program update" in MBAM and "pattern" with "database or definitions". I know of some other AV programs that do, like Avast, I think but the program updates are fairly rare. The fact that MBAM puts out program updates fairly quickly and regularly makes me feel like if I don't have the latest, I'm missing out on some advantage that has been programmed into the new version.. see next point. If you do not update the program you will still get the latest definitions installed so there is no security risk as you put it. >>I do understand that you still get the latest definitions. You make it sound like there's no down side to not upgrading the program. If that's true, what is the upgrade doing for us, then? I assume the updates are improving the program and if I'm not receiving the improvements, aren't I at increased risk? When the user updates the program, yes it will have an older definition file (the one that was available when the installer was created), but after the program update is done, you are prompted to update the definition files as well. (So you being warned that its out of date is by design and so that you know you have to update the definitions). It would take too much work to keep repackaging the install file with the latest definitions, due to the amount of times the definition files are updated (sometimes up to 10 times a day). >> I understand it's nearly impossible to keep repackaging every time a definition file is released, but like I said in my post, after upgrading, I'm seeing a message about it being 30+ to 40+ days outdated. That seems excessive. Plus, and I may be wrong here, so correct me if I am - by default, is there a definitions update scheduled under "Protection" > "Scheduler"? I don't think there is. I'm pretty sure I add a scan and an update schedule for every new MBAM I install. Regardless of all this detail, what it boils down to is this: I recommend MBAM and have clients purchase it and I install it. I set it up to scan and update regularly. I get called back to these clients over time, weeks or months later and almost no-one does program updates. I still go to clients that have the red square "M" icon! I will state emphatically that these people are *not* getting the protection they paid for. Are they irresponsible users? Yes. Are they ignorant users? Yes. Do I explain to each and every one of them what to look for when MBAM will eventually prompt for an update or upgrade? Yes. Do almost all of them forget what I told them a day later and are they all too scared about installing the wrong thing to touch it? Emphatically yes! I submit to you that it is your responsibility to find ways to protect clients despite themselves. I'm merely reporting to you what I see from dozens and dozens and dozens of MBAM installs that I've done and support. I see it as a failure of design that I go to a client I went to 6 months or a year or more ago and they have an old program version running. I don't buy that they're not at increased risk without the latest version. If there's no security benefit, why are you updating the program? To fix bugs? That would also fall under increased security risk I would think. Please don't take my comments with a rude or negative tone of voice. I'm stating an argument, not trying to be "argumentative". I look forward to your response. I think MBAM is the best security software out there, that's why I'm so concerned about this issue.

Hi Ron, Maybe you're misunderstanding the problem: -MBAM has been installed. -Time passes, maybe a few weeks or a month? -An update to the *program* (not the definitions database) pops up as a balloon in the system tray "Click here to update Malwarebytes to the latest version... etc" - The program does *NOT* update the PROGRAM by itself - at least not that I have ever seen on the dozens and dozens of PCs I've installed MBAM on. The program only updates the DATABASE by itself. - This is a security risk - if the program is out of date, then is it no longer getting the most up to date definitions? - After the user DOES manually update the program (a process in which it downloads and installs the new version of the PROGRAM) the balloon warning pops up that the database is 30-40+ days out of date. - If MBAM is updating its program, I'd assume the latest definitions are packaged with the new program. Certainly they shouldn't be 30-40 days old! I know that when you download MBAM from download.com for example, the definitions database might be a few weeks old, but even THAT offers to update the defs right away, as a part of the end of the installation! - I suppose I could leave it after manually updating the program, to update its own definitions, but why would I? There will be a gap in up-to-date coverage! Am I missing something??

Hi all, I recommend MBAM to all my clients and help them purchase and install it. I manage a lot of these PCs on an ongoing basis and notice a trend that MBAM is very out of date. It seems to happen when the program is old and has to be updated. After downloading the program and installing it, it will say the database is outdated by tens of days, like 30-something, 40-something days! This isn't isolated, it happens every time the program gets manually updated. -If the program is newly installed, the database definitions seem to update by themselves just fine, until a program update is needed (installation of a new version). -If the program is updated AND I manually click through the warning balloon to update the definitions, I think the definitions will auto-update like normal. A- was the database outdated BEFORE the program update? (I don't think so) B- was the program updated but it included an old (month to month and a half) old database? (doubtful) C- if the program was just updated, why can't it go out and download and install the latest database like it normally does, day-to-day? D- general PC users are lazy with their upkeep. This we know. A large part of what we all do is to save users from themselves. Why can't MBAM update the program itself like it can with database updates? To me this is a HUGE security hole. I run across this weekly, if not nearly daily on all the PCs I work on. These customers of yours aren't getting the security they paid for if the program doesn't get updated, and if it does, the database is a month old. Is there any explanation for this? -RickNCN

I ran another scan with Emsisoft and it indicated explorer, winlogon and svchost are infected but it can't clean or quarantine them.

FBI ransomware malware was cleaned. At the end, ran combofix. It fixed something that upon reboot WIndows 7 went to a blank screen. Used System Restore to get back to Windows. Ran MS MRT and it found the infection and definitely identified svchost.exe as being infected. I let it clean. Rebooted - back to blank screen. Wondering if I can: 1- restore a good copy of svchost.exe 2- or should I do system restore again and take a different approach I have already: 1- cloned hdd 2- ERUNT 3- FixExec 4- Roguekiller, rkill, thekiller 5- MBAM 6- DrWeb CureIT 7- Super AntiSpyware 8- TDSSkiller 9- Combofix 10- MS MRT