Jump to content

ellentk

Honorary Members
  • Posts

    23
  • Joined

  • Last visited

Everything posted by ellentk

  1. Thanks for your reply. Since I posted my question, it occurred to me that all I need to do is add the program to the exclude list. I added the folder and the program launches with no problem. Daniel Kahneman wrote a book called Thinking, Fast and Flow. It's pretty clear where I come out on that spectrum.
  2. I'd like to run Auslogics DiskDefrag but a MB pup window is stopping me. I've used DD for years and just upgraded to the latest version. The older version never triggered malwarebytes. (Nor did it ever infect my system). The new version not only triggers MB but MB won't let me do anything but quarantine DD. Quarantine is blue, Ignore Once and Always Ignore are not active. If I click one the window vanishes for 15 seconds and reappears. I can't even dismiss the little window by clicking the X on the top right. The window slides down out of site for 15 seconds and slides back up. I can turn off MB to run DD but I'd rather MB run the way it's supposed to, that is giving users the choice of which pups they want to block. Is this a known bug or is there something I can do? Thanks for any help.
  3. Thanks, Aura. Just to make sure, I just download the latest file and run it? Should the installed version be open or closed? Ellen
  4. Instructions posted on this forum recommend uninstalling the version of malwarebytes on your computer before installing the current version. If I do that, will my settings, exclusions, etc. be saved? (FWIW I am running 3.0.6.1469, component packasge 1.0.76 and update package 1.0.1647) I haven't received the pushed file and plan to download the latest version. Thanks for any help.
  5. When I clicked "Scan with malwarebytes antimalware" after highlighting a file in windows explorer and right clicking it, MBAM began a threat scan of my entire computer. I just want to scan one file. Any way to do that?
  6. I've removed all references to babylon in Firefox's prefs.js and then deleted the user.js file, which I've read on the File Detections section of this board puts the entries back in Firefox's prefs.js file. But the entries keep returning to the prefs.js file. I'm running Win7 64 bit. I've searched the registry and removed all entries that contain the string Babylon. None of the programs that load at startup contain the string Babylon. It doesn't seem to be in processes or services either. And Babylon toolbar is not in my list of Firefox addons. And the toolbar doesn't load. But I would like to remove these pup files completely. I've searched and searched and cannot find a way to do it, except to totally remove all my extensions, which seems like overkill and way too much work restoring them. I'm seeing a simpler more elegant solution. Anyone got one? Thanks. Ellen
  7. Here's the thing. I downloaded a file from a freeware site that had a good rating from WOT. I scanned it using the right click menu. It was clean. I began to install it. Mbam advised it contained a trojan which it quarantined. It's good that I was protected on install, but I'd rather a scan warn me before I install a program. Since Mbam is capable of identifying this trojan, both in the protection module and in a full scan, I believe it should do so in a right click scan too and if not that it should be clear to users that this scan is not as thorough.
  8. How would I know there was a problem with the file if scanning it alone doesn't report it? Is the only reliable way to find out if there is a problem is to always do a full scan, even if you are interested in only one file? Seems counterproductive.
  9. Then what is the purpose of "scan with malwarebytes" being in the right click context menu?
  10. I did a full scan and these options were all enabled: Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P The scan turned up a minor problem in one file. I scanned that file using the right click context menu and the problem file was not found because the scan options were as follows: Scan type: Custom scan (D:\YYYY\JJJJJJ.exe|) Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Memory | Startup | Registry | Heuristics/Extra How can I enable Memory, Startup, Registry and Heuristics for a custom scan? Thanks. Ellen
  11. I do own MBam pro. I ran DDS and will send the logs to support. Thanks for your help.
  12. After installing a freeware program, malwarebytes pro (1.70.0.1100) informed me that it put backdoor.bot in quarantine twice, after failing to do so (error code 2): 2013/01/20 01:35:55 Detection c:\program files (x86) \zip password finder\recover.exe backdoor.bot quarantine 2013/01/20 01:38:18 Detection c:\program files (x86) \zip password finder\recover.exe backdoor.bot quarantine 2013/01/20 01:18 Error Quarantine failed: SDKQurantine failed with error code 2 Being unsure if the trojan got through due to the error, I took additional steps. Do I need to do anything else? Why was the trojan detected twice, or were there two trojans in the named file? How do I know if the trojan was quarantined before it did any damage? Should I delete the trojan or leave it in quarantine? Do I need to run combofix too? Here are the steps I've taken si far: I manually deleted the freeware program that contained the trojan along with a registry key containing the program's name as well as start menu links to the program. A search of my registry didn't turn up a key with the string "backdoor." A quick scan with malwarebytes reported no threats. A quick scan with GMER turned up a suspicious file, which I think it a safe intel process, based on this from http://www.runscanne...Client.exe.html "Privacyiconclient.exe with description Intel® Management and Security Status is a process file from company Intel Corporation belonging to product Intel® Management and Security Status. The file is digitally signed from Intel Corporation - VeriSign Time Stamping Services Signer - G2 We do not recommend removing digitally signed files from Intel Corporation" I've attached the GMER log, but only the above file was marked suspicious, if I'm reading it correctly. I ran AVG's anti-rootkit scan and it found no problems. I scanned my C: drive with AVG and it found no problems there. I scanned with Avast's aswMBR but can't interpret the log, which I've also attached. It gave me a choice of fixing the MBR but I'm reluctant to do that w/o knowing what will be fixed. I'm guessing it's the "disk 0 unknown mbr code" but I've read that these custom codes are not always malicious and the other scans turned up no problems. If someone can interpret the log, I'd appreciate it. I scanned with Sophos Virus Removal Tool, which found no threats. I checked running processes and didn't find backdoor.bot. Thanks for any help and advice. Ellen aswMBR.txt GMER Log after backdoor.bot quarantined.txt
  13. New version broken on my XP(3) system too. No time to troubleshoot for malwarebytes. Please post a link to prior version. Thanks.
  14. I'm trying to solve an intermittent "Failed to perform desired action error code: 0" error and one suggestion was to install Visual Basic runtime. I have version 7 and wondered what version the current version of Malwarebytes (1.51.2.1300),which I am using, is written in. (I have a feeling the error will stop appearing when I defrag and close some tabs in my browser, but I like to cover all bases. And if it doesn't, I'll reinstall.) Thanks. Ellen
  15. Is there any way to protect my computer in the short interval before malwarebytes and my firewall load? A Chinese IP has been scanning my system and the first scan today was seconds after malwarebytes stopped it. I suppose the simplest solution is to unplug my cable modem when I log off and plug it in after the security software loads. But I'd rather find something that's automatic. Ellen
  16. Hi Yardbird and Noknojon, Thanks for your help. I had the latest update and my firewall has been set to exclude all malwarebytes programs for two years. For some reason, the problem stopped happening after a few reboots and scanning a third time, this time with spybot search and destroy. All three scans turned up nothing. I think that the problem may have had something to do with some changes I made to my computer yesterday, but I have no idea why. The first change was trying to disable googleupdate.exe from running on startup. I changed settings in scheduled tasks. I also installed and uninstalled a utility called ProcessTamer (I thought it would help stop googleupdate). And I installed a firefox addon called EmailTheWeb. Of these I think it possible that processTamer may have been at fault, but I don't know. Ellen
  17. When I booted up today Sygate Firewall gave me this message: Application has changed since the last time you opened it, process id: 1956 Filename: C:\Program Files\Malwarebytes\mbamservice.exe Do you want to allow it to access the network? I'm running version 1.46 and updated to that version back in the spring. I scanned the malwarebytes folder in c:/program files with avast and superantispyware, both didn't find anything. I updated malwarebytes a few times yesterday, but this hasn't triggered a warning from sygate in the past. Any advice about tracking down this reported change will be appreciated. Thanks. Ellen
  18. If malwarebytes reported that the page was blocked, why did it load? Thanks. Ellen
  19. Although this thread: www.malwarebytes.org/forums/index.php?showtopic=22520 indicates that version 1.41 would no longer block apnews.myway.com (66.235.126.122), IP Protection in version 1.42 still reports that the site is blocked. However, although the popup advising that the page was blocked popped up four or five times, the page loaded, twice. Please advise. Thanks. (Since the thread above is four months old I was unsure if I should reply to it or start a new thread. Sorry if my choice was an error.) Ellen
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.