Jump to content


Honorary Members
  • Posts

  • Joined

  • Last visited

Everything posted by Durew

  1. Hi everyone, Like McFatTongueI've installed over an older version (disabled MBAM self-protect for the installation) as well, and I also use office 2010. So far I've yet to experience any problems. EMET might be problem again. (An anticipated issue.) As expected, sandboxed programs are not protected. (A known issue) No new/unexpected problems so far. @McFatTongue: Once you are able to edit, don't forget to check out the sub-fora in the lower end of the 'community index'.
  2. Congratulations with your 10.000 post milestone!
  3. It actually is a MBAM issue. (I got it wrong the first time too.) It's the message that shows when you right-click the MBAM icon and than chose "exit", that delphin136 is referring to. The english version reads "Are you sure you witch wish to exit Malwarebytes Anti-malware". This one: In dutch there is the same problem:
  4. -removed incorrect content to avoid confusion for OP- Thanks to Firefox for noticing.
  5. hi anon_private, Welcome to the forum. Here we go: "I start Avira starting under Vista, can I also start Malwarebytes with Windows, without problems?" Yes. That is one of the core features of Malwarebytes anti-malware (MBAM), being able to run alongside an AV. "I wanted the free version of Malwarebytes, but my version mentions Trial version in the Dashboard. Is this the free version?" No. To get you all excited about the premium version they'll let you try MBAM with all premium features enabled for a few weeks. This is the trail version you are running now. Over a while you will be presented the choice to either continue with the free version or buy the premium version. (If you wish to get rid of the trail version earlier, let us know.) Will Malwarebytes automtaiocally update the signature files? Only the premium and trail version should. The free version doesn't. There is a blue activate (inactive button) at the top. What does this mean? When you buy a license for the premium version you can use this button to active the premium version. SInce you wanted the free version, this is not really relevant for you. What is a Potentailly Unwanted Programme? How does MB know? What are the 'PUP' detections, are they threats, and should they be deleted? MBAM detects them about the same way it detects malware. Via the updates your local MBAM client gets the information. What is a Potentailly Unwanted Modification? Some programs change settings that you generally don't want changed. The programs doing this can be malware or PUP's. Examples of PUM's can be: changed file-assosiations (what file is opened with what program. .doc is generally opened by Word), your home page (if it was set to XXXNaughtystuff.something or the like), your security settings, your login preferences. What is the Access Policies box all about? Preventing other users of the computer and possibly some malware from changing setting's in MBAM or disabling it. In Advanced Settings - why delay protection for say 15 secs (default)? Is sometimes nessecary if MBAM conflicts with other software. Enable self protection early start is off by deafult - seems odd! I enabled it. It's probably off by default because the 'self-protection' is disabled by default as well. I do not know the exact reasons. Automatic scanning seems un-editable! Editing can be a little tricky. By clicking on the line that represents the setting you can select it, it turns blue (see picture). Now the edit button is enabled. Ignore the checkbox for what editting is concerned, that's only for removing planned updates and scans. (This is a premium feature.) I'll need to do some editing today to cover some of your questions. I hope this will answer some of your questions. I think I covered all of your questions now. If you have any questions left or got a couple of new ones. Please post and ask. Regards, Durew
  6. @DrStrange: Could you check whether your computer is turned on and has internet access when the update is supposed to run? If this doesn't help, please start you own topic. With two people with different computers, different settings etcetera in one topic can get confusing for the forum helpers.
  7. Hi eniliad, The latest version of MBAM Premium should be able to update automaticly. So it probably a bug, an unactivate license or somehow the scheduled update got lost along the way. Could you check two things: 1. in 'my account' (upper right in the dashboard), does it behind 'state' say 'licensed'? 2. in settings->automated scheduling, do you have any scheduled updates? I've attached two screenshots which may help you with finding the two things I mentioned above. (My scheduler settings are probably not what is recommended.) If you have any questions, please post & ask.
  8. C:\windows\media\onestop.midI'm not sure why it's there. But I'm listening to it, wondering "what (TF) is this doing in my windows-folder?". Anyhow, I like the beginning.
  9. Hi keherkiee, I am sure that the screenshot you send does not show a window of Malwarebytes anti-malware. So I don't think you have a problem with your premium account. Please follow the direction Firefox gave you, we are not allowed to use the tools necessary to help you in this sub-forum. Regards, Durew
  10. Hi raffyy, Since the staff and people more knowledgeable than I haven't responded yet I'll give it my best shot. Staff, experts ect. will (hopefully) correct me if I'm wrong. For illustration purposes I'll use the fictional piece of malware called: malware.A about crypters: A crypter (cr.A) is used to make malware.A disguising it as something that is not malware.A and thus fool anti-malware programs. The only problem is that em.A can't be executed in it's 'disguised'-mode. The processor wouldn't understand. So upon execution of the disguised malware.A malware.A is 'undisguised' (decrypted?) by the crypter, loading the program undisguised into the RAM, from where it's run. (The computer now has an active infection). MBAM is designed to look for active infections. (That is why the 'custom scan' function of MBAM is considered one of it's most useless features.) So it looks at the un-disguised file running, thus bypassing the crypters. The 'terrifying' video on a crypter website (the first youtube video mentioned in 'sources'), shows just how great it is working against passive scanning. Meaning that the malware is not executed, just boring old 'see if it matches with the signatures'. So I don't think MBAM has much problems with detecting crypted software when it's active. A scan of the memory should show it. I'm not sure how well MBAM's realtime protection deals with crypters, this because I don't know if it's solely an on-access-scanner or that is keep monitoring the processes as they run. The second youtube video linked shows a crypter by-passing an on-access-scanner. Some AV-software targets the crypters themselves, not bothering to look at what has been disguised. I don't think MBAM does that and I'm not sure how well it is working. about RAT's: what the malwarebytes blog writes: Since MBAM has a commercial version (and a vague recollection) I think MBAM doesn't detect white-hat-RATs. I recall Malwarebytes intending to add an option to detect these as well, later on. And so far, MBAM is doing nicely in the detection area. (An avarage time to detect of 6 hours.) I did not find any tests of MBAM versus RAT's. Layered security: I'm a big fan of layered security. Don't trust one piece of software to protect you. If you want some ideas, open a topic at 'general PC-help' and I'm quite sure you'll get plenty of replies. conclusion MBAM should do fine against RATs with crypters, but don't rely solely on it. No protection software is perfect, and that goes for MBAM as well. So put as many hurdles in the way for malware that tries to infect you computer. And if you think you are infected. We have a special subforum dedicated to removing malware. This is about all I can tell. Still, if you have any questions, please ask. Even if I can't answer them, other might be able to. sources: my memoryhttp://blog.malwarebytes.org/intelligence/2014/03/malware-with-packer-deception-techniques/http://blog.malwarebytes.org/development/2014/03/memory-scan/http://blog.malwarebytes.org/intelligence/2012/06/you-dirty-rat-part-1-darkcomet/http://blog.malwarebytes.org/intelligence/2012/06/you-dirty-rat-part-2-blackshades-net/http://blog.malwarebytes.org/intelligence/2012/06/rats-of-unusual-sizes/http://www.crypters.net/ (warning: not for the faint of heart, somehow got a green web of trust rating.) http://www.youtube.com/watch?v=TtW8VpB_loQhttp://www.mrg-effitas.com/wp-content/uploads/2012/06/MRG-Effitas-Time-to-Detect-Assessment-Q4-20131.pdfhttp://alwaysarticles.blogspot.nl/2010/06/guide-anti-rat.html
  11. Hi JeffersHR, Welcome to the forum. about your question: Yes. Remove the installation from XP or revert it to the free version, than install MBAM on you clean copy of windows 7, using you license information to make it the premium/PRO version. I hope this helped. If you have any questions, please post & ask.
  12. hi mehdileloupblanc, Welcome to the forum. If we are talking about the password of MBAM: reinstalling MBAM is the only way to reset the password. If you have MBAM self-protect enabled, and it requires the password to disable it you may get a problem with reinstalling. Please post back if this is preventing you from reinstalling MBAM. If you have any questions, or run into any problems, please, post & ask.
  13. Using badly structured data (and working through a paradox) to cause an overload and so trigger a crash in the human logic system as to obfuscate that half of the argumentation was missing, making the targeted human believe something silly. Nice. Even faking confidence by requesting a new question to suggest authority. Too bad some humans are patched against this already. But those patched wouldn't ask the stated question so you could have had a good success-rate. Did you? Just curious, did the exploit work on a lot of humans? Any interesting side effects?
  14. Too bad. Let's hope the logs show something. If you run into problems with the logs, please let us know.
  15. Hi DeanZF, The article here should explain it. If you have any questions after that, please post & ask.
  16. About your first problem (the windows error message): The following link might help. http://social.microsoft.com/Forums/en-US/a3145e58-eaea-43e5-b2db-c15885076c48/0xc004d401-errors-in-mgadiag-and-system-file-mismatch-errors?forum=genuinevista Whether or not the two messages are related, I cannot tell. I do not see how they would be related, but that call may very well be above my level of expertise. I do advise to run another threat scan with MBAM, MBAM appeared to be busy when you shutdown your computer (or so your post seems to indicate), so maybe it hadn't finished cleaning up the PUP's yet. I'm sorry I can not give the answer to your ultimate question about whether or not the PUP's and the windows error are related, but I hope this helps nevertheless.
  17. Hi fquak, Could you set MBAM to start it's real-time protection 15 seconds later. According to a review I found this might just work. With version 2.0 of MBAM you can set the protection to start later. (it's in the 'advanced settings') If this doesn't solve it, please post the logs according to Firefox his instructions. (or do it anyway) And restore the setting to it's original state. If it does, please let us know. I must point out the Firefox 'out ranks' me. If you have any questions, please post & ask.
  18. Hi fquak, You could try adding the mbam processes to the 'trusted processes' list of lockbox. If you have any questions, please post & ask.
  19. He earned it. Congratulations MaDocheck! @MaDocheck: Will we be seeing you around here?
  20. I would have used the portable version of FreeFileSync, as it doesn't require administrative rights it can't install the PUP propperly (if it tries to do so at all). http://portableapps.com/apps/utilities/freefilesync-portable You could of course switch to the competition. (Allway Sync, SyncBack, Synkron, File Synchroniser) Whether it's worth the trouble is up to you. So I would start with trying to avoid installing PUP's by using different installers/software. But if that's not an option, I would temporary change the settings about how MBAM should treat PUP's (detection and protection settings) instead of turning off the realtime protection. As a little note: the site below seems to indicate that freefilesync doesn't install PUP's, merely shows ads during installation. Are you sure you didn't have the PUP's before the installation? http://sourceforge.net/p/freefilesync/discussion/open-discussion/thread/99bb4e37/Further I have little to comment, sometimes there is no neat way and you'll have to do it the dirty way. I hope this gives you some ideas for the next time. If you have any questions, please post & ask.
  21. Just curious, what is an 'invited account'?
  22. To answer your (rhetorical and implied) question as to why there are so many people complaining: It's a change, and humans don't like change. So we get the 'resistance to change', which is quite interesting to see. After a period of uninformed optimism ("whooh, version 2 is coming and it's gonna be awesome") some are going through 'informed pessimism' ("it ain't perfect") and they will get to 'informed optimism' and 'completion' later. That's normal. Some may even go through the Kubler-grief cycle. (I think I spotted 'bargaining' several times, some where asking how to revert to 1.75 and this one might be a combination of 'anger' and 'denail'.) The other phases are more passive so I don't expect to see those. Over a little while the worst complaining will have subsided as everyone moved on to 'completeness' and 'acceptance'. To make things even more interesting is that people seek self-confirmation. Once they have the idea that version 2.0 is a piece of faeces they will seek things to confirm it. (This is called the confirmation bias.) Since I might insult people by pointing out examples of this I will refrain from doing so but, if you look around you can find examples. (note how once one begins complaining, the following posts are filled with complaints as well.) The fact that they can complain here and feel like the people of Malwarebytes are listening to them (whether this is true is irrelevant here) is helping the humans process the change. It provides a source of reassurance ("they care about my problems and something is done to make it better") and gives a sense of control. In addition I'd like to point out that the dataset is skewed. We only see those complaining. Those who did "set it and forget it" have no reason to post here, so they don't. (Maybe they forgot. ) And not to forget: Did you check for a 'conformation bias' of your own? It's human nature I'm afraid. Since I'm human myself (or so I like people to believe ), I may be guilty of the complaining about "piddly" stuff myself. (Probably about the size of the notices.) So to answer you question in a short fashion: because the complainers are humans and humans are weird. The bad news: You are probably human as well. (But it's the internet, so who knows... ) Sources: http://changingminds.org/disciplines/change_management/psychology_change/positive_change.htmhttp://changingminds.org/disciplines/change_management/kubler_ross/depression_stage.htmhttp://en.wikipedia.org/wiki/Confirmation_biashttp://en.wikipedia.org/wiki/HumanAs we lack a "psychology of our posters" sub-forum I think this topic belongs in 'general chat'. Disclaimer: I'm not trained in psychology. I did not mean to offend anyone.
  23. And I see that your problem should be solved in the current version. See this post. If it still occurs, could you let us know?
  24. You probably have the self-protect of MBAM enabled. To delete the short-cut, disable it in the settings, remove the short-cut and enable the self-protect feature again. (This setting can be found in the "advanced setting" in the "setting" tab.) If this doesn't work, you run into any problems or have any questions, please post & ask.
  25. Just so I get my vocabulary right: FUD stands here for "Fear, Uncertainty and Doubt" and not "Fully UnDetectable"?
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.