Jump to content

smargh

Members
  • Posts

    3
  • Joined

  • Last visited

Everything posted by smargh

  1. I tested some malware inside VMWare which performed in a similar way bar the admin rights quirk, which perhaps may have been coincidental or caused by a different issue. (?) The infection vector was a fake Facebook page with a notice that Flash had to be updated. Check your Windows event log to see whether any .dll or .sys files have been modified. The one I tested replaced eventlog.dll and caused essentially *every* AV or anti-malware scanner to close (followed by setting full deny permissions on the associated .exe) as as soon as it hit some keys in the registry which the malware was watching for things accessing. It's the most annoying bit of malware I've ever seen.
  2. It doesn't need to be 100% automated - the UI should still be able to appear when the command is run. When MBAM is run with the /runupdate switch, will that specific .exe process ending definitely signify that all the aspects of the update process have finished?
  3. Hello. I've bought Malwarebytes for use with a PC which also has SteadyState disk protection, whereby all changes are rolled back after a reboot except for Windows Updates, some AV updates and custom update scripts. The criteria for app updates within SteadyState basically says that the update process should be entirely complete when the one update command finishes running. I have looked into putting MBAM on another unprotected partition, but the active protection .sys resides in %windir%\system32 which wouldn't be rolled back after a reboot. Would mbam.exe /runupdate be sufficient? Would that update process also update the .sys when necessary and close when it has finished everything? I have googled & searched this forum, but it doesn't look like anyone has mentioned MBAM with Steadystate. Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.