1PW

This was just flagged again about 4 minutes ago as I attempted to download from: <http://filehippo.com/download_skype/download/443149faf49543d1da7bdb5d22e33c0a/> My MBAM Pro is at DTBS 5474.

Flagged with "SPYWARE.BANKER" while downloading from filehippo.com: <http://www.filehippo.com/download_skype/>

EMET, offered by Microsoft, is gaining popularity. Would MBAM itself be offered some additional protections if its executables were added to EMET's applications list? Have the MBAM developers had any experiences with EMET they'd like to share? If appropriate, would anyone like to share their EMET experiences here? Thank you.

On a typical Windows XP system: C:\WINDOWS\system32\drivers\mbam.sys HTH

Hello detsi: The unintended consequence of my post's phrasing has left you with an entirely incorrect impression. However, I sincerely apologize for this misunderstanding and I will stand down from further posting in this thread if it is your desire. I do hope you will discover the path to the knowledge you seek. Happy New Year and best wishes.

I meant to type "HOSTS" file.

Hello detsi: Acrobat Reader and Java usually can be found in the top ten of "most susceptible" user applications. You would do well to update them ASAP. Some here would consider this to be constructive as the information was derived from your enclosed log post above. Perhaps you could send the second of two DDS logs as requested above. i.e. "Attach.txt" Are you familiar with your system's "HOST" file? How does your system access the Internet? If you do not feel comfortable maintaining your system, you may wish to engage the services of someone who does this professionally.

Hello detsi: At your earliest convenience, you may wish to mitigate the critical security risks your versions of Adobe Acrobat Reader and Oracle Java are presenting to your system. HTH

Hello detsi: Unless you have vastly under reported all of your computer security, in the minds of many your system is seriously under protected. A significant first step in correcting this deficiency is to subscribe to the PRO version of MBAM and permit all its features. As the next step, I would respectfully suggest you immerse yourself in a thorough course of computer security self study.

Hello detsi: Your multiposted was properly answered in the SAS forum. If permitted, I would add is that MBAM is not a backup to MSE, but an essentially equal and integral part of a layered protection arsenal and one would hope you are running the full MBAM PRO version. HTH

Hello kitjai888: Please follow the explicit advice given you in the previous thread:What do I do now? You will find the help you seek.

Excellent sir.

Hello shadowwar: The offending PM was sent to you. Thank you.

Moderators: I have just received a PM, on this forum, easily identified as Phishing. The sender is identified as "abigail" It is my wish that this member's account be closed quickly. Thank you.

Permitting remote assistance for your father's PC, through the application of your choice, will permit you to maintain a viable HOSTS file as well as occasionally monitoring the general state of his system. As HOSTS file maintenance goes, HostsMan is fairly painless. To try and answer your question about an active HOSTS file versus MBAM's Protection Module; some overlap will result, but we also are urging you to consider using more than one antispyware application. No one protection scheme does it all but MBAM is the best. Also, the next time you've cleaned his system, consider backing it up externally. Suitable external backup drives are under $100USD now. Although obvious to some, we have failed to touch on the other various vectors that malware uses for attacks. Keeping Adobe's Flash/Shockwave Players up-to-date is very important. If your father's system has Adobe's Acrobat Reader, you may wish to find a safer alternative such as Foxit Reader and we might as well get you to turn off javascript too as well as keeping Java up-to-date if used. HTH

Perhaps because some of us take it for granted, Sandboxie can provide additional browser protection. HTH

SpywareBlaster will add another defensive dimension. Some of us, who are quite fond of MBAM Full Version, have also installed SUPERAntiSpyware Professional. Some might debate the choice of Microsoft Security Essentials (MSE) for the lead in AV protection and many of those folks might be Avira AntiVir Personal users. If your father's system is XP based, has thought been given to a good personal firewall (PFW) like the free COMODO Firewall? Does your father's system currently enjoy the benefits of a good, updated NAT router? Is the system's OS, and all applications, completely up-to-date? HTH

Some likelihood exists that the blocked IP addresses might be related to Skype. Even though you may have dismissed the Skype window from your desktop, you might still be "Online" as far as Skype is concerned. Under these circumstances, ten or more TCP/UDP ports may show up in TCPView with some showing an "ESTABLISHED" relationship with Skype and IP addresses you are unfamiliar with. These could be Instant Messaging (IM) probes. As a test, you may wish to go to the system tray and right click on the Skype icon and change online status to offline or better yet, Quit Skype altogether. If MBAM still notifies you of blocked IP addresses, on an otherwise idle system, they are related to yet another system process and will require further investigation. You may also wish to confirm that your version of Skype is at least 5.0.0.152 HTH

See: <http://www.robtex.com/ip/222.64.164.163.html#whois> Do you use any file sharing applications? Do you have any firewall running? Try downloading/running Mark Russinovich's "TCPView" from Microsoft: <http://download.sysinternals.com/Files/TCPView.zip> The following may also shed some light: <http://download.sysinternals.com/Files/ProcessExplorer.zip> HTH

Quoted from COMODO Bug Reports forum: "Although it's probably abundantly clear to most COMODO staffers, the problem outlined in the original post, now extends to COMODO CIS V5.0.163652.1142 and I have verified that normalcy returns if Defense+ is "Disabled" as was the case with the previous version of CIS. With COMODO's permission, I have altered the "Subject" line accordingly. HTH"

COMODO CIS vs mbamservice.exe Update.

COMODO CIS vs mbamservice.exe Update

We all stand on the shoulders of our fine experts here and some friendly and knowledgeable moderators at COMODO's forum. Pay it forward lomax327...

Hello lomax327: I have recently gone down the same path as you. For now, the trouble is not with the COMODO Firewall but with their "Defense+" component(s) within COMODO Internet Security (CIS). An excellent workaround you may consider, before entering any exclusions in MBAM, is reinstalling COMODO CIS 5.0, and during the installation process, do NOT use the default install choices but instead choose "Firewall Only". This will forbid the "Defense+" components from activating that presently seem to have unfavorable interaction with mbamservice.exe and consume excessive CPU usage. One of the COMODO moderators suggests this warrants a bug report with COMODO and this has been done: COMODO Bug Report Best wishes to you.

Hello noknojon: In this individual instance, one of the COMODO moderators believes that a COMODO CIS 5.0 software bug has been uncovered. At their suggestion, I've opened a COMODO CIS bug report. <http://forums.comodo.com/bug-reports-cis/default-install-of-cis-501626361135-makes-mbamserviceexe-a-cpu-hog-t62437.0.html#new> I suppose the reason I object to adding exceptions to MBAM is that security holes are opened were malware may flourish. I still strongly believe that the default install versions of these two applications can be made to work well together. Best wishes to you.