Jump to content

dont_touch_my_buffer

Honorary Members
  • Posts

    155
  • Joined

  • Last visited

Everything posted by dont_touch_my_buffer

  1. Based on the little information that you've provided, I can just guess... The chances are that MB did not remove the mackeeper fully, just disabled some of the offending functions in the program. Doing so probably broke some of the functionality of mckeeper that prevents the MacOS starting up. One of the functionality is encrypting files and if it had been enabled, that might be the root cause for the OS not starting. The booting routine cannot find/read the files that it needs to start. As a side note... Malwarebytes is right about mackeeper in my view, it is a scam and it includes PUP MUPs, popups, etc. How MB removes some of the functionality of this program is probably wrong... http://themacschool.blogspot.co.uk/2012/09/mackeeper-is-scam.html http://applehelpwriter.com/2011/09/21/how-to-uninstall-mackeeper-malware/ You could try booting your Mac in safe mode to see, if you can bypass the issue with MB disabled/the uninstalled programs: https://support.apple.com/en-us/HT201262 Once in safe mode, properly uninstall mackeeper, follow the instruction in the link above.
  2. Systems: W7 and 8.1, Professional 64-bits OSs, quad CPUs, 8 (W7) and 16GBs (W8.1), Samsung SSDs, MB 3.1.1 Starting the default "Threat Scan" manually in Windows 7 results in close to 100% CPU utilization. The system is sluggish, programs take long to load, the mouse pointer becomes jumpy and the scan completes in about six minutes: Starting the same default "Threat Scan" manually in Windows 8.1 results in variable CPU utilization, depending on the programs starting, or being used. The system is pretty much the same as without the scan running, the scan completes in about two minutes: Yes, there's a roughly 20% more files scanned in Windows 7, but it should not result in close to three times the time to complete the scan. Nor should it peg the CPU to close to 100% CPU utilization.... The two systems are running on different computers, not dual-booting on the same hardware. Is the performance difference between the two scans "it is what it is", or can that be fine tuned within MB?
  3. System: Windows 8.1 Professional, 64-bit OS MB version (licensed): 3.1.1.1722, Component package: 1.0.117, Update package: 1.0.1.1887 The MB 3.1.1 had been installed over the previous version 3.0.6 couple of days ego. The exploit protection worked just fine, until now. Manually starting results in quickly going back to "Off" position. mb-checkResult 05.07.17.txt logs_05.07.16.zip
  4. You seem to state that MB failing in "real world" test, but works just fine if there's some social engineering on the front end of the malicious URL.. Accessing the malware via a direct link, or via any other delivery method should have the same results as far as protection is concerned. At the end of the day, it is the malicious URL, accessed directly and/or by redirecting in the background, that delivers the payload. If your focus is on "spam, exploits and malvertisements", that could be a simple black listing URLs. If that's the case, that can quickly become a "whack-a-mole" game, just like the AV is. Provided that the MB real time web protection works reliably, but that's a whole other issue...
  5. I don't doubt that you have no issues and good for you, but that does not help in any ways. My systems does have AV, among other security protections besides MWB. Prior to MWB 3.0, non of the layered protections had issues with each others. They co-existed peacefully, with minor tweaks here and there. MWB just does not like to exists with some of the AVs that you still need...
  6. I don't disagree, but... The larger dis-service provided by Malwarebytes is not being able to eliminate bugs in their software. Real time protection is still iffy at best, even if they'd tell you that statistically speaking, it is actually a small percentage of end users who are impacted. I don't necessarily agree with that and from my perspective, all of my and some of customers' systems that have MWB are 100% impacted. The annoyances that the four month old package still exhibits is no longer a growing pain, it is a fact of life with MWB. I am in the process of redesigning the layered protection for Windows systems that will not include MWB.
  7. In my view, uninstalling the existing version of MB for major updates (a.i. UI and executable) is a major drawback of this product. Not to mention that at times one would need to run the "MBAM clean" tool to allow installing the latest version. This results in support calls, posting in forums, etc. I'd be hard to pressed to name any other software that would require the removal and clean up after bad uninstall routine. I guess asking for a rollback to the previous version feature, if the update does not work as intended to, would be too much to ask for at this point... PS:, Yes, I do like MB and will keep using it, despite its installation shortcomings...
  8. Malwarebyte's new Cybercrime Tactics and Techniques Q1 2017 report shows Cerber has totally taken over "the market", accounting for 90 percent of Windows ransomware. On the other hand, the report does not mention, if Malwarebytes 3.x provides protection against Cerber and/or other ransomware. So, the question is... Can Malwarebytes prevent ransomware encrypting the data on a Windows system? TIA...
  9. Except that the Windows SMB Server CVE-2017-0147 Information Disclosure Vulnerability does not include buffer overrun attack. An attacker could exploit this vulnerability by sending a crafted request to the target system that may contain random information that is stored in memory when returned. The "crafted request" means a string of characters that may include letters and numbers that the server protocol driver responds to. The chances are that that the attacker could also execute arbitrary code, otherwise exploiting this vulnerability is iffy at best. Even if Microsoft does not state that... While I don't know much about programming, but.... The crafted request handled by the system two different ways: The crafted request results in a buffer overflow that allows the attacker to execute arbitrary code The crafted request, or string of characters, coded in the server protocol driver and system system responds as expected Anyone knowing the string of characters could exploit this vulnerability. While it is unlikely that MS would do this, having an eerily similar vulnerability from 2006, quote, makes it suspicious: The CVE-2006-1315 has this description, quote: Yes, it could be coincidence... On the other hand, it could be an update for the crafted request, or special strings of characters once they become known. We will never know the answer to this... PS: Yes, Malwarebytes 3.x provides multi-layers of security protection for the system. But even this protection is pretty much ineffective against unknown special strings of characters that's actually a "normal" and "intended" operation...
  10. Windows 10 market share is about 25%, I am pretty certain that the intelligence agencies have exploits for this platform. Not having them at their disposal would limit their effectiveness of eavesdropping on people. And yes, some of vulnerabilities patched last month impacted Windows 10 platforms as well...
  11. Shadow Brokers had been trying to sell these exploits since August 2016, quote: Patching these exploits in March 2017 would meant that we were not safe prior to this date, nor do we know just how long they had been utilized prior to August 2016. That just shows the value of updates that re-enforces the need for security solutions for protecting systems and applications against advanced threats. My question is, could Malwarebytes 3.0x stop these exploits? Based on the KB Article, the chances are the answer to this question is no, quote: The "specially crafted packet" could be anything, such as buffer overflow, unintentional/intentional backdoor, etc. It's hard to say without looking at the actual packets in question and its impact on the system. Nor did Microsoft disclose the details of the exploit and more strangely, it did not credit anyone for finding this vulnerability and notifying Microsoft.
  12. I have to agree and just as much as you did, I appreciate @Porthos for following the company's line. But... The US website states this: No, it does not state that MB 3.0 is an actual antivirus, but it certainly insinuates that. If you have solution that had been made obsolete by MB, why would you keep it on your system? At the very least, the above quote is misleading... In my view, this would be straightforward: There would be no misunderstanding what Malwarebytes solution does and leaves the antivirus alone. No, I am not trying to defend the antivirus, even if it has some useful purpose... PS: I do like Malwarebytes software and believe that this is the right direction for endpoint protection, especially for home, small and mid-size businesses. And yes, I do wish Malwarebytes would address the current issues with the version 3.0x faster, but I am still patient...
  13. Thanks for the detailed explanation of the inner working of MBAM 3.0x, much appreciated... Conversely... Where the MBAM is weak, the traditional anti virus is strong. For the most part... The issues with the current version of MBAM certainly necessitate the traditional anti virus. In my view other memory protection, like MS EMET, would not hurt either. I cannot trust MBAM 3.0x at this stage as a reliable solution, with its occasional hiccups, but I do hope they will resolve the issues in an expedited fashion.
  14. On my air-cooled W8.1 with Samsung SSD, I don't see much performance hit with Malwarebytes scan. In addition to MB scan, I had: Vipre scanning a network share Opening all MS Office apps, including Visio and creating a network diagram Run Gimp2 Etc.. The Microsoft programs started up with a minor delay, creating the network diagram was just fine, etc. Gimp on the other hand took much longer to open than usual. The CPU had been pegged for about 15 minutes, but temperature didn't even reach 50 degree Celsius, per CPUID HWmonitor: It's an older CPU and that might be the reason for the performance differences... Disclaimer: I love air-cooling and yes, it is custom built...
  15. I have a Windows 7 Professional 64-bit system with i5 CPU, 8GB memory, SSD drives, MS Office 2010 Professional 64-bits with Malwarebytes 3.0x. I also have a Windows 8.1 Professional 64-bits system with i5 CPU, 16GB memory, SSD drives, MS Office 2013 Professional 64-bit with Malwarebytes 3.0x. I don't see any of the performance issues that you're having on either of the systems... Maybe you should run a "Check Disk", enable fix file system errors and recover bad sectors. You could also run "sfc /scannow" to recover from damaged system files. Or, maybe just check the event viewer to narrow down the source of the issue that causing the performance degradation. You know, just typical techie troubleshooting...
  16. It's also possible that "VigorF" = "riskware.Tool.CK". In another word, Microsoft and Malwarebytes assigned different names for this malware...
  17. It's always a good idea to delete data files/folders that are no longer being used... It's interesting that Malwarebytes did not find VigorF, the link below actually advises to remove VigorF with Malwarebytes, among other solutions: https://malwaretips.com/blogs/remove-trojan-js-vigorf-a/ Did you scroll down in the scan result? It's "Step 2\image # 6" in the above link...
  18. Did you try scanning the "physically separate HD" with a custom scan? Just click on the drive letter for the physically separate drive and start the scan. You may have Windows Defender configured to scan all drives, while Malwarebytes is limited to just the "C" drive...
  19. Here's the issue with falling back MBAM 2: it is an older engine that may not be up to date for current malware support for version 2 will end soon It's been about three month that MB 3.0 had been released and the sporadic web protection failure had been an issue ever since. One would think that with all of the reports and data sent to tech support, and presumably to developers, that this issue should have been resolved by now. Since it had not been done, maybe it's an indication of deeper issues and/or even the developers are lost as to why the web protection is failing at some times, but not other times. In either case, this is getting old by now for the end users and Malwarebytes' reputation suffers in the process. I still hold out hope that they'll be able to fix MB soon, it is a great solution in protecting one's system. But just like others, my patience is wearing thin...
  20. Malwarebytes may or may not support wildcard characters. If it does, this may work for you: C:\Users\User ID\AppData\Local\Temp\?.tmp\bin\rubyw.exe Or the short version: %TEMP%\?.tmp\bin\rubyw.exe Alternatively, contact PIA again and ask them how to run "rubyw.exe" from a predetermined folder and exempt the folder from Malwarebytes scanning......
  21. Thanks Ron, maybe I will take you up on your offer, sent you a message... And no, my systems do not have hidden malware, provided that you don't consider MS telemetry as malware...
  22. Thanks for the offer Ron, but... In addition to trying to remediate the issues in this forum, I've also contacted MB support via email and forum messages that you probably don't see. So, there had been more than "some logs" sent to support. In all different venues, the end result had been the same; web protection enabled being iffy at best. The email support had been slow and generally followed the steps available in the forum to resolve the issue. Well, until someone decided to close the support ticket and ask me to rate the support what I've received. In respect to Malwarebytes, it seemed to me that it is better not to rate the support. Forum messaging with one of the tech regularly helping people in the forum, whom I consider really good, seemed promising. Despite trying more than offered in the forum and providing number of logs, the end result is the same. Oh well, at least the tech confirmed that my AV and MB do have a conflict on his/her test system. In my view Malwarebytes is working hard on the resolving issues and certainly, it's making progress. It's just too slow for my taste. After about two month going through numerous uninstall/install process, I am just not inclined to continue with this "rinse and repeat" cycle and prefer to wait for later version(s). On the flip side, exploit protection always work and that's what I care most about anyway...
  23. I am glad that you have no issues jadinolf, but that's how far I agree with you... I am still on the wait and see approach with my Windows 7 and 8.1 systems, where web protection is still a hit or miss. No big deal with the other non-Malwarebytes layers of protection working, but one would think that after two month, Malwarebytes would have fixed it by now. Oh well, I'll wait for the version 3.1 released at least, prior to cycling through other beta versions again. MB 3.0 release reminds me when Windows 3.0 had been released, it wasn't until Windows 3.11 had been released that it was actually usable. Maybe be I should wait until MB 3.11 released...
  24. I have experience with a few different versions of Malwarebytes, 3.0, 3.05, 3.06 and various preview builds. With the exception of one case, unable to install newer version, the only issue had been with all versions is the real time web protection. It would not start, nor could it be enabled manually. Yes, in each cases, I did go through the "standard procedure" to try fixing the issues. This includes uninstall MB, run the "MBAN clean" and FRST64 as admin, install/re-install MB, exempt Malwarebytes executables and drivers from AV scanning, etc. The web protection would work, sometimes even for couple of days, but inevitably the web protection would not start. So, with the last version currently on the system, I've got tired of going through the "standard procedure" and decided that my system can live for another day without it. After all, it has number of other security layers that can mitigate the risk for accessing the web. So, it's been running like that for over a week and couple of interesting observation about the web protection. Firing up the system in the morning had been showing different results: Web protection starts with the system Web protection does not start, but standard UID can start it manually Web protection does not start, but admin account can start it Web protection does not start and no account can start it Web protection does not start, cannot be started by any account, stopping AV allows starting it up As of today, the web protection started with the system, which it did not do yesterday, nor did I started manually. This is not the first time that this has taken place during the last week or so, happened couple days ego as well. The system did not change during this time-frame, except for the daily updates for both MB and the separate AV. While I understand that the AV can interfere with MB, in my view, it would do it all the times. The more likely scenario is that the MB updates are breaking the web protections. Malwarebytes receives daily updates for: "controllers_version" : "1.0.50", "db_version" : "2017.02.02.04", "dbcls_pkg_version" : "1.0.1158", "installer_version" : "3.0.6", Yes, I am aware that this is not the current version, just don't feel like running it again... Each time the updates are incorrect and/or has not been applied correctly, the web protection is off. Conversely, if the updates are fine, the web protection starts with the system. Is there a way to disable updates for times when the web protection starts?
  25. That's a double edged sword... People who didn't know how MBAE works, asked the question and wanted a simple explanation. The FAQ is great for that. People who did know, already used DDG to learn more about the actual stack/buffer overflow technics...
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.