Tinstaafl

Yes, that would be helpful. Thanks! I noticed that two basic repair actions are checked by default: 1. Delete tracing keys 2. Reset Winsock I am guessing that "Delete tracing keys" does some sort of registry cleaning, as "keys" seems to imply registry keys? I Googled "Reset Winsock" and got a few answers. It seems that command will remove any providers not included in "winsock,dll" by default, so you may need to install some things like USB network connections if you run that.

On v7.2.7.0 now, and still no detailed explanation for what these basic repair actions do. The help icons (?) in the settings page only opens the manual. The available repair actions are listed in the manual, but provide only a terse description for each. There is no help regarding what/when/where/why to use them.

If you run an AV like Avast, Avira, or Bitdefender on a modern PC, you are not likely to 'feel' any impact of running an AV. Those tools are real-time file scanners that will scan any file you access, so there is some system overhead, but most are likely to be better performers than Defender. Real-time anti-exploit measures such as MalwareBytes, or HitmanPro.Alert, use different mitigation and risk reduction methods that don't necessarily eat as much CPU time. So it is more likely that your choice of primary AV (and the PC hardware) that determines your overall performance.

I believe your best defense is a good imaging program. The AV and anti-malware programs are useful to alerting you to an infection. But once you know you have been compromised, the best course of action is to wipe and re-image the PC, or perform a clean re-install if you don't have a recent system image. In the last company I worked for the IT team did not mess around with trying to clean infected PCs. They immediately wiped and re-imaged the PC with the standard company issued image. All of the user profiles including current docs were kept on servers, so the downtime and interruption is much less with this method than trying to disinfect a PC. And there is never a way to be sure that you are completely clean afterwards, short of nuking your hard drive.

Yup. That is why I laugh when somebody claims that all they run is Windows Defender...

I will agree that in theory the Malwarebytes team has some advanced technology that may not be readily tested with current methodologies. But unfortunately, the naysayers may be getting the upper hand lately due to the poor "optics" regarding the reluctance of the team to participate and shed these doubts. I would think that making this happen should become a priority effort from the executive offices down to the front line.

Well that MRG report confirmed my thoughts on Avira, Bitdefender, and Kaspersky being the best 1st line defense against malware. I use Avira. I also feel better knowing that I use HitmanPro as a 2nd line layered defense scanner, in addition to Malwarebytes and Zemana.

I am now allowing updates again, as the problem seems to have been fixed. Have not seen any new updates yet, as 1.11.1.48 seems to be the current version.

All good now on XP.

The new version of MBAE 1.11.1.48 tested fine for me on WinXP SP-3, 32-bit. The issues I was previously having with browsers appears to have been corrected.

Well you actually only need protection on your Windows hosts and Windows VM guests. Linux will do just fine without.

That's exactly what I am doing. I have old applications that will no longer run on Windows 10. I have run XP in a Virtualbox host on both Linux and Windows 10. Works great! At this point I am dependent on Avast and MBAE to protect the XP VM. Even so, I try to keep away from the net as much as possible. I rarely download and run anything new. If anything bad does happen I will just re-pave the VM with a clone.

Win XP-SP3 here as well, same issue others have reported with their web browsers. Rolled back to v.24 and all is well again, disabled auto-updates. V.41 running OK on Windows 7.

I agree with the arguments for a behavior based defensive layer, and the limitations of traditional signature based approaches. But I think the claim that this is all you need today has created a credibility gap for the product (based on comments I read in public forums). While your scientific data may prove this point to be correct, there is apparently a majority public opinion that has not yet shifted over to this viewpoint. This is not yet perceived to be a proven approach, and most security minded folks generally choose to err on the side of caution. I use multiple layers myself, including a good AV.

Based on the data, I would think that MB should be considering a partnership with an established AV company. That would allow for a multi-level protection product, that in the real world, could be an actual replacement for an AV suite. This would be in recognition of the understanding that traditional AV products can let a lot of today's exploits slip past the defensive perimeter. But IMHO, you should still use an active signature based AV scanner running in real-time. Obviously, that is not enough to catch all of today's malware threats, but combining the two approaches in a layered defense makes the most sense.

Not really sure why this wouldn't be a priority? Having a shadow of doubt hang over what is otherwise a well respected product could be a missed marketing opportunity!

You make a good point. I believe that AV Comparatives uses only web based exploits in its real world tests. rather than a zoo of static malware samples. So it is a false argument to claim that all the test organizations only rely on static samples for their testing.

Not sure there's an issue, because I declined to run the cleaner step. I stopped after the first detection, and then attempted to correct the registry manually. Since there was nothing at the logged registry key, it then prompted my post ...

See my last post for resolution.

Thanks for the link! I deleted the Auslogics registry entry at HKEY_LOCAL_MACHINE\Software\Wow6432Node and the next scan was clean. ***** [ Registry ] ***** No malicious registry entries found. As a general practice, I do not run registry cleaners, preferring to do the surgery myself, following an elaborate disk imaging process. But I do have a lingering question in this particular case. If I had allowed AdwCleaner to attempt this registry cleanup (I chose not to), would it have followed the Registry Redirect and deleted the entry from Wow6432Node, or would I have still needed to manually delete this entry??? Thanks, again!

It's a "ghost"!!! Not there. I uninstalled all of my Auslogics last year! No key in the registry if I look manually in regedit.

I just uninstalled AdwCleaner, then downloaded and ran it again with the same results. Here is the log ... nothing in registry. AdwCleaner[S0].txt

I just started using ADWCLEANER 6.047 today. It found this same registry key on the scan. I looked in regedit, and the key does not exist. Where is the ADWCLEANER scan picking this up??? I used to have Auslogics defrag installed, but I uninstalled it last year when MBAM first detected it as a PUP.

Yup! The effectiveness is also influenced as described by the age-old acronym "PEBCAK" (Problem Exists Between Chair And Keyboard). Clicking on pop-up alerts and email attachments seems to be the best way to get a malware payload installed...

I get the differences that you have described. But I think that malvertising can also redirect you even without loading an exploit, and send your browser to a malicious URL. I recently experienced this with a fully up to date Firefox browser. I ran into the "Fake Firefox update" scam. Normally I am very careful and also run the uBlock Origin browser extension with all of the ad and malware filters set to high paranoia level. But one particular day I decided to allow my favorite mainstream weather site to be rewarded by disabling the filtering. This site is handy to have loaded in a tab because it keeps refreshing with current weather data. Apparently the ads rotate as well. I had left the room for a few minutes, so nobody was clicking anything. When I returned to the PC I was staring at a very real looking new page pretending to provide an "urgent" or "critical" update and prompting to download a firefox-patch.js https://support.mozilla.org/en-US/kb/i-found-fake-firefox-update The file extension was obviously a scam, so I hit the power switch and shut down. I was very certain that I had no malware installed, as I run a leading AV, scan the computer regularly with several products including Malwarebytes and HitmanPro, as well as check every executable and driver on the PC against VirusTotal. Re-booted and scanned everything, but nothing found. I do keep my ad filters on most of the time now though! I suppose that if I had clicked that link, it would have been my fault for letting it in, or maybe a good "real-world" test of my real-time exploit protection. Rather not find out!