Jump to content

Tinstaafl

Members
  • Posts

    40
  • Joined

  • Last visited

Posts posted by Tinstaafl

  1. Yes, that would be helpful. Thanks!

    I noticed that two basic repair actions are checked by default:

    1. Delete tracing keys

    2. Reset Winsock

    I am guessing that "Delete tracing keys" does some sort of registry cleaning, as "keys" seems to imply registry keys?

    I Googled "Reset Winsock" and got a few answers. It seems that command will remove any providers not included in "winsock,dll" by default, so you may need to install some things like USB network connections if you run that.

  2. If you run an AV like Avast, Avira, or Bitdefender on a modern PC,  you are not likely to 'feel' any impact of running an AV.

    Those tools are real-time file scanners that will scan any file you access, so there is some system overhead, but most are likely to be better performers than Defender.

    Real-time anti-exploit measures such as MalwareBytes, or HitmanPro.Alert, use different mitigation and risk reduction methods that don't necessarily eat as much CPU time.  So it is more likely that your choice of primary AV (and the PC hardware) that determines your overall performance.

  3. 37 minutes ago, lock said:

    In one year  there are between18,000 to 84,000 meteorites bigger than 10 grams which will hit the surface of the Earth. Did you buy insurance against it????

    Most likely not. That being said , In over 15 years I wan never significantly affected by a PC virus (most of them unwanted software or redirecting) ; In more than 3 years and 3 PC I never had a detection initiated by MBAM (other than Web shield, most of the time FP).

    I believe your best defense is a good imaging program.  The AV and anti-malware programs are useful to alerting you to an infection.  But once you know you have been compromised, the best course of action is to wipe and re-image the PC, or perform a clean re-install if you don't have a recent system image.

    In the last company I worked for the IT team did not mess around with trying to clean infected PCs.  They immediately wiped and re-imaged the PC with the standard company issued image.  All of the user profiles including current docs were kept on servers, so the downtime and interruption is much less with this method than trying to disinfect a PC.  And there is never a way to be sure that you are completely clean afterwards, short of nuking your hard drive.

  4. I will agree that in theory the Malwarebytes team has some advanced technology that may not be readily tested with current methodologies.

    But unfortunately, the naysayers may be getting the upper hand lately due to the poor "optics" regarding the reluctance of the team to participate and shed these doubts.  I would think that making this happen should become a priority effort from the executive offices down to the front line.  :excl:

  5. 1 hour ago, Weston1973 said:

    I did find some reports that I have included below where Malwarebytes was tested by independent IT security research company MRG-Effitas and I have to be quite honest, Malwarebytes didn't perform very well at all.  Actually, Malwarebytes was near the bottom of the pack in every test when you compare it to HitmanPro and Zemana Anti-Malware and most of the others.

    Well that MRG report confirmed my thoughts on Avira, Bitdefender, and Kaspersky being the best 1st line defense against malware.  I use Avira.

    I also feel better knowing that I use HitmanPro as a 2nd line layered defense scanner, in addition to Malwarebytes and Zemana.   :)

  6. 1 hour ago, slack7639 said:

    I'm trying MBAE, and MBAR . . . Introducing Malwarebytes Anti-Ransomware Beta . . .

     

    I guess you do need anti-virus, and anti-malware, on the Host computer, and every virtual machine.

    In Virtual Box, I have these . . . XP Pro for old games . . . and I'm taking a look at the most popular Linux distros:

    1.) Win XP Pro

    2.) Ubuntu - with MacBuntu GUI

    3.) Ubuntu - regular install

    4.) Linux Mint

    5.) Debian

     

    Well you actually only need protection on your Windows hosts and Windows VM guests.  Linux will do just fine without.  ;)

  7. On 11/6/2017 at 10:44 AM, slack7639 said:

    The future of XP limited?  No, you can run it on a new 64-bit computer, in a VirtualBox . . . https://www.virtualbox.org/attachment/wiki/Screenshots/gnome.png

    That's exactly what I am doing.  I have old applications that will no longer run on Windows 10.  I have run XP in a Virtualbox host on both Linux and Windows 10.  Works great!

    At this point I am dependent on Avast and MBAE to protect the XP VM.  Even so, I try to keep away from the net as much as possible.  I rarely download and run anything new.  If anything bad does happen I will just re-pave the VM with a clone.  :lol:

  8. I agree with the arguments for a behavior based defensive layer, and the limitations of traditional signature based approaches. 

    But I think the claim that this is all you need today has created a credibility gap for the product (based on comments I read in public forums).

    While your scientific data may prove this point to be correct, there is apparently a majority public opinion that has not yet shifted over to this viewpoint.  This is not yet perceived to be a proven approach, and most security minded folks generally choose to err on the side of caution.

    I use multiple layers myself, including a good AV.

  9. Based on the data, I would think that MB should be considering a partnership with an established AV company.  That would allow for a multi-level protection product, that in the real world, could be an actual replacement for an AV suite.   This would be in recognition of the understanding that traditional AV products can let a lot of today's exploits slip past the defensive perimeter.  But IMHO, you should still use an active signature based AV scanner running in real-time.  Obviously, that is not enough to catch all of today's malware threats, but combining the two approaches in a layered defense makes the most sense.

  10. 26 minutes ago, lock said:

    AV Test uses , for 0-day malware 202 samples; being zero-days, I doubt they are old, non-active threats

    For the rest of detection , they use "widespread and prevalent malware discovered in the last 4 weeks (the AV-TEST reference set)" , so again, no old, non-active threads.

    So, in fact what are you talking about?

    599621888a108_AVtest.jpg.913979abc46d7e151f1855d719cb02fd.jpg

    You make a good point.  I believe that AV Comparatives uses only web based exploits in its real world tests. rather than a zoo of static malware samples.  So it is a false argument to claim that all the test organizations only rely on static samples for their testing.

  11. 2 minutes ago, fr33tux said:

    Hello,

    @Tinstaafl It should be handled by AdwCleaner, and it usually is so there's ikely an issue.

    Not sure there's an issue, because I declined to run the cleaner step.  I stopped after the first detection, and then attempted to correct the registry manually.  Since there was nothing at the logged registry key, it then prompted my post ...

  12. 10 minutes ago, fr33tux said:

    Thanks for the link!  I deleted the Auslogics registry entry at HKEY_LOCAL_MACHINE\Software\Wow6432Node and the next scan was clean.

    ***** [ Registry ] *****

    No malicious registry entries found.

    As a general practice, I do not run registry cleaners, preferring to do the surgery myself, following an elaborate disk imaging process.

    But I do have a lingering question in this particular case.  If I had allowed AdwCleaner to attempt this registry cleanup (I chose not to), would it have followed the Registry Redirect and deleted the entry from Wow6432Node, or would I have still needed to manually delete this entry???

    Thanks, again!

  13. On 12/2/2016 at 9:24 AM, edkiefer said:

    this one is coming up for me even though there no key there. I also posted in  the Auslogic FP post.

    ***** [ Registry ] *****

    Key Found:  HKLM\SOFTWARE\Auslogics

    I just started using ADWCLEANER 6.047 today.  It found this same registry key on the scan.  I looked in regedit, and the key does not exist.  Where is the ADWCLEANER scan picking this up???

    I used to have Auslogics defrag installed, but I uninstalled it last year when MBAM first detected it as a PUP.

  14. On 5/1/2017 at 9:09 AM, Telos said:

    Bear in mind too that there is no anti-malware/ransomware/virus solution that is 100% effective.

    Yup!  The effectiveness is also influenced as described by the age-old acronym "PEBCAK" (Problem Exists Between Chair And Keyboard).

    Clicking on pop-up alerts and email attachments seems to be the best way to get a malware payload installed...

  15. 1 hour ago, exile360 said:

    Right, they're using live malware URLs which is not how actual users in the real world come across these threats.  They get redirected to those URLs by exploits and similar tactics that download the droppers (the malware etc.) in the background once the exploit successfully executes.  This means that if you have good exploit protection, you'd never see the malware.  I've done plenty of hunting (deliberately trying to get infected) and the last time I was able to come across any direct link to an actual malicious file (malware, not a PUP) was several years ago back when most of the threats were rogues (fake AVs etc.) before the bad guys started using exploits all the time.  The only exceptions I can think of offhand would be Trojans designed to look like documents when they're actually executables or (more often) documents crafted to contain exploit code that come in attached to spam emails/phishing emails, both of which Malwarebytes does very well against.

    This is what I mean about a "real world" test.  Not going to a list of malware domains where direct links to malware are hosted, because that's not how those threats are getting onto users' systems.  It's the spam, exploits and malvertisements.  That's how the bad guys are doing it, and that's what real users have to worry about so that's where our focus is.  We target earlier points in the attack chain to prevent the malware from ever even getting to the user's system in the first place so they don't have to worry about whether or not our protection detects some dropper they'll never see.

    I get the differences that you have described.  But I think that malvertising can also redirect you even without loading an exploit, and send your browser to a malicious URL.

    I recently experienced this with a fully up to date Firefox browser.  I ran into the "Fake Firefox update" scam.  Normally I am very careful and also run the uBlock Origin browser extension with all of the ad and malware filters set to high paranoia level.  But one particular day I decided to allow my favorite mainstream weather site to be rewarded by disabling the filtering.  This site is handy to have loaded in a tab because it keeps refreshing with current weather data.  Apparently the ads rotate as well.  I had left the room for a few minutes, so nobody was clicking anything.  When I returned to the PC I was staring at a very real looking new page pretending to provide an "urgent" or "critical" update and prompting to download a firefox-patch.js

    https://support.mozilla.org/en-US/kb/i-found-fake-firefox-update

    The file extension was obviously a scam, so I hit the power switch and shut down.  I was very certain that I had no malware installed, as I run a leading AV, scan the computer regularly with several products including Malwarebytes and HitmanPro, as well as check every executable and driver on the PC against VirusTotal.

    Re-booted and scanned everything, but nothing found.  I do keep my ad filters on most of the time now though!  I suppose that if I had clicked that link, it would have been my fault for letting it in, or maybe a good "real-world" test of my real-time exploit protection.  Rather not find out!

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.