just_another_helpdesk_tech

Thank you david for trying as hard as you can to not answer my question. mods, i do not seem to be able to delete this thread. if you could it would be appreciated, i will find assistance elsewhere.

but they didnt produce the same result. malwarebytes didnt detect things that were there. i understand what you are saying about how things are counted, but that doesnt apply here. there were active items that were not detected by malwarebytes. it is not a matter of counting the items in the folder, the folder and its contents were not detected. nor were the exes, or the services, or the scheduled tasks, or the registry entries, or the browser plugins. if malwarebytes detected folder A and removed it and all of its contents and adwcleaner also detected folder A and removed all of its contents then you are correct it does not matter if it just counts the folder, or if it counts the folder and its contents because we got the same results. but that was not the case here. maybe i should clarify the timeline. malwarebytes was run FIRST. after detecting nothing, and removing nothing, adwcleaner was run. it DID detect infected items and DID remove them. My question is WHY didnt malwarebytes find the items. i updated the database before i ran it, i have a paid version and i ran a full scan. so i do not understand why malwarebytes was unable to detect these items.

Also in my original post this "is this because KAM isnt able to detect these type of infections, or because it is unable to detect them?" should have read: "is this because KAM isnt able to detect these type of infections, or because it isnt made to detect them?"

Ok, so then malwarebytes does not detect and remove artifacts for these specific instances of malware or in general? like i said, the screenshots are incomplete and there were files and services that were not detected. those iems that were not detected were directly associated with the scheduled tasks and folders in the screenshots and were removed by adwcleaner. I would also like to point out that i am not trying to attack malwarebytes, im trying to understand if this is a limitation of the program. if leaving behind artifacts is a characteristic of malwarebytes then that means i need to update our procedure to include manually removing artifacts.

We use Kaseya with the malwarebytes module (reffered to as Kaseya Anti Malware or KAM) along with the kaspersky module (reffered to as Kaseya Anti virus or KAV) and adwcleaner. i recently had an infected machine that already had KAM deployed to it from kaseya. My regular procedure is to run KAM and if anything is detected i also run a scan with KAV and adwcleaner. however this time i ran KAM and it detected nothing. i knew that there was a problem with this machine so i also ran adwcleaner which found 50+registry entries, scheduled tasks, browser plugins etc. im wondering if someone can explain why KAM was unable to detect these items. is this because KAM isnt able to detect these type of infections, or because it is unable to detect them? I am concerned because we use KAM as our 'first responder' for this type of situation and this is a pretty massive failure seeing as how some of this stuff is really common. ie pastaquotes, trivoli, secure fast pc. Here are the technical details. the machine in question froze and is offline. it will not accessable until monday but i do have partial screenshots of what adwcleaner detected. i have attached those to this post and will update with the full logs when i can. adwcleaner v5.024-----------------------MalwareBytes Anti-Malware Version: 1.75.0.1300Management Version: 7.0.0.3Database Version: 2015120904Database Date: 15:56:06 PM 09-Dec-15-----------------------Kaspersky Antivirus Version: 10.2.1.23Management Version: 7.0.0.15-----------------------Scan log:Malwarebytes Anti-Malware (Kaseya) 1.75.0.1300www.malwarebytes.orgDatabase version: v2015.12.09.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.18124Protection: Enabled12/9/2015 11:25:27 AMmbam-log-2015-12-09 (11-25-27).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 456041Time elapsed: 1 hour(s), 4 minute(s), 46 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)