Jump to content


  • Posts

  • Joined

  • Last visited


0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I wish I was able to edit my posts especially due to typos as being regular member. I got remarkable benefit from this forum and like here very much. I beleive such 'edit' option must be provided at least for verified real members by asking them some questions or verifying them by mail. Would be very useful and fair. Best regards.
  2. I have used mbam-clean with 3.x before and as far as I remember it still leaves some registry entries from very earlier versions of Malwarebytes Antimalware 2.x and 1.x when I look them up manually via regedit. I don't know why but this cleanup tool appears not to be %100 compatibile with earlier MBAM versions like 2 or 1, especially with the versions of when it was named as Malwarebytes Antimalware. It is what I obseved.
  3. Hi @Porthos I wonder the same answer with Malwarebytes 3.3.1 as "scan detections" counter is incremented continuously whenever the "same" file being detected as malware or PUP again and again on each scan despite it's false positive. Can't we just modify a kind of registry value or file content to make it appear ZERO withouth MB Clean tool and uninstallation? Thanks a lot.
  4. Hi @exile360, You are helpful again here, many thanks. However based on your initial sentence I want to remind that registry scan stage comes way after memory scan. I only have rootkit scan enabled that takes place before memory scan which comes always clean, as I double checked with Malwarebytes Anti Rootkit tool. The only thing I am suspecting is heuristic scan that would cache or remember previous scans or logs and somehow it "might" gather PUM files at memory scan stage instead of File System scan stage. Other than this, I am quite sure no process is loading any mailcious code/file into memory regarding to corresponding PUM object. I am attaching the picture of a generic threat scan scan stages by ordered. Thanks!
  5. Hi there, I'm a fan of Malwarebytes and getting nice help here, so I wanted to give a shot about an issue that is bugging me a bit. I have a program called UnDeleteplus (eSupport.com) which is a file recovery program like Recuva. For some reason, Malwarebytes always finds its bunch of files and a few registry entries as "PUP.Optional.eSupportUndeletePlus", which is quite false positive. The thing that I couldn't understand is that Malwarebytes detects them at the stage of "Scan Memory" not File System Scan stage. As they're file streams on fixed locations (like C:\ProgramData), why and "how" Malwarebytes can find them during "Scan Memory" stage? I double-checked that none of these files and any entries are loaded into memory at startup (either on Logon (checked with MsConfig/AutoRuns) or as Windows Service) and invoked manually. So I'm a bit lost here. Hope to get a satisfactory reply here, Best regards!
  6. Hi @exile360, Similar to OP's thread, i wanted to ask something I would like to know, in fact I did not like. I'm using Malwarebytes 3.3.1 (previous version) and I've been using MBAM for a long time since version 1.x. I noticed that, although PUP and PUM configuration setting is set to "Warn", Malwarebytes provides an option to Quarantine to Ignore after the scan. When I select "Quarantine" it automatically schedules to delete them on next reboot, asking user's PC to reboot immediately. Is it an expected behaviour? Also, In Malwarebytes main windows, Application or Protection TAB does NOT provide any option to choose any post-detection action like "Delete". Is it also by design? I mean, Quarantine should not mean directly deleting the object when found, but neutralizing it which means keeping it sandboxed / renamed on a protected location, but Malwarebytes appear to "delete it on reboot" when you select Quarantine option at the end of scan when scan report is generated. Was it running always like that? I hope you can explain this, sir. Best regards!
  7. Thanks @gonzo, Yep I found that link is the official and latest version mirror for XP/Vista, which appears to be final: https://downloads.malwarebytes.com/file/mb3_legacy Will we able to get database definition updates even with that version for the future on XP?
  8. I wish I was able to edit my submitted post hence I could correct spelling and grammar errors. Now I feel a bit missing myself here after making typo mistakes when being prevented from editing them even immediately.
  9. @exile360 hello, I am the second asking here for the recommended Malwarebytes version for XP SP3 Professional. I was using for a while along with XP and Vista and it was fine but I cannot find it officially here now. The link you posted contains Malwarebytes 3.5 with "legacywos" keyword and I would like to know if it has a special meaning for a special build, or simply version name? Currently Malwarebytes offers "mb3-setup-consumer-" as the latest download and I am not sure which version is the best foe legacy systems like XP. Hope you help. Best regards.
  10. Thanks a lot for your reply @exile360. However i found out a trick or a behavior which must be expected. As Malwarebytes wants user to select entire drive even just to scan for rootkits with Custom Scan option, when you just launch "Threat Scan" (which is actually a partial scan decided by Malwarebytes's pre-determined locations) we can get rootkit scan performed just before the beginning of File System Objects scan. So as there is no quick "only-rootkit scan" option, Threat Scan appears to come to the rescue quickly without initiating a Custom Scan or Full Scan that requires all drive to be checked. Is this correct operation and behavior? Best regards.
  11. Hi @exile360 Just like OP, i had the same behaviour and Malwarebytes started a scan automatically today without my prompt for the first time during my almost 1-year usage period. Then i found that thread and checked scheduled scan tab. Intrrestingly i found a kind of auto-generated scan task there but Malwarebytes did not allow me to edit scan trigger period/interval as shown on columns in screenshot. I am using Free version. I would like to know: 1) Is this setting the only reason of auto-scan initiated by Malwarebytes itself? 2) Why can't i edit current task such as running period? I can not add new task, neither. Only "delete" and "edit" buttons are enabled with limited functions. Is this because of free version is enabled? (Trial just ended for me) Screenshots added. Thanks a lot.
  12. Hello @exile360, Sorry for bumping this but i have the same question. I remember very well that previous versions of Malwarebytes (those times it was Malwarebytes Anti-Malware) would allow us to also scan for rootkits even while performing predefined threat scan, hyper scan or custom scan which scans partial locations other than entire system drive (C:). Wasn't it working in that way? Now with 3.x versions, the whole (hundreds of GB) drive has to be selected to perform rootkit scan based on the error dialog shown above. There are many other rootkit scanners doing only rootkit scan within short time and that makes Malwarebytes disappointing. Aren't i correct? Best regards.
  13. Hello @exile360, Many thanks for your nice and detailed reply. I found out the setting you told, now i see. However when i double-check there, i found out that although first setting (automatically download and install updates) is disabled and the second setting (notify full version updates) is enabled, but i haven't been notified at anytime during usage period with 3.3.1 as free edition (Premium trial was ended). So, could using Malwarebytes as "free" have prevented me from being notified about new release? Program simply did not notify me during that period. And i'm still using it as free edition as of now. I "really" wish to upgrade to Premium plan but Malwarebytes do not customize pricing plans based on per country's affordability level, that is sad. Finally, i understand your concern about using older version as malware definitions are not the only things that should be updated, but program core. Best regards.
  14. Hi folks, I've just faced a situation with MBAM (Premium Trial) version that i've downloaded from mb3_legacy server. I'm running on XP. The problem is that MBAM found a file as Trojan.FakeAlert "malware", (the file was orginally renamed to tmp2.exe) which is digitally signed with a valid certificate and belongs to a legit company, LogMeIn. The component has an icon with JoinMe. Then i double-checked the SAME file on Virustotal.com and all come up clean including Malwarebytes. So, how can i tell this paradox true? Here is the file report: https://www.virustotal.com/#/file/c1dc1f654a9443ec6c6f8ca71da2959dbb447d51e135185643b2fc330be9d367/detection Best regards!
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.