exile360

Administrators
  • Content count

    17,005
  • Joined

  • Last visited

About exile360

  • Rank
    exile

Contact Methods

  • Website URL
    http://www.malwarebytes.com

Recent Profile Visitors

107,642 profile views
  1. I flagged them as a spammer which bans them from the forums permanently. Please let us know if anything like this happens again. Thanks
  2. Just to add, one thing I saw the OP mention was that they always check any suspicious files/downloads before running them. The problem with this approach is that not all threats get in this way, using executable files that you have a chance to analyze before being infected. For one, there are exploits and similar drive-by attacks that do not rely on you executing (or even seeing) any files at all and there are even some threats that infect you simply by viewing the file in Windows Explorer (i.e. you see the file in the folder on your PC and *boom* it's already infected your system thanks to vulnerabilities in the Windows shell). There are countless other similar mechanisms of infection out there which do not rely on the user actually downloading and running any files at all, so I would not recommend going online without any protection at all to anyone, regardless of how much they know. Knowledge is irrelevant when you can't even see the attack happening because it's totally silent.
  3. Yes, it appears to be legit. It's simply a domain used by Google. I found more information about it here. I hope that helps set your mind at ease. It definitely doesn't look like any kind of infection or anything malicious.
  4. I don't know if/when they might be planning to implement this feature at the moment unfortunately. I do know that they have a pretty big backlog of items that they're working on right now for upcoming versions/releases so it probably won't be happening soon, but I did bring it up to them so if they are able to prioritize it they will. It's just a matter of getting the time and resources available in relation to the other features and fixes they have on the roadmap currently for the product.
  5. We removed it from 3.x because it frequently failed to actually work properly in older versions, so rather than telling customers that the software was capable of waking the computer to scan and having them be disappointed because it almost never worked (on most systems/configurations it was unable to wake systems from sleep), we felt it was best instead just not to offer this feature any more, at least until we can find a way to make it more consistent and reliable.
  6. Greetings and welcome Unfortunately no, we don't currently have a portable version of the consumer product available. We do however offer a portable build for our business customers, however it requires a business license. If you are interested in business licensing (though it sounds like you really just want it for home use so probably not), then you may purchase a license for Endpoint Security here or contact our Sales department by filling out the form on this page to inquire about purchasing our Incident Response product (the one which essentially is just the portable product without the realtime protection and remote management components).
  7. Thanks for the idea. This may be something we can implement as some kind of behavioral detection technology in one of our existing modules such as our anti-exploit component or malware protection. I'll inform the team of your request.
  8. Honestly, there wouldn't be too much difference. We are blocking the site, we're simply doing it via a different method (incidentally, using the HOSTS file to block sites doesn't actually block all connections to/from a site the way that a WFP filter does, which is what Malwarebytes is using). Additionally, if too many sites are entered into the HOSTS file and the DNS Client service is active (which it is by default on all current Windows versions) then you'll experience major performance issues (high CPU usage) which can actually lock up the system depending on how powerful/fast the hardware is. Also, using our method, we actually are redirecting the blocked sites. It redirects to our block page when viewed in a browser, but regardless of whether a browser is being used, the connection is still blocked. We also block both domans as well as IP addresses, something that isn't possible using a HOSTS file (they can only block domains). The purpose of the notification is simply to make the user aware that an attempt to connect to a potentially dangerous website occurred and that Malwarebytes blocked it. This information is useful for multiple reasons including to let them know that Malwarebytes is doing its job and has detected/blocked something potentially malicious (the same reason we alert whenever an exploit, ransomware or other malware is detected/blocked) and because it can also sometimes indicate the presence of a larger issue, such as a Trojan/downloader trying to "phone home" or download other threats or indicate the possible presence of a malicious browser plugin, DNS hijacker or other such threat so when repeated alerts are seen and there's no good explanation for it (such as an active P2P app, like a Bittorrent client running etc.), it could be a sign that the system needs to get checked as it may be under attack and/or already infected. That's the main reason why it makes me nervous not to show at least some sign that a block incident has occurred, especially when it's a constant/frequent identical alert, as those can often indicate exactly the types of scenarios I described and those are not situations that it is wise to ignore.
  9. I can't speak to the usefulness of the other software but I will say this, the reason that we always have (and always will) offer free remediation of all detected threats in Malwarebytes is primarily due to the fact that we do not believe it is ethical to require someone to enter credit card or other sensitive payment information on a system which is currently infected with malware. Or to put it another way, if you have a Trojan/keylogger/backdoor/spyware or similar threat on your system designed to steal credit card/bank account/PayPal or other sensitive info that you view/type on the system and we then require you to enter any info of this type on that system in order to use our software to remove the threats that it's found, that would be morally irresponsible of us as an anti-malware vendor. That's the primary reason, and the secondary reason is that we actually believe in our motto which states: "Everyone has the right to a malware free existence!" which simply means that we believe everyone, regardless of whether or not they're paying us, has the right to be free from malware. So we don't charge for remediation and the scan engine in our free version is fully capable of detecting and removing everything that the scan engine in our paid version can. That said, there are obviously other realtime components in our paid product which can prevent threats earlier in the attack chain which cannot be implemented in an on-demand scan engine (such as behavioral detection of exploits and ransomware as well as blocking malicious websites etc.) so there are real benefits to using our paid product, however when it comes to remediation after the fact for an already infected system, we do not charge for it and that's why. Likewise, we offer a free 14-day trial of our paid product so that users may try the software out for themselves and determine if they believe it's worth paying for a subscription/license. We even take it one step further and offer a 30-day money-back guarantee which allows them to return their subscription and get a full refund if they're unsatisfied with the software for any reason at all (or even no reason and they just want to return it because they simply changed their mind). We aren't so desperate to have customers who aren't happy with our products to pay us money that they don't want to. We want our customers to be happy with the software we provide and the protection that it offers them. In fact, if a user comes to our forums here infected with malware, even if our free product was unable to successfully detect and/or remove it, we'll help them to clean their system free of charge, regardless of whether they're a paying customer or not. Think of it like the opposite of the tech support scams you see where they tell you that you're infected (when often you actually aren't) and they want to charge you upwards of $300 to remove the malware from your system (and you must pay them in advance, of course).
  10. While I agree that this is a scenario that needs to be addressed, I'm not onboard with the proposed solution of absolutely disabling all future alerts for a given IP/URL block, only because frequent/repeated blocks to/from the same malicious server could indicate the presence of malware on the system, either in the form of a Trojan or other malware trying to phone home (contact the C&C server for instructions), to exfiltrate data from the system (i.e. keyloggers and other threats which attempt to steal data), or to download other threats (i.e. a downloader Trojan/worm), or a malicious web browser plugin connecting to a blocked site so enabling customers to basically pretend the block event isn't happening by concealing all future alerts about it seems to be the wrong approach in my opinion. Instead, I'd propose a sort of middle ground where perhaps after a certain number of blocks to/from the same malicious server we offer to update and run a scan for malware and if that comes back clean, offer to provide free diagnostics/malware removal assistance services (via one of our support channels where we already do things like this, such as here on our forums as well as via email) to verify that the system is not infected, and if it is, to of course get the system cleaned up, all free of charge (we do not charge for these services). And finally, in order to make it less annoying and address the initial issue of too many duplicate alerts, we could instead reduce the frequency of them, only showing an alert every n# of instances following the first one or two block events and/or have a timer which prevents us from displaying a duplicate block alert within a certain timeframe (i.e. no more than n# of duplicate block alerts within a 60 second timeframe or similar). One or a combination of any of the above would be better in my opinion than simply providing a means of deliberately ignoring a repeating block event alert because that's just hiding the symptom of a larger potential issue rather than dealing with and resolving it in my opinion.
  11. Absolutely. Please see this article for details (the cliffs notes version is that when Malwarebytes software is detected on the system, the exploit kit doesn't even attempt to infect the host system but even if that were not true, both our anti-exploit and anti-ransomware components should guard against the methods of attack being used).
  12. The bad guys release new threats on holidays and weekends all the time. It's a very common practice that we've been aware of since the beginning. It's one of the reasons that our Research team is always active on weekends and holidays, around the clock, all year long to ensure that whenever a new threat emerges we're on top of it as quickly as possible. Malware doesn't take days off, and neither does Malwarebytes. Our database updates keep rolling out every single day .
  13. Yes, these more detailed notification controls are still on our to-do list, though I don't know if or when they'll be implemented. Also, I went ahead and split this into its own topic since it's a request for functionality unrelated to the thread it was initially posted in. Please let us know if you have any other ideas/requests/feedback. Thanks
  14. You don't need to run fixdamage.exe manually in most cases. If a rootkit is detected on the system which is known to break any of the things repaired by fixdamage.exe then Malwarebytes will run it automatically during cleanup. That said, if you still see issues after cleanup such as Windows Update not working, the Windows Firewall being disabled (when no other firewall is installed, of course), Windows Defender not working when it should be or broken internet connectivity then you may run it manually if you wish in order to see if it resolves the remaining problems. However, if the system is functioning normally after the cleanup then running fixdamage.exe really shouldn't be necessary.
  15. Malwarebytes in particular, including our anti-rootkit defs, uses a lot of heuristics. Very few of our definitions/algorithms cover a single threat/variant and more often than not we target entire families or even multiple families of malware with each rule in our databases.