Jump to content

exile360

Experts
  • Content Count

    22,279
  • Joined

  • Last visited

Everything posted by exile360

  1. Bad news for gamers; it has been reported by Dr Web (makers of the popular free Dr Web CureIt! AV scanner/malware remover and Dr Web AV software) that 39% of all Counter-Strike 1.6 game servers were malicious and attempted to infect players with malware according to ZDNet. The servers, which were using 0-day remote code execution (RCE) vulnerabilities (basically the worst kinds of vulnerabilities) in the game clients, were using an infection known as Belonard to display ads to players in-game and add new servers to their client lists, also creating proxies on their systems and advertising those to other players signing into the game, showing a low ping rate to entice them to jump on where they'd subsequently be redirected to one of the malicious servers to have their own systems/clients infected by the malware, thus making them a part of this advertising botnet scheme. Thankfully, according to Dr Web, the botnet has now be shut down but it speaks to the risks involved with any software that interacts with the web, not just web browsers and shows more than ever that we must always be on our guard against the next attack which could come from anywhere.
  2. Somewhat ironic considering they've also just announced that DirectX 12 support is coming to Windows 7 (for at least one game; likely more in the future according to reports): Microsoft Brings DirectX 12 To Windows 7
  3. Yep, or even create additional random passwords as responses, or just absurd stuff. That's generally what I do, that way it reduces the probability of anyone guessing correctly as well as reducing the amount of personal info I give out to anyone.
  4. True, but it's also on a green bar so at least the colors are (somewhat) consistent I definitely think it could be clearer though, and I'll be sure to pass along your feedback to the Developers.
  5. You're welcome, I'm glad I could help. Regarding the use of green/white, yes, I can see why that might be a bit confusing. I believe the logic behind the colors is that green typically means protected in most security applications (or up to date in the case of things like Windows Update) and a switch toggled to the right means "On" and left means "Off" in the case of settings. As for the numbers, this is typical of many ad blockers and similar browser add-ons. For example, here is an image showing two other add-ons and their blocks (Adblock Plus and Ghostery):
  6. My apologies that you sill haven't gotten a response. Let me ping the Product Manager for Malwarebytes and hopefully she will be available to answer your questions. @bdubrow could you assist please? Thanks
  7. By the way, for the curious, Malwarebytes' own Director of Research, Mieke Verburgh (also known by her online handle Miekemoes (yes, that's literally "Mickey Mouse")) does an excellent job of explaining Malwarebytes' approach to AI in this post. I highly recommend reading it, particularly the sections entitled What does Malwarebytes do instead? and What are the weaknesses?.
  8. The switches are for blocking those categories of items on the current website you are viewing, so when each one is on/enabled (i.e. green) those types of items will be blocked for the current site you are viewing in your browser: Likewise, under Settings you can configure individual blocking components on a global level for all sites (if, for example, you didn't want Malwarebytes to block PUP related sites (Potentially Unwanted Programs): The Allow List is where the list of sites are stored which you have chosen to exclude from blocking, either from individual components, or to exclude completely for all of the browser extension's blocking functions (think of this just like the Exclusions tab in Malwarebytes where you can exclude items from individual protection/detection components or from all of Malwarebytes components). The number you see on each page you visit is the number of items that Malwarebytes has blocked for the current tab/site (it may be particularly high on sites that contain many ads and trackers for example). You can find documentation on the browser extension in the Malwarebytes support knowledgebase here and if you have any issues or questions (such as a possible false positive to report) you may post it here for the Chrome version and here for the Firefox version. I hope that helps to clarify things
  9. There is a lot of talk about supposed 'AI' these days (which I continue to argue isn't true 'Intelligence', artificial or otherwise, in any meaningful sense of the words; it's just complex mathematical algorithms and branching datasets at best; there is no true thinking, consciousness, or actual decision making going on beneath all that seemingly complex, morphological code that gets so much praise and fear in the media and tech industry, at least not yet), but with AI, especially in its current state, there are risk factors that must be considered because a wrong answer from an AI can potentially have catastrophic consequences. I just watched the following YouTube video of a TEDx Talk on this very subject and I recommend anyone interested, and especially anyone in the AI development industry or in a profession where data from AIs is relied upon view it and consider the points that it makes (and it comes from an individual who works in the AI development industry, not some overly paranoid, tinfoil hat wearing conspiracy theorist): The Real Reason to be Afraid of Artificial Intelligence | Peter Haas | TEDxDirigo The speaker goes into detail about the risks inherent in trusting AI and shares doubts about its future if it is not used carefully and responsibly and I have personal first-hand knowledge about how AI came to be a part of Malwarebytes, how it was implemented and the checks and balances put in place to make sure that it was and continues to be handled correctly and given the appropriate amount of weight and how this differs greatly from many of Malwarebytes' competitors throughout the AV/AM industry, especially in the so-called 'next-gen' segment of the industry that many (including myself) would argue that Malwarebytes not only occupies, but was and continues to be a pioneer in to this day even if some of their existing methods that they've carried forward may seem 'dated' in comparison to some of the most notable examples and why that's actually a GOOD thing. This all goes back to the very beginning of Malwarebytes, long before I ever joined the company as an employee and revolves around this idea that if a human being can figure out the patterns being used by malware infections to attack systems and semi-randomize their file naming and internal file structural schemes to evade traditional AV signature detection, then those man-made and machine-made patterns can actually be weaponized and used against them through heuristics techniques to very effectively eliminate them, even when new 'morphs' or as they're more commonly called 'variants' emerge thus enabling the detection of more threats with smaller databases and fewer updates as well as more thorough disinfection of not only the primary threat components (the binary files that run in memory/are written to disk), but every trace of the infection, including all of the loading points in the registry, obscure data structures like commands and scripts stored in randomly named temp files, as well as the hidden drivers and DLLs most AV researchers weren't even aware of and kept missing, resulting in their own customers turning to Malwarebytes to clean their systems because each time they tried to remove the threats with their world-famous AV, the threat would come right back, either during the current Windows session or on the next reboot, usually with a different name thus starting the process all over again (until they finally found Malwarebytes and it nailed the entire threat, all its loading points and hidden components, and eliminated all of it after a single scan and reboot of the system). For the first time in a long time we had a weapon against malware that behaved far less like a traditional flat file scanner like an AV, and more like a professional threat researcher or expert malware removal technician on a help forum who at the time would read logs from tools like HijackThis and eliminate the threats starting with their loading points and every component they could find on the system that didn't belong to take it all out in one go. Since then, major AV vendors have started paying much more attention to these traces which they once ignored (believe it or not, until the past several years many AVs didn't even bother scanning the registry as they assumed removing the files belonging to an infection was enough and that those 'leftovers' were just harmless traces, but had they followed the pointers in the registry to begin with they would have discovered where the files they didn't see were being loaded from to keep resurrecting the threats they thought they were eliminating; I personally had a long argument about this over on the Kaspersky forums during the heyday of the threat known as Vundo/Virtumonde (which at the time Kaspersky had classified as 'Monder' or 'Trojan.Monder') and even flat out told them that the reason they were failing to eliminate it permanently was because they were leaving all the loading points in the registry behind and just going after the files, and were missing the hidden DLL in System32 that was bringing the threat back (under a new filename every time no less) because of this and that was why Malwarebytes was nailing it while they kept on getting beaten by this new threat just as all the other major AV vendors were; this was also around the time that I really started hanging around the Malwarebytes forums because I realized they had the secret sauce that the industry was missing and that this wonderful technology, however they were doing it, was finally a match for what I'd been doing by hand for years repairing systems where I would literally boot a system from Linux or WinPE and scour through the filesystem by hand and manually delete everything that I knew didn't belong and subsequently search for every related entry in the registry after booting the system and delete every key/value belonging to the infection one-by-one). Well, a few years ago Malwarebytes decided to try something new. At the time I was working for them in Product Management. The idea was to use AI and cloud technology to create a 'smart' malware detection engine that would improve over time as new data was fed to it and as the Devs tweaked it so that it could positively identify new/unknown malware while simultaneously reducing FPs. The trouble is, and this is where it all connects to the video I linked to and the overall idea of proper AI implementation, it still has FPs and when that happens it identifies totally clean files as threats which is obviously something we didn't want. I have seen plenty of products come and go that were based on the same idea, and while some of them have stuck around, I just don't see any of them dominating because doing AI right is hard, and trusting AI completely is a mistake. Where Malwarebytes got it right is, to this day, even though FPs from this new technology still occur, Malwarebytes still employs Threat Researchers; actual human beings, who look at, review, and respond to every single FP that gets reported and gets it corrected immediately, and the Developer behind this new tool continues to make tweaks to the AI's algorithms as time goes on and as this data on FPs (as well as new threats, of course) are gathered to ensure that it is working as effectively and efficiently as possible. Yet even with all this great innovation in this new component, it still only makes up a very small percentage of what Malwarebytes is as a product. It still contains its more old-school heuristics signatures/pattern matching, rootkit detection and disinfection technology, more traditional bad website blacklisting as well as newer behavior based technologies like the proactive exploit protection engine as well as the more reactive ransomware protection technology that looks for ransomware behavior in processes already in memory. My point is, while some of the 'innovators' in this space have built their entire products/companies on the kinds of AI technologies in this one module that Malwarebytes is using, Malwarebytes has kept humans in the loop and still relies heavily on additional layers, both more traditional as well as more innovative, to provide the best protection that they can, and this is how they've handled AI the right way. They didn't find this new technology and throw everything into it, abandoning all of their other methods of detection and protection; they simply diversified that much more and integrated this new technology into their already rather robust set of technologies to make their existing product that much stronger. There are certainly other players out there in this field that have done the same, but there are also plenty that have bet everything on this technology, and I truly believe this is a mistake. You really can't take the human element out of the equation, and you can't expect a machine to always learn from or even recognize its mistakes and determine how to correct them. You need human eyes on these problems to ensure that the technology is serving its purpose as it should and you place other engines and layers around it to round out the areas where it isn't as strong.
  10. Greetings, Unfortunately if Malwarebytes was removed and the quarantine was deleted in the process then the only way to recover the file would be to attempt some kind of file recovery software to try and restore it (something like Recuva etc.).
  11. I'm not too sure about this just because a big part of how the Malwarebytes browser extension works is to observe page behavior at loading time to determine if it fits the known patterns of certain malicious types of sites (such as tech support scams etc.), though this probably could be done for known sites in the block database. That said, it could generate a lot of traffic if MB had to poll all of the IPs/domains of every site listed on a page of search results/links. Also, if Webroot (and the other AV/AM vendors who do things like this like AVG, Kaspersky etc. that I've seen in the past) are accomplishing this by hijacking connections, altering certs and breaking security protocols like HTTPS (something such technologies are often known to do) then I'd rather Malwarebytes didn't go this route. If however it's possible to accomplish this without compromising certs and security encryption protocols like HTTPS etc. then I'd be fine with it.
  12. Excellent, I'm glad to be of service. If there is anything else we might assist you with please don't hesitate to ask. Thanks
  13. I just did a test downloading a program I'm familiar with from the site and as far as I can tell it was not altered so it seems safe. That said, I also have a large number of block lists, ad blockers and security applications protecting my system so if there are any malicious ads etc. on the site, they would have been blocked on my end.
  14. I don't know if it would even be possible. Microsoft has some pretty strict restrictions regarding what AV/AM vendors can and can't do during the early boot process. Basically they determined that a lot of the early load methods of the past were too useful to the bad guys for taking control of infected systems and so they locked everyone out of it including AV/AM vendors; at least that's my understanding of it.
  15. Greetings, I don't know what that file is, however if you post the log from where Malwarebytes detected it that might help us to identify what it was and why it was quarantined.
  16. That's good to hear. It sounds like they've made it easier to manage now and I'm glad. I did submit all of your feedback from this thread to the Product team, so hopefully this process will become even more streamlined in the future.
  17. Bingo, also with regards to Microsoft's licensing, I don't know why they made the change, but several years ago they started to prohibit the distribution of WinPE and at that time major vendors like Symantec/Norton, Acronis (makers of True Image) and many others had to stop distributing bootable tools based on WinPE. You can find a discussion on this issue here and there are others on the net. Basically Microsoft changed their EULA/terms for WinPE sometime back, and since making that change, they've made it impossible for any company to legally distribute tools based on WinPE to users/customers. They could theoretically provide a tool to build a WinPE image for users, however the users would have to set up the WAIK/WinPE image themselves on an individual basis, and since not all users have access to a clean system to work from this presents a challenge.
  18. Greetings, Those connections are actually pretty typical and aren't a sign of infection. It is an issue that frequently occurs where whenever you reconnect to your internet connection Windows will create an additional virtual network adapter. They are created for ad-hoc networking which is a fancy way of saying that in modern Windows versions Microsoft added the ability for sharing your internet connection and using your computer as an access point (basically like a router) for other computers and devices and that's what those virtual adapters are for. It's possible to delete them however they will typically return. You can also review this thread on the subject. Now, with all of that said, if you do suspect that you might be infected then please follow the instructions in this topic and create a new thread in the malware removal area including the requested logs and information by clicking here and one of our malware removal specialists will assist you in checking and cleaning the system of any remaining threats as soon as one becomes available. Good luck, and if there is anything else we might assist you with please don't hesitate to let us know. Thanks
  19. Yes, they're referring to a bootable remediation tool for already infected systems. Malwarebytes does not currently have such a tool however it has been considered in the past, and while I do not know as I have no access to any internal information, I haven't heard anything about any plans for developing such a tool at this time. That said, if the need arises and they can come up with a reasonable solution then I'm sure they will develop something. Right now there haven't been too many threats that would require such a tool thankfully as the worst threats are pretty much ransomware threats which a bootable solution isn't really suited for any better than any other tool since the main problem are the encrypted files more so than removing the threats themselves, and for that clean backups are always your best bet.
  20. It's likely mostly due to the fact that the scan engine in Malwarebytes really isn't a flat file scanner. Many of the technologies it uses to detect threats, especially the nastier ones that you'd likely desire an offline scanner for in the first place, rely on technologies that require threats to be active as well as the current Windows installation (things like rootkit scanning, linking, heuristics etc.) and they've had great success so far relying strictly on more conventional means of getting the software to run even in hostile environments. That said, they did previously offer Malwarebytes Chameleon to get Malwarebytes running on systems where it was being blocked from installing/running by infections and while that technology has not yet been adapted to version 3.x, I do expect that if the need arises that they will do so to counter the infections targeting Malwarebytes. As for the possibility of an offline/bootable scanner, I don't know. It's been discussed in the past many times, but since it's much easier to work from WinPE rather than Linux as it would be much easier to read/load offline registry hives and natively read the offline system's file structure, that would be the ideal solution, however Microsoft's recent restrictions regarding the use and distribution of WinPE make that much more difficult (they did look into it, however Microsoft made changes to their licensing preventing vendors like Malwarebytes from offering WinPE based solutions. You never know though, maybe they will be able to offer some kind of bootable solution in the future, but only time will tell. I haven't heard anything recently about it but that doesn't mean that it's completely off the table as they could be working on it or at least considering it behind the scenes.
  21. OK, but then there's the issue of privacy. We get enough heat already from just collecting basic telemetry like anonymous detection stats and application usage; if they started collecting full details of all system activities/threads/processes etc. in real-time via cloud servers controlled by Malwarebytes, I'm pretty sure any users concerned about privacy would lose it, and they'd be right to. This level of monitoring, especially when the details are regularly/constantly transferred offsite is just asking for trouble in my opinion. It's something I could see being just fine in a work environment, at least if the servers are owned/controlled by the company's own sysadmins, not Malwarebytes. Businesses wouldn't take too kindly to Malwarebytes collecting that much info either, I'm sure, especially since it could put corporate data, customer info and trade secrets at risk as Malwarebytes would essentially be acting as a full-on Trojan, collecting all activity/data from every endpoint and transmitting it all out over the net.
  22. Greetings, Please follow the instructions in this topic and then clicking here to create a new topic in the malware removal area and include your logs and one of our malware removal specialists will assist you with FRST as well as checking the system for any other threats/PUPs and aiding you in cleaning them up if found as soon as one becomes available. If there's anything else we might assist you with please don't hesitate to ask. Thanks
  23. Greetings, Please sign in to My.Malwarebytes.com (if you haven't signed up already, you'll find instructions on how to do so in this support article). Be sure to use the same email address you used when you purchased your license key. It should show the status of your license, and if it is still active on another device or previous Windows installation from your current device then you may use the Deactivate all function described in this support article. If that still fails to resolve the issue then please contact Malwarebytes Support directly via the form on the bottom of this page and they will assist you in getting your license key validated and working properly again. Please let us know how it goes and if there is anything else we might assist you with. Thanks
  24. I see, so if enabled it allows you to, for example, have two files in the same folder with one named "file.exe" and another one named "FILE.exe" without any conflicts? Interesting, I wonder how they're accomplishing that, whether it's through a new native function/API or some kind of hack like Cyrillic where the same character (visually) is treated as/read as a different character (actually an old trick used by malware to imitate legitimate system files without replacing them, rendering their processes visually identical in tools such as Task Manager, though detection by malware scanners is quite trivial as programmatically they look totally different, though the engine needs to know how to process those characters without getting tripped up or stuck; something Malwarebytes had to address long ago back when I was still working on it).
  25. I'm no expert on Server and I'm definitely no one's teacher, but if it were me I'd probably start with trying to find a good forum or similar resource where individuals specializing in Server propagate as that would be the most likely place to find such information, at least in my opinion. Other than that, I'm sure there are online courses that can be taken to learn basic (and probably even advanced) Server stuff.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.