Jump to content

exile360

Experts
  • Content Count

    23,602
  • Joined

  • Last visited

Posts posted by exile360


  1. It may not be related as I've seen independent reports of similar issues without Malwarebytes, but just in case it's relevant/you feel like testing, I did find recently that my internet slowed down by around 80~100KBps (kilobytes, not kilobits) downstream with AdGuard installed, though it may have just been AdGuard itself that was the cause, not necessarily a conflict with the new build of MB (particularly since I don't think any changes have been made to Web Protection, at least based on my observations so far).  Might be worth looking into for compatibility by QA if you deem it worthy, though I'm not sure how many AdGuard users there actually are out there, especially running Malwarebytes Premium.


  2. Hehe, yeah, no worries.  It had to be someone with access who posted it to Wilders.  Either a member directly or someone in communication with one (likely the former since they had/posted the links and expected everyone else to be able to see/access them; something an Honorary or above could easily assume, not realizing it was 'private' to anyone outside those groups.  If you wanna play detective, there are clues, but I don't see much point since the cat's out of the bag.

    By the way, even if viewing it and someone who can see what others are viewing hovers over your name to see where you are/what you're viewing, they can't see what you're looking at unless they have access to it (again, verified thanks to our Techbench members, who I assume were let in on the beta today as they all showed up around the same time this afternoon while Alex et al were online and many were either someplace I couldn't see (the Techbench area; likely viewing the topic on the very subject of the beta; or they were in here looking at the beta threads or they were viewing the forum index because they'd just arrived or whatever).  My guess is, it likely was a Techbench member who posted on Wilders given the timing, but obviously I could be wrong as there's no proof.  If someone from MB really wanted to find out I'm sure the mods at Wilders would cooperate by providing some kind of info (like at least an IP to check against our own records) but again, it's not like it can be undone, and if they've shared the link to the download anywhere then it's too late anyway to even stop that (short of moving it/reuploading it of course).


  3. 6 minutes ago, John L. Galt said:

    Also - the RP list on the main page - when I was making posts in my FP thread and my license thread, I was seeing them as recent posts in that menu- has anyone verified that the menu doesn't show to all?  Because showing the world that I (or anyone else) is posting in a thread that they cannot access is not kosher to begin with....

    It doesn't; I've verified it in the past.  You can only see recent posts in private areas you have access to (I can't see anything from the 'Techbench' area for example).


  4. Yep, most of the ones you'll see from the new engine seem to use naming conventions like the Malware.Malformed.# entries you posted.  Basically look for the unfamiliar that seems like it would be used for calling out something detected by AI/ML/'fuzzy' heuristics type sigs and it's likely from the new tech that they're testing/trying to tune the FPs out of (had a slew of em' when I scanned my storage drives with all my old tools; in excess of 100 detections).


  5. 14 minutes ago, Porthos said:

    Are detected by many different AV programs. Not FP.

    Yep, and MB detects them for the same reasons.  He builds some absolutely epic tools, and I'm a longtime fan of his, but sadly some of them are so powerful and scriptable that they can and have been repurposed by malware authors for nefarious purposes so I understand why they get detected, but at least it's only as PUP (at least when not found as components of actual malware installs, which I've also seen on occasion, especially for certain password stealers).


  6. 12 minutes ago, Porthos said:

    There is file caching so finish the scan (the first scan after install is slower) and the next time you run it it should go quicker. At least in Ver 3. Dev's will have to conferm if it is the same in Ver 4.

    Yep, caching still exists in V4.  The engine appears to work largely the same in regards to performance, though I do notice that it does seem to keep the CPU usage higher across all threads more efficiently than V3 did, which is nice as it improves scan times (chopped off 10~20 seconds from my V3 scan times which were already in the 1min ballpark).


  7. 53 minutes ago, Porthos said:

    Mentioning it is one thing but you need to be an Honorary member or above to view and DOWNLOAD Ver 4.:rolleyes:

    Unless loose lips provide links ;)

    There's a reason all information about the beta was posted in a private area blocked from public view and Google scraping.  If they wanted to make the public aware of its existence they would have posted somewhere themselves and asked for feedback/ideas or something.  I'm pretty sure at this stage it would have been best to keep it on the QT as it's obviously VERY early in the dev process yet (major features of the UI are missing; in fact, I suspect the main reason for this beta being posted here was just to test out the new heuristics and collect FP data for AI tuning; it appears to use a much more aggressive version of the anomalous threat detection engine from MB3; likely an evolution of it).


  8. As mentioned above, anyone who believes they may be infected needs to read and follow the instructions in this topic and then create a new topic in the malware removal area by clicking here and one of our malware removal specialists will assist you in checking and clearing your system of any threats as soon as one is available.

    Please do not post your logs here; we do NOT work on malware removal in this area of the forums, and each user must be helped separately; no matter how similar a threat/infection/attack may seem, they are almost always very different and will require unique steps to check and clean each system so each person is helped 1-on-1, never in groups.

    Thank you


  9. Just to add to what others have already stated, another major factor is the fact that the vast majority of modern ransomware attacks actually begin with an exploit that attempts to download and launch the actual ransomware binary file/encryptor; most attacks will not make it to this stage thanks to the other layers of defense included in Malwarebytes Premium, particularly Exploit Protection which will stop the attack much earlier as soon as the exploit script tries to execute, well before the actual ransomware file itself has even been downloaded/tries to execute.  The same goes for the other protection modules in Malwarebytes, including Malware Protection (which uses both traditional threat signatures as well as more advanced heuristics signatures and algorithms; relying much more on the latter than the former which makes it far more effective than most traditional protection solutions), as well as Web Protection and the new anomalous threat detection engine included in the latest versions of Malwarebytes 3 which relies on anomaly detection through Machine Learning/AI as well as leveraging constantly updated and evolving cloud databases and new threat info.  Ransomware Protection is purely behavior based, and as mentioned above, monitors for ransomware behavior, including the attempted encryption of files on disk (though like most such solutions, one of the mechanisms it uses are early warning 'test' files that it creates which are likely to be the first to be targeted by the vast majority of ransomware, thus triggering detection before any of your own personal files are likely to be encrypted), as well as other behaviors, many of which occur prior to the encryption of files, however even then, because it is behavior based, this means the ransomware would need to first infiltrate the system and execute into memory for the Ransomware Protection component to detect it which makes it far more reactionary than the other protection components.  This is because, thanks to the other layers in Malwarebytes, it is only there as more of a fallback protection measure as most infections/attacks will never get far enough to be detected by it.

    You can learn more about how the various components of Malwarebytes work to thwart attacks throughout the various phases of the attack chain/kill chain by reviewing the chart and information found on this page.

    Basically, if ZA's ransomware protection works differently from the Ransomware Protection component in Malwarebytes, then you don't need to turn off either of them because they won't conflict as they are operating during different phases of a potential attack, and if they work the same way then it likely doesn't matter which you keep enabled and which you disable, as long as ZA's is as comprehensive as the Ransomware Protection provided by Malwarebytes (as I mentioned, the Ransomware Protection in Malwarebytes uses many methods to detect a ransomware attack, not just the detection of the encryption of files; it is based on one of the first developed, most effective standalone anti-ransomware protection tools that was created and first popularized during the initial rise of ransomware threats so it isn't just some side project developed by Malwarebytes' own Developers in-house as a response to ransomware when it emerged; Malwarebytes went out and found the best at dealing with ransomware on the cutting edge of the field, purchased their company, hired their Developers and Researchers and brought their code in to be integrated into Malwarebytes Premium; I suspect the same cannot be said for the ransomware module in ZA, though I could be wrong).


  10. Greetings,

    It sounds to me like it may be an issue with modified compatibility settings.  You should be able to correct this by right-clicking on the Malwarebytes icon that you use for opening Malwarebytes (I'm guessing the desktop shortcut or START menu shortcut) and selecting Properties and clicking on the Compatibility tab and unchecking any checkboxes that are checked there then clicking Apply then click the Show settings for all users button and repeat the process (uncheck any of the boxes that are checked) then click Apply, then click OK.  If that doesn't resolve it, then try navigating to C:\Program Files\Malwarebytes\Anti-Malware and locating the file mbam.exe and doing the same (right-click on it, select Properties, go to the Compatibility tab and uncheck any boxes that are checked then click Apply then click Show settings for all users and do the same, then click OK).  If the issue still persists then please provide the ZIP file requested above (instructions on how to do so can also be found below):

    1. Download and run the Malwarebytes Support Tool
    2. Accept the EULA and click Advanced tab on the left (not Start Repair)
    3. Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply

    Please let us know how it goes and if necessary, please provide the requested ZIP file.

    Thanks


  11. By the way, you might also try using Task Manager; just press Ctrl+Shift+Esc on your keyboard to open Task Manager then click Show processes from all users then go to the Processes tab and sort the list by name, then find explorer.exe in the list and terminate it, then in Task Manager click File>New Task (Run...) then check the box next to Create this task with administrative privileges. then click Browse... and go to where the folder is located and right-click on the folder and select Copy then browse to your desktop and right-click and select Paste (all through the browse dialog in Task Manager; you obviously won't be able to use explorer since it won't be running at this point), and once that's done or if it fails, go ahead and launch explorer again by first closing the browse dialog box in Task Manager, then once again clicking File>New Task (Run...) and this time do NOT check the box to launch the process with administrative privileges and type explorer and press Enter to launch explorer.exe again.


  12. Greetings,

    That's an extremely old build of Malwarebytes.  I would strongly advise upgrading to the latest version.  You shouldn't need to deactivate 1.70.0 to do so; simply uninstall version 1.70.0 after making a note of your ID and Key and then download and install the latest version of Malwarebytes from here and then activate it using your ID and Key.  You will find detailed instructions on how to do so in this support article.

    Once that is done, if you haven't done so already, I would suggest creating an account at My.Malwarebytes.com by following the instructions in this support article using, if possible, the same email address you used when you originally purchased your license (assuming you still have access to that email address); if not, then use your current email address and then try adding your key to your account using the instructions in this support article.  If you have any trouble then simply contact Malwarebytes Support directly by filling out the form on the bottom of this page and they will assist you.  They can get your license key added to your account so that you will be able to manage it from there going forward, including deactivating it to move it to another device if you ever need to do so.

    I hope this helps and if there is anything else we might assist you with please let us know.

    Thanks


  13. Greetings,

    I believe you're referring to the instructions in this post, however if that did not work then it is possible that there is some other PUP or malware component not being detected on the system that is bringing it back/reinstalling it in your browser.  If that is the case then please read and follow the instructions in this topic and then create a new topic in the malware removal area by clicking here and one of our malware removal specialists will assist you as soon as one is available.

    I hope this helps and please let us know if there is anything else we might assist you with.

    Thanks


  14. Yes, there is a known issue with the UI code that Malwarebytes uses (based on QT) that has a bug where if you use the slider rather than a single click the setting will not actually be changed.  I assume that the only fix will have to come from the team behind QT as Malwarebytes does not have control over their code; it's a third party tool used for implementing the UI in Malwarebytes 3.


  15. Greetings,

    To exclude the item run a scan with Malwarebytes by opening Malwarebytes and clicking the Scan Now button.  Allow the scan to complete and then click on the empty checkbox at the top of the list of detections on the left so that all checkboxes for all detected items are unchecked then click Next.  When prompted on what to do with the remaining detected items select the option to always ignore and they will be added to your exclusions so that they will no longer be detected.

    With regards to what Malwarebytes detects as PUP and why, please refer to the information in the following links:

    https://www.malwarebytes.com/pup/
    https://blog.malwarebytes.com/malwarebytes-news/2016/10/malwarebytes-gets-tougher-on-pups/
    https://blog.malwarebytes.com/cybercrime/2015/06/digital-snake-oil/
    https://blog.malwarebytes.com/cybercrime/2015/06/driver-updaters-digital-snake-oil-part-2/
    https://blog.malwarebytes.com/cybercrime/2015/07/pup-makers-digital-snake-oil-part-3/
    https://blog.malwarebytes.com/threats/registry-cleaner/
    https://blog.malwarebytes.com/puppum/2016/12/why-malwarebytes-detects-pc-pitstop-as-potentially-unwanted/
    https://blog.malwarebytes.com/malwarebytes-news/2017/11/winning-the-battle-against-pups-on-your-computer-and-in-u-s-district-court/
    https://blog.malwarebytes.com/puppum/2016/07/pup-friday-cleaning-up-with-5-star-awards/
    https://blog.malwarebytes.com/puppum/2016/08/systweak-redux-our-response/


    Regarding legal precedent, please refer to the following articles which cite two cases involving Malwarebytes and vendors blocked as PUP:

    https://blog.ericgoldman.org/archives/2017/11/section-230c2-protects-anti-malware-vendor-enigma-v-malwarebytes.htm
    https://blog.ericgoldman.org/archives/2018/09/section-230-helps-malware-vendor-avoid-liability-for-blocking-decision-pc-drivers-v-malwarebytes.htm

    The following links should also prove informative as to why many items are classified as PUP by Malwarebytes:

    https://decentsecurity.com/#/registry-cleaners/
    https://support.microsoft.com/en-us/help/2563254/microsoft-support-policy-for-the-use-of-registry-cleaning-utilities
    http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html
    https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2853053
    https://www.howtogeek.com/171633/why-using-a-registry-cleaner-wont-speed-up-your-pc-or-fix-crashes/
    https://www.howtogeek.com/162683/pc-cleaning-apps-are-a-scam-heres-why-and-how-to-speed-up-your-pc/
    https://lifehacker.com/5482701/whats-the-registry-should-i-clean-it-and-whats-the-point
    https://lifehacker.com/5033518/debunking-common-windows-performance-tweaking-myths
    https://www.howtogeek.com/198758/never-download-a-driver-updating-utility-theyre-worse-than-useless/
    http://www.howtogeek.com/98465/htg-explains-when-do-you-need-to-update-your-drivers/
    https://www.howtogeek.com/233115/the-only-way-to-safely-update-your-hardware-drivers-on-windows/
    http://www.tomshardware.com/answers/id-1857635/good-free-automatic-driver-updater.html
    http://www.tomshardware.com/answers/id-1974868/trusted-driver-updater.html
    https://www.howtogeek.com/172839/10-types-of-system-tools-and-optimization-programs-you-dont-need-on-windows/
    https://computer.howstuffworks.com/question1751.htm
    https://lifehacker.com/5415355/do-you-really-need-more-than-4gb-of-ram
    https://www.tomshardware.com/reviews/memory-module-upgrade,2264.html
    https://www.howtogeek.com/128130/htg-explains-why-its-good-that-your-computers-ram-is-full/
    https://techlogon.com/2011/03/28/will-more-ram-memory-make-my-computer-faster/

    I hope this helps, and if there is anything else we might assist you with please let us know.

    Thanks


  16. OK, I would suggest clicking on the Change option in blue at the top with the security shield next to it then click on your user name for the current computer, assuming that's one of the user accounts listed there, and clicking the Enable inheritance button then clicking the checkbox next to the option just below that button then clicking Apply then OK, and if that doesn't work or your current user name is not listed then access that page again and click Add and add your user account and make it the owner of the folder with full control.  If that still doesn't work then I'm not sure what to do.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.