Jump to content

exile360

Experts
  • Content Count

    23,555
  • Joined

  • Last visited

Everything posted by exile360

  1. exile360

    Welcome :)

    Welcome, and thank you for helping provide undetected samples, I know the Malwarebytes Researchers will appreciate it
  2. Most of them still do, and the ones that don't are crippled and typically useless against many of today's threats that deliberately block communications with security related servers. It's OK if the antivirus is on the system first and is able to prevent the infection from getting in, but if anything gets through and is able to infect the system, it can render the AV helpless by cutting off communications with its servers which is when you end up needing a remediation tool that doesn't have to connect to the internet to function. Something like Malwarebytes.
  3. Excellent, if there's anything else we can help you with just let us know. Thanks
  4. Also, in case anyone was wondering, this is just as true for the Windows version as well. I use ad blockers in my browsers alongside Malwarebytes Premium without any issues, and I even use the Malwarebytes web browser plugin (currently in beta) as well and I haven't had any problems so far.
  5. Greetings, Yes it does, via the Scan tab if you select Custom Scan you may select which drives to scan. Also, if the right-click context menu Scan with Malwarebytes option is enabled (which it is by default) you may right-click on any drive to scan its contents. Beyond this, Malwarebytes also checks all running processes and threads in memory, regardless of where their physical files might reside when performing scans that include the memory scan phase, including the default Threat scan, so if a malicious item is active in memory, it should be detected regardless of where it is located. If there's anything else we can answer for you, please let us know. Thanks
  6. Excellent, thanks for going to all this trouble to help us diagnose this issue. It's very helpful to our Developers and we greatly appreciate it
  7. A new component update for Malwarebytes has been released, version 1.0.374. I don't know if this specific issue was addressed or not, but it's worth a try if you wish to give it a shot. To install it, open Malwarebytes and navigate to Settings>Application and click on the Install Application Updates button and it should be silently downloaded and installed. Once it has installed and you see the new build number reflected in the UI, I'd recommend restarting the system at least once to confirm that the new components get loaded into memory, then perform your test again to see if it makes any difference. If you do try it, please let us know the results. Thanks
  8. Thanks David I haven't used AIR in ages (used to use it for 1 web streaming service but they no longer require it as they've now switched over to Flash). I tried to dig up a generic "latest" URL for downloading AIR but couldn't find one anywhere. The best I could do was this, which you must know the version # for the latest release in order for it to work (in this case 30.0): https://airdownload.adobe.com/air/win/download/30.0/AdobeAIRInstaller.exe If you change the 30.0 in that URL to whatever the build is that you wish to download it should work to provide you with the standalone offline installer without having to go through all the offers from Adobe's advertisers/partners etc. So to sum up, whenever a new version of Adobe AIR is released, use the following URL, modifying the ##.# section to match the version of the latest build that you're trying to download/install: https://airdownload.adobe.com/air/win/download/##.#/AdobeAIRInstaller.exe I don't know if they ever use the last number following the decimal (.) so I left it there just in case, should they ever publish point version updates (like minor patch releases etc., for example, version 30.1 etc.) but assuming they don't, then all you should need to do is modify the first 2 numbers to match the build then leave the third number (the one following the .) as 0. I've also got the direct links for the various versions of Reader, however they use an FTP server for that and currently I believe the old free Reader has been discontinued/replaced by Adobe Reader DC, so you should be able to use the internal updater to patch it more easily (I just occasionally launch reader then click Help>Check for Updates... then allow it to download/install any updates if available, though there haven't been any for at least a few months now.
  9. Just run the scan with Malwarebytes that causes the crash. Once the system crashes the memory dump will automatically be created (that's why you had to change those settings in Windows, to force it to create the kernel memory dump when a crash occurs). After the crash happens, you should then be able to boot up the system again and find the memory.dmp file he requested in the Windows folder.
  10. Also keep in mind that throttling also occurs automatically after a certain number of seconds of sequential reading or writing of data from/to the drive. I don't know the specs for the 970, but I've got a 960 PRO 1TB and it's rated at 130 seconds for reads and 160 seconds for writes. I don't know the throttling temps for the 970, but the 960 PRO is rated at up to 75 degrees C and I would assume the 970 would be higher, though if Samsung says it's 70 degrees (which is the same as the older 950 series) then I guess I'd have to take their word for it. I also found out that the stickers on the 960s and 970s contain copper to operate as a heatsink and that the controller on the 970 has a nickel plated cover/coating for the same purpose (since the controller is the component that generates the most heat and tends to be the most negatively affected by it). I was also doing a bit of research on possible third party heatsinks for NVMe SSDs and I found a few cheap solutions from Amazon that might work (I'd need something particularly low profile since I have a laptop) so I might end up purchasing one if heat becomes an issue, though so far in my testing my temps have been pretty stable, usually within the 50C~60C range. I just performed a Threat scan and my drive temp maxed out at 55C during the scan (7x64 SP1, fully patched) with the total scan time taking 2 minutes and 20 seconds with the filesystem portion only occupying the last minute or so of the scan (not counting the rootkit scan at the beginning prior to the memory scan phase which went by pretty fast, though technically it is scanning portions of the disk during this phase, but the temp never went up above 50C during those phases). During the scan it checked a total of 232,346 objects. The most notable lag was, as usual, during several portions of the memory scan phase which suffered from noticeable pauses at several points during which it didn't appear to be making any progress until it finally moved on (it typically does this around 4 or so times during each scan) though high CPU usage was fairly consistent throughout, including during these 'pauses'/hesitations (I assume they have something to do with heuristics and/or optimization of the later phases of the scan, and/or possibly the anomalous threat detection component since it relies on cloud analysis for checking of unknown objects).
  11. By the way, the Exploit Protection in Malwarebytes also already covers both Java and Flash browser plugins, so exploits which attack them should be detected/prevented (along with other browser based exploits). In fact, any plugin you run within a protected/shielded browser should be protected from exploits and 0-day vulnerabilities thanks to Exploit Protection in Malwarebytes Premium.
  12. Greetings, Thanks for the suggestions, though there are a few of them at least which are actually already covered in Malwarebytes Premium as well as some of the other offerings from Malwarebytes: Malicious IP addresses are already blocked as well as malicious domains/URLs and there's also a (currently free) Malwarebytes browser plugin for Chromium and Firefox/Mozilla based browsers (Edge support coming soon) which is currently in beta that blocks additional items, including malicious pop-ups, tech support scam sites, phishing sites and tracking servers, many of which are blocked not just through positive identification of specific domains/URLs or IP addresses, but also via behavioral detection (such as tech support scam sites that try to prevent you from closing their pop-ups etc.). The Web Protection in Malwarebytes is also very good for preventing DDoS attacks as it blocks many of the servers and networks known to be used in such attacks, though it doesn't specifically target DDoS/DoS attacks behaviorally (your router/hardware firewall should cover this, and you can use a software firewall such as Windows Firewall Control which was recently acquired by Malwarebytes and will most likely be integrated in some form into the main Malwarebytes Premium product at some point down the road). With regards to malicious scripts in websites (as well as documents and other non-executable/non-PE files), these are already covered by the signature-less, behavior based protection in the Anti-Exploit component of Malwarebytes Premium and the same goes for any other hidden malicious content found on webpages you visit (both HTTP and HTTPS, though I'd strongly recommend using a plugin such as HTTPS Everywhere to force all sites you visit to use HTTPS as it has become the standard and even Google is beginning to push websites to switch over to HTTPS; more info here, here, here, here, here, here, as well as here). Regarding pop-ups, while I already mentioned the Web Protection in Malwarebytes Premium as well as the Malwarebytes browser plugin beta, there are also already excellent pop-up blockers built into all modern web browsers (the most robust I've found of the 3 major web browsers based on my own experience so far is the one built into Internet Explorer when cranked up all the way so that it blocks all pop-ups and asks you to allow pop-ups from sites that attempt to display them, though the ones built into Chrome and Firefox are pretty good as well, though some pop-ups do get past them, at least in my experience). With regards to privacy, refer to the Malwarebytes browser plugin I mentioned as it blocks common tracking servers to protect privacy, and beyond that, the cookie blocking capabilities built into all web browsers is also quite useful in that regard, especially if you max out the setting so that it blocks all cookies (though this will prevent some sites from working such as pages you have to sign in to use so you'll need to add those to your exceptions/allowed lists in your web browsers). Regarding ports, this too is the job of a hardware and/or software firewall (including your router if you use one for connecting to the web) and since Malwarebytes acquired Binisoft as I mentioned above, a software firewall will likely be integrated into Malwarebytes Premium before long. For both antivirus and other security software compatibility as well as CPU and memory performance, Malwarebytes is always striving to improve these areas and the latest release, version 3.5.1 Component Update 1.0.374 is the best so far so if you haven't got it yet, open Malwarebytes and go to Settings>Application and click the Install Application Updates button to get it With regards to both remote access as well as sharing, these can easily be secured in Windows (I tend to disable them completely personally as I never use them) and should also be secured by your software firewall (again, as I mentioned before, since Malwarebytes acquired Binisoft, this should be covered in the future once it is integrated into Malwarebytes Premium) Regarding stealth malware including spy tools, backdoors, Trojans and rootkits, these all should already be covered by the various layers of defense built into Malwarebytes, including its various behavior based signature-less components as well as those which do use signatures and of course the anti-rootkit component built into Malwarebytes which detects hidden/stealth objects such as rootkits. For webcam security, while it is possible to have a software tool alert the user when a program attempts to activate their webcam, I personally prefer a more robust hardware solution such as the covers you can purchase that cover the webcam to prevent its use physically even if it is switched on without you knowing so that you can simply remove/open it deliberately only when you wish to use your webcam. Any threat, malicious link, attachment etc. embedded in an email should be detected/blocked by the various protection components in Malwarebytes, even though it doesn't explicitly integrate a plugin into email clients the way many AVs do, it does still check any URL you click as well as any remote URL the message might attempt to load any content from so that it is blocked if it is a known malicious server, and thanks to the malware protection and exploit protection in Malwarebytes Premium, any malicious attachment should be detected as well as soon as you try to open it/execute it (we leave scanning attachments/email content on download to the AVs as this is one of the ways that Malwarebytes maintains good compatibility with them as attempting to do otherwise would create conflicts with them, so they get to scan the content first so that if they miss it and you try to run it/click it, Malwarebytes will then step in and block/detect/quarantine the threat). While Malwarebytes does not include any specific anti-spam components (again, we leave this up to the AVs as this is one of their areas and we don't want any conflicts), we do target/block known spam/scam domains/URLs/IPs etc. so that if you should click on a spam address in an email, it should be blocked by Malwarebytes, especially if you have the new beta Malwarebytes browser plugin installed in your default browser. With regards to unencrypted websites, see my comments above regarding HTTPS Everywhere as well as the info about Google starting to attempt to force HTTPS for the entire web (and many others in the industry are following suit) so if a site isn't secure, especially if it's a site where you intend to enter any personal information, including your name, email and especially any purchase info such as a credit card number etc., then I would strongly recommend not doing so as you want such information to be secure, and securing the info on your end via some plugin wouldn't be sufficient, if they aren't providing HTTPS then I would question their commitment to securing user data and wouldn't trust them with it even if I were able to force the communication of that info to be secure. It's just a bad idea to give a site like that your info no matter what. I hope that helps to clarify things. You have a lot of solid ideas there, and many of them likely will be addressed in the time to come as these new components are integrated into Malwarebytes, and for many of the others your antivirus should cover them and we don't want Malwarebytes to conflict with your AV, so Malwarebytes must be careful about what kinds of features they choose to implement. I will definitely advise the Product team on any new ideas you provided which would be a good fit for Malwarebytes if it's an area they aren't already covering, and if you have any additional ideas in the future please let us know as we're always looking for such feedback/ideas. Thanks
  13. A new version of Flash is available again (version 30.0.0.113) so don't forget to update if you use Flash in your browsers (run Windows Update/Microsoft Update if you use Microsoft Edge which has Flash integrated). Refer to this post for detailed instructions on how to check your currently installed Flash Player version as well as how to perform a clean uninstall/update/upgrade of Flash for all of your web browsers, including my special post-uninstall cleanup tool for removing remnants/leftovers not removed by the normal uninstaller or Adobe's dedicated Flash uninstall tool (also linked on that post) as well as ensuring that no Flash plugin components from the old version are left behind to help make certain that when you do update/upgrade you're actually running all the latest, most secure Flash components/modules.
  14. Thanks for the info, now that Malwarebytes own WFC (refer to the info here as well as here) I'll be sure to make the team aware of it so that they might hopefully adjust how Malwarebytes is handled by default accordingly to eliminate this issue.
  15. Greetings, According to the information on this page the most recent version is 1.80.2 released on 5/26/2016. As of yet to my knowledge the Anti-Ransomware and other technologies/products have not been integrated into the main Anti-Malware product for business yet. If there is anything else we might assist you with please don't hesitate to let us know.
  16. I agree with your comment, a reinstall shouldn't be necessary. I'll report this to the Product team again to see if I can get the issue escalated.
  17. There are also several fixes you can try listed on this page. In my experience with issues like this, the most likely fix to work is the one that resets Windows Update by deleting the SoftwareDistribution folder etc. (the one listed under How to reset Windows Update using Command Prompt).
  18. I was referring to the issues with the upgrade not installing, not with the installer download link. If it isn't upgrading through the program properly or isn't offering you the newest version when using the Install Application Updates button then there's likely a problem on the system with the current Malwarebytes installation, and the logs would be the only way for us to diagnose it. That's the issue I was addressing, not the download link posted by Firefox above. With regards to the download, since this is a component update, which doesn't use an installer but simply downloads the new components/files through the internal updater built into the software and replacing the older files with the new ones, no installation package is required. I don't know if they plan to update the installer to include the new component update or not, but at this time they haven't yet which is why it's still the previous version being hosted on the site for the installer.
  19. Unless I am mistaken, it looks like XP with a custom theme or Vista with Aero Glass disabled. If it is Vista or XP (any OS older than 7) then the new update doesn't apply to you as the last version of 3.5.1 build 2522 component update 1.0.365 is the final release for those operating systems with the exception of emergency bugfixes and stability improvements on an as-needed basis. Please refer to this post for details.
  20. Greetings, Assuming you are referring to Malwarebytes, then the quickest way to receive assistance with retrieving your license key would be to contact Support directly via one of the options on this page. If there is anything else we might assist you with please let us know. Thanks
  21. Very good, I figured that would do the trick. I saw in the logs you provided that it was blocking that domain without the "www." and figured that was the issue. You might want to add that one on your husband's system as well just to make sure he doesn't have any problems in the future either. If there's anything else we might assist you with please don't hesitate to let us know. Thanks
  22. Thanks, I think I see what the problem is. Try adding the following Web Exclusion in addition to the existing one: sssi.org.au Just leave off the www. for the second one. Please let us know how it goes. Thanks
  23. No problem, the logs should show us what's going on if it doesn't work.
  24. Yes, that's correct. To my knowledge, at this time the only way to get the latest component update is to use the Install Application Updates button under Settings>Application in Malwarebytes or to wait to be offered it when Malwarebytes is checking for updates (though the latter method is throttled/metered out to users gradually, so there is no guarantee that you'd be offered the new version immediately). If the problem still persists then please do the following so that we may take a look at your installation and configuration to troubleshoot the issue: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced Options on the main page (not Get Started) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Thanks
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.