Jump to content

exile360

Experts
  • Content Count

    25,295
  • Joined

  • Last visited

Everything posted by exile360

  1. Excellent, I'm glad I could help If there's anything else we might assist you with please let us know. Thanks
  2. Greetings, Please do the following as I do not believe the team has been able to replicate this issue yet so gathering additional information about your system and setup could prove helpful: Provide System Specifications: Please download Speccy from here and save the ZIP file to your desktop or another location where you can easily find it. Right-click the file select Extract All... then click Extract in the window that pops up and it should be extracted to a folder in the same location as the ZIP file you downloaded. Open the extracted folder and then double-click on the version of Speccy appropriate for your system (select Speccy.exe if using a 32 bit Windows version or Speccy64.exe if you are running a 64 bit version of Windows) and click Yes, OK or Allow if prompted by User Account Control. Once the program starts it will analyze your system, please be patient as it may take a few moments to complete. Once it finishes and none of the areas say Analyzing click on the File button at the top and select Save Snapshot... Save the file to your desktop and click Ok to confirm Go to your desktop and right click on the file you just created and hover over Send to and select Compressed (zipped) Folder Please attach the zip file you just created to your next post Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced Options on the main page (not Get Started) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Once you've run both tools, attach the ZIP files to your response so that the team can take a look at your system configuration and hopefully determine the cause of the issue. Thanks
  3. Wait, it specifically says If your anti-virus, exploit mitigation or anti-exploit software has a feature to shield custom applications, you can add the hmpalert-test.exe and hmpalert64-test.exe executables to the list of protected applications. This way you can also test the abilities of this other security software without abusing a third-party application. That tells me that the way I did it is precisely how it is intended to be used to test Malwarebytes and that's exactly what I did to get my results. I think the reason it isn't working when you have it set to IE is because instead of the malicious/exploit code parameters being inserted directly into IE itself through its own code/rendering engine/process etc., it's an outside application executing the code and calling IE to launch calc.exe which is why Malwarebytes doesn't detect it, and precisely why they specify that you should add the hmpalert-test.exe to the custom shield list if possible. It makes sense and is far more accurate to how actual web based exploits work when attempting to exploit browsers. Using a secondary process/executable to inject the code from the outside isn't at all the same thing which explains why some of the tests won't trigger detection properly because that's not how actual exploits work (nor would they ever, because if the bad guys could get a malicious EXE onto the target system to launch an exploit attack against a browser or any other process, then there would be no need to launch an exploit in the first place since the entire point of executing an exploit attack is to execute malicious code, usually for the purpose of downloading a malicious payload such as a Trojan and if they could get an EXE onto the system so easily, they'd just skip the exploit altogether and just drop an actual Trojan on the system from the start).
  4. Greetings, I'm sorry you're having trouble running Malwarebytes but hopefully we'll be able to assist you in getting it working properly again. First, if you suspect the system to be infected then it would be best to just go ahead and follow the instructions in this topic and then create a new topic in the malware removal area including the requested logs and information by clicking here and one of our malware removal specialists will assist you as soon as one is available. If you do not believe the system is infected, then please try removing Malwarebytes via the Clean function in the Malwarebytes Support Tool once more: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced Options on the main page (not Get Started) Click the Clean button, and allow it to restart your system but do not attempt to reinstall Malwarebytes just yet Next, download but do not run the latest installer for Malwarebytes 3 from here and save it somewhere convenient where you will easily be able to locate it such as your desktop then restart your system and boot into Safe Mode with Networking by following the steps documented on this page for your version of Windows and then try installing Malwarebytes from there to see if it works. If it does and Malwarebytes runs and is able to complete a scan (and assuming no infections were found), go ahead and restart your system and allow it to boot normally and see if Malwarebytes now functions properly. Please let us know how it goes. Thanks
  5. Greetings, While we generally do not recommend using driver updater programs, it is not because they are malicious or because they download malware (as far as I know they do not); it is because they are generally not needed and in fact often end up installing the wrong drivers for many devices (it's best to seek out drivers from the system manufacturer or individual hardware component vendors if you need to update any drivers, otherwise you may end up with the wrong drivers for your device and could lose performance and/or functionality, especially if you own a pre-built system from a PC maker like HP, Dell, Toshiba, Acer etc. as they often have custom drivers which are modified versions of those from the individual hardware vendors like Intel, NVIDIA, AMD etc. for things like expanded functionality and improved battery life (for laptops)). You can find out more at the following links: https://blog.malwarebytes.com/cybercrime/2015/06/driver-updaters-digital-snake-oil-part-2/ https://www.howtogeek.com/198758/never-download-a-driver-updating-utility-theyre-worse-than-useless/ https://www.howtogeek.com/233115/the-only-way-to-safely-update-your-hardware-drivers-on-windows/ http://www.tomshardware.com/answers/id-1857635/good-free-automatic-driver-updater.html http://www.tomshardware.com/answers/id-1974868/trusted-driver-updater.html With that said, if you are having performance problems after updating your drivers using that driver updating utility, then I would recommend looking on your system maker's support page to see if they have a better/newer driver available, and failing that, check the individual component maker's websites for the same (i.e. Intel, Realtek, Broadcom etc.). If you need help with doing so you may create a new thread in the General PC Help area and members of the forums should be able to help and offer their input on what to do. To do so you may click here. If you've already rolled back the changes made by the driver updater program (assuming it allows you to do so) and you've uninstalled it but are concerned that parts of it may remain you might try running ADWCleaner to see if it detects anything. Just scan with it and have it remove anything it finds then restart your system if prompted to complete the removal process. ADWCleaner detects some items that Malwarebytes does not. If you believe your system is infected with malware then you should read and follow the instructions in this topic and then create a new topic in the malware removal area including the requested logs and information by clicking here and one of our malware removal specialists will assist you as soon as one becomes available. If there is anything else we might assist you with please let us know and we'll do our best to help. Thanks
  6. No, the entire reason that ADWCleaner still exists as a standalone tool/separate download is specifically because it uses its own databases and targets some items that Malwarebytes does not currently. If all of the detections in ADWCleaner are integrated into Malwarebytes 3 then it is likely that ADWCleaner will be retired at that time just as JRT was when all of its detections were integrated into Malwarebytes 3 and ADWCleaner.
  7. Ah, I see what you mean. Yes, I tried it that way too, until I realized that the test app is actually playing the role of the browser (I tested it against HitmanPro.Alert to be sure and found the same; not on every test, but that if I just ran the test EXE (which HMP.A is already coded to monitor/detect), it would detect the test exploit attempts when launching calc.exe directly without selecting Internet Exploter; this is why I tested it with Malwarebytes this way because I figured this must be the reason for the apparent failures, especially since I know for a fact that such exploit methods are already targeted by Malwarebytes and most of them have been since before the Exploit Protection technology was even integrated into Malwarebytes 3 so I knew something had to be wrong). It may be wise to ask over in the Anti-Exploit Beta area located here to get direct confirmation/technical details from the Developers, as they will be able to provide much more detailed/accurate info than I can as all I have is the data from the tests I ran on my own.
  8. Whoa, a backdoor/RAT? Nasty business .
  9. Actually, it does make sense because the way the test tool works is to attempt to launch a "malicious" application (i.e. calc.exe) so the test executable is playing the role of the browser being exploited to launch the "malware" (again, calc.exe, which obviously isn't malware, but it's the same principal of how exploits work to execute arbitrary/malicious code and/or launch outside executables like Trojans and ransomware).
  10. It appears that most if not all of the detections on VirusTotal are heuristics/generic hits/detections, meaning the file could actually be malicious or it could just have one or more characteristics that make it appear to be malware such as using a particular kind of compression/encryption (a packer, which many of the detection names appear to indicate) and since a packer can be used for any kind of file, including malware but also safe files, this might in fact be a false positive. While there are certain packers known to be used by malware authors quite often, it isn't impossible for a developer who isn't creating malware to also use the same one so this isn't the most reliable means of identifying a file as malware (though virtually all security vendors do it in order to play it safe as they'd rather have 1 false positive than allow a lot of malicious files to go undetected). Once the Malwarebytes Research team has analyzed the file they will classify the item accordingly and whitelist it if it isn't a threat.
  11. To disable the scan at startup, you can change how the scheduled scan works. By default it is set to run as soon as possible after missing its last scheduled time (like if the PC was off during its normal scheduled scan time). To do so, open Malwarebytes and go to Settings>Scan Schedule and double-click on the entry there to open the edit window and click on Advanced near the bottom which will expand the edit dialog, then uncheck the box next to Recover missed tasks then click OK. It should no longer scan when the PC starts up, just be aware that if the PC is off when a scheduled scan is set to occur, it won't run again until the next scheduled time. As for Bittorrent, if it is blocking downloads by blocking seeders/leeches (IP addresses from other Bittorrent users), then you'll want to exclude Bittorrent's main EXE (the one showing up in the Malwarebytes Web Protection tray notifications as the source of the blocks) by following the instructions found on this page under the section called Exclude an Application that Connects to the Internet. You can find more info about why peer-to-peer (P2P) applications like Bittorrent are often blocked by Malwarebytes Web Protection by reviewing the information found here. If that wasn't the issue or you need assistance with something else please let us know. Thanks
  12. Greetings, I've tested with that tool on several occasions and as I recall it did actually detect/block the heap spray tests. When testing, be sure to add the HMPAlert test EXE to Malwarebytes Exploit Protection shielded applications list (I used the default "web browser" category, as this seemed to make the most sense given the frequency of exploit attacks on browsers and their plugins) and while it did not block all of the tests, it did block most of them (though there were a couple of cases where the HMPAlert test tool just crashed, however I considered those as failures of successful exploit attack as well since an exploit needs to actually succeed in executing code to work, not just crash its parent/attacking process).
  13. You're very welcome If you are using a large HOSTS file (as with HostsMan or from a source such as hpHosts/hosts-file.net or the mvps HOSTS file etc.) then that probably is what's causing it. If not, and you really want to find out what it is then you can use a tool such as Process Monitor by Microsoft Sysinternals and filter by the process mbamservice.exe (the process used by Malwarebytes for scanning, among other things) and try to identify what it is checking at the time where it gets stuck.
  14. It's just a spam/paid affiliate site. This is pretty much how these fake/PUP anti-malware/antivirus products get pushed on unsuspecting users these days with false "tests", inaccurate and deceitful claims and false statements about the effectiveness of legitimate/reputable products. All things being equal, there's no way that Avira (much less any of the other legitimate products listed) did worse than 3 fake/scam products on a real test. It's the same fake, sponsor generated garbage that you'll find all over the web, especially if you search for the name of any of those "top" products it lists in its results. You'll find a very suspicious similarity between this and many other pages, all of which are run by paid affiliates seeking to push those particular products in order to make profits for themselves. Hopefully this site will be added to the Malwarebytes Web Protection database soon because any site pushing those products belongs there (and many of them already are) so that users will be protected from this trash.
  15. Excellent, you're very welcome. If there is anything else we can help you with please let us know. Thanks
  16. If the detections keep returning then it could be a threat on the system that is resurrecting them that isn't being detected. I would recommend following the instructions in this topic and creating a new topic in the malware removal area including the requested information and logs by clicking here and one of our malware removal specialists will assist you with this as soon as one becomes available. They should be able to assist you in cleaning up the system without needing to reinstall Windows.
  17. Yes, that's for My.Malwarebytes.com. I don't know what the problem is, however you'll need to contact Support as I explained above and they will be able to help you with it. Unfortunately we on the forums don't have access to those systems so there isn't anything we can do, but the Support team will get you taken care of.
  18. Apologies, that was the direct download link from their site but I guess they use a tracker to block hotlinking. I've corrected the link above so it should now work.
  19. Yeah, "this changes" and "this updates" were kind of a dead giveaway.
  20. That's great news, I'm glad that I was able to help ! Malwarebytes is not an antivirus and has been engineered specifically to be able to run it together in real-time with an active, up-to-date antivirus solution so you shouldn't have any problems. With that said, the combination of technologies in Malwarebytes Premium should be sufficient on their own to keep you safe online if you do ever decide to run it without an AV, however the choice is entirely up to you because the Developers of Malwarebytes have always, and continue to work hard to ensure that it doesn't conflict with antivirus and other security solutions as much as they possibly can and the Malwarebytes Quality Assurance (QA) team is always testing each release of Malwarebytes Premium alongside many different AVs to check for any compatibility problems so that they can report them to the Developers to fix. Now, having said all of that, there is actually a known issue with some versions of Kaspersky which is documented here so if you run into any problems enabling the Web Protection component in Malwarebytes, then you may need to disable the rootkit scanning component in Kaspersky. I believe this issue occurs because when Kaspersky's rootkit scan runs, it prevents many types of drivers from loading and Malwarebytes Web Protection uses a driver for its protection that it must unload and reload each time Malwarebytes updates the Web Protection database (a block list of known bad websites) meaning after Kaspersky has run its rootkit scan which runs automatically when the system is idle I believe, it prevents Malwarebytes from loading Web Protection the next time that Malwarebytes updates. I believe that's the only known issue though, and I don't recall hearing of any other antivirus compatibility problems recently. If there is anything else we might assist you with please don't hesitate to ask. Thanks
  21. Excellent, the Support team should be able to get this taken care of for you then. Thank you for reporting this issue and I hope that it is resolved quickly. If there is anything else we might assist you with please don't hesitate to let us know. Thanks
  22. exile360

    Winmerge

    Greetings, It sounds as though the program is most likely triggering a behavioral detection because the Ransomware Protection component in Malwarebytes monitors all processes very closely to observe their file activities, especially for any delete operations among other things due to the fact that one of the first things ransomware will do is delete the files it is encrypting to remove the unencrypted copies from the system. To report the program as a false positive please create a new topic in the ransomware false positive area by clicking here and provide details about the detection such as the name of the software, a copy of the file (zipped and attached if you can, or at least a link to a scan page from VirusTotal for the exact file being detected) and a link to the program's download page if possible and the Research team will review the software and correct the false positive. In the meantime, until this gets resolved you may exclude the item from detection as ransomware by following the instructions under the Exclude a File or Folder section on this page and selecting Exclude from detection as ransomware only to exclude the process from the Ransomware Protection component in Malwarebytes. If there is anything else we might assist you with please let us know. Thanks
  23. Greetings, If you are referring to My.Malwarebytes.com then you will need to contact Malwarebytes Support directly. You may do so via the options on this page. You don't need to create an account with Support, they will assist you directly via email as soon as they are available, but please do be sure to monitor your Junk/Spam folder(s) in case their response gets placed there by your email provider by mistake. If there is anything else we might assist you with please let us know. Thanks
  24. Yes, it will only work one time. The cache rebuilds itself every time you visit the same page, so if it initially gets blocked and you see Malwarebytes notify you, unless you close your browser and clear the cache with CCleaner again, it will most likely default to the same behavior of not showing the block page or notification even though it still won't connect to the blocked website.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.