Jump to content

exile360

Experts
  • Content Count

    25,336
  • Joined

  • Last visited

Everything posted by exile360

  1. You have to have a certain number of posts before it allows editing. It's part of the anti-spam functionality set up on the forums. I'm not sure what that number is but one of the admins would know. No worries though; I knew what you meant to say
  2. Greetings, To my knowledge, Malwarebytes has never remembered the size of the main UI after closing and reopening it all the way back to version 1.x so I don't believe this is a bug (however it has been requested in the past by some users to provide that functionality).
  3. Sure, that's understandable, however at least as far as installers go, Malwarebytes should detect most of the items that ADWCleaner does, which is where Premium comes in (since the real-time protection in Malwarebytes 3 does not monitor the registry or files created on disk that aren't attempting to load into memory; the reason being that it's designed not to conflict with antivirus software and other security tools if users have them installed alongside it). They do plan to integrate it eventually, but the process will most likely be a gradual one as there are still a lot of users who like having ADWCleaner as a standalone portable scan tool (since even the free version of Malwarebytes requires installation, so some users prefer it).
  4. Sounds good. Good luck, and I hope this issue gets resolved quickly for you.
  5. No problem at all, I just wanted to make certain you had the info required to get the fastest assistance If there's anything else we can help with please let us know. Thanks
  6. OK, thanks, though that is with Malwarebytes 2.x which was a very different program (virtually the entire codebase was rewritten for version 3), but at least it gives us more data to go on. Hopefully the Devs will be able to find out what's going on here.
  7. Greetings, I'm sorry you're having trouble with the site and getting your renewal processed. Your best bet would be to contact Malwarebytes Support directly via the options found on this page. They should be able to assist you with checking the status and getting the pricing correct for you and I'll also report your findings with the site to the team to investigate so that they can hopefully get it corrected.
  8. OK, it's probably one of the methods not targeted then. I do know that at least some heap spray methods are targeted, but I don't know the reason why some are and others are not.
  9. It could be related to the Web Protection component. Anyone affected by this can test by disabling Web Protection in the tray menu in Malwarebytes or via the switch on the Dashboard or under Settings>Protection. Another possibility would be some kind of I/O conflict with one of Malwarebytes' drivers and the particular network driver/hardware and/or sound hardware you have in your system. Sometimes such issues are resolved by updating drivers, though not always. If you wish to check to see if it helps I'd recommend grabbing the latest drivers for your network card/wireless card (depending on which you're using to connect to the internet of course) and audio device (usually onboard sound these days from a vendor like Realtek or Intel) from either your system manufacturer's support site or directly from the hardware component vendor's website (i.e. intel.com, realtek.com etc.). You can also run a latency testing tool like LatencyMon or DPC Latency Checker. They might not show exactly where the conflict is/what component/module is causing it, but they should at least help to identify whether that is the issue (there was a similar problem in the past with Malwarebytes and older versions of Killer networking drivers, however it has since been resolved in later releases of those drivers).
  10. That may be a symptom of instability from the tests, so just to make sure, wait a while between each test to allow the process and DLL to stabilize (the Exploit Protection component functions by injecting its DLL into shielded processes, so a large number of unusual memory instructions, such as those which are used in exploit attacks, could cause it to fail; I noticed the same when testing the tool alone against HMP.Alert, where the test EXE itself would occasionally crash or fail to launch calc.exe even when not shielded or detected by either product). That said, I don't recall which ones, but I do know that Malwarebytes does not detect/pass all of the tests in the test EXE. I reported my findings to the Devs already and that was some time ago, and if I recall correctly I was told that some of the tests aren't really seen in the wild and so they weren't being targeted/detected by Malwarebytes, however you can also post in the Anti-Exploit Beta area as I mentioned earlier to get an explanation from them directly.
  11. OK, thanks for letting me know. I'd suggest going ahead and following the instructions I posted above for creating a thread in the malware removal area. It's possible that an undetected malware infection is causing this issue and if so, they should be able to identify the threat and remove it.
  12. Excellent, I'm glad I could help If there's anything else we might assist you with please let us know. Thanks
  13. Greetings, Please do the following as I do not believe the team has been able to replicate this issue yet so gathering additional information about your system and setup could prove helpful: Provide System Specifications: Please download Speccy from here and save the ZIP file to your desktop or another location where you can easily find it. Right-click the file select Extract All... then click Extract in the window that pops up and it should be extracted to a folder in the same location as the ZIP file you downloaded. Open the extracted folder and then double-click on the version of Speccy appropriate for your system (select Speccy.exe if using a 32 bit Windows version or Speccy64.exe if you are running a 64 bit version of Windows) and click Yes, OK or Allow if prompted by User Account Control. Once the program starts it will analyze your system, please be patient as it may take a few moments to complete. Once it finishes and none of the areas say Analyzing click on the File button at the top and select Save Snapshot... Save the file to your desktop and click Ok to confirm Go to your desktop and right click on the file you just created and hover over Send to and select Compressed (zipped) Folder Please attach the zip file you just created to your next post Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced Options on the main page (not Get Started) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Once you've run both tools, attach the ZIP files to your response so that the team can take a look at your system configuration and hopefully determine the cause of the issue. Thanks
  14. Wait, it specifically says If your anti-virus, exploit mitigation or anti-exploit software has a feature to shield custom applications, you can add the hmpalert-test.exe and hmpalert64-test.exe executables to the list of protected applications. This way you can also test the abilities of this other security software without abusing a third-party application. That tells me that the way I did it is precisely how it is intended to be used to test Malwarebytes and that's exactly what I did to get my results. I think the reason it isn't working when you have it set to IE is because instead of the malicious/exploit code parameters being inserted directly into IE itself through its own code/rendering engine/process etc., it's an outside application executing the code and calling IE to launch calc.exe which is why Malwarebytes doesn't detect it, and precisely why they specify that you should add the hmpalert-test.exe to the custom shield list if possible. It makes sense and is far more accurate to how actual web based exploits work when attempting to exploit browsers. Using a secondary process/executable to inject the code from the outside isn't at all the same thing which explains why some of the tests won't trigger detection properly because that's not how actual exploits work (nor would they ever, because if the bad guys could get a malicious EXE onto the target system to launch an exploit attack against a browser or any other process, then there would be no need to launch an exploit in the first place since the entire point of executing an exploit attack is to execute malicious code, usually for the purpose of downloading a malicious payload such as a Trojan and if they could get an EXE onto the system so easily, they'd just skip the exploit altogether and just drop an actual Trojan on the system from the start).
  15. Greetings, I'm sorry you're having trouble running Malwarebytes but hopefully we'll be able to assist you in getting it working properly again. First, if you suspect the system to be infected then it would be best to just go ahead and follow the instructions in this topic and then create a new topic in the malware removal area including the requested logs and information by clicking here and one of our malware removal specialists will assist you as soon as one is available. If you do not believe the system is infected, then please try removing Malwarebytes via the Clean function in the Malwarebytes Support Tool once more: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced Options on the main page (not Get Started) Click the Clean button, and allow it to restart your system but do not attempt to reinstall Malwarebytes just yet Next, download but do not run the latest installer for Malwarebytes 3 from here and save it somewhere convenient where you will easily be able to locate it such as your desktop then restart your system and boot into Safe Mode with Networking by following the steps documented on this page for your version of Windows and then try installing Malwarebytes from there to see if it works. If it does and Malwarebytes runs and is able to complete a scan (and assuming no infections were found), go ahead and restart your system and allow it to boot normally and see if Malwarebytes now functions properly. Please let us know how it goes. Thanks
  16. Greetings, While we generally do not recommend using driver updater programs, it is not because they are malicious or because they download malware (as far as I know they do not); it is because they are generally not needed and in fact often end up installing the wrong drivers for many devices (it's best to seek out drivers from the system manufacturer or individual hardware component vendors if you need to update any drivers, otherwise you may end up with the wrong drivers for your device and could lose performance and/or functionality, especially if you own a pre-built system from a PC maker like HP, Dell, Toshiba, Acer etc. as they often have custom drivers which are modified versions of those from the individual hardware vendors like Intel, NVIDIA, AMD etc. for things like expanded functionality and improved battery life (for laptops)). You can find out more at the following links: https://blog.malwarebytes.com/cybercrime/2015/06/driver-updaters-digital-snake-oil-part-2/ https://www.howtogeek.com/198758/never-download-a-driver-updating-utility-theyre-worse-than-useless/ https://www.howtogeek.com/233115/the-only-way-to-safely-update-your-hardware-drivers-on-windows/ http://www.tomshardware.com/answers/id-1857635/good-free-automatic-driver-updater.html http://www.tomshardware.com/answers/id-1974868/trusted-driver-updater.html With that said, if you are having performance problems after updating your drivers using that driver updating utility, then I would recommend looking on your system maker's support page to see if they have a better/newer driver available, and failing that, check the individual component maker's websites for the same (i.e. Intel, Realtek, Broadcom etc.). If you need help with doing so you may create a new thread in the General PC Help area and members of the forums should be able to help and offer their input on what to do. To do so you may click here. If you've already rolled back the changes made by the driver updater program (assuming it allows you to do so) and you've uninstalled it but are concerned that parts of it may remain you might try running ADWCleaner to see if it detects anything. Just scan with it and have it remove anything it finds then restart your system if prompted to complete the removal process. ADWCleaner detects some items that Malwarebytes does not. If you believe your system is infected with malware then you should read and follow the instructions in this topic and then create a new topic in the malware removal area including the requested logs and information by clicking here and one of our malware removal specialists will assist you as soon as one becomes available. If there is anything else we might assist you with please let us know and we'll do our best to help. Thanks
  17. No, the entire reason that ADWCleaner still exists as a standalone tool/separate download is specifically because it uses its own databases and targets some items that Malwarebytes does not currently. If all of the detections in ADWCleaner are integrated into Malwarebytes 3 then it is likely that ADWCleaner will be retired at that time just as JRT was when all of its detections were integrated into Malwarebytes 3 and ADWCleaner.
  18. Ah, I see what you mean. Yes, I tried it that way too, until I realized that the test app is actually playing the role of the browser (I tested it against HitmanPro.Alert to be sure and found the same; not on every test, but that if I just ran the test EXE (which HMP.A is already coded to monitor/detect), it would detect the test exploit attempts when launching calc.exe directly without selecting Internet Exploter; this is why I tested it with Malwarebytes this way because I figured this must be the reason for the apparent failures, especially since I know for a fact that such exploit methods are already targeted by Malwarebytes and most of them have been since before the Exploit Protection technology was even integrated into Malwarebytes 3 so I knew something had to be wrong). It may be wise to ask over in the Anti-Exploit Beta area located here to get direct confirmation/technical details from the Developers, as they will be able to provide much more detailed/accurate info than I can as all I have is the data from the tests I ran on my own.
  19. Whoa, a backdoor/RAT? Nasty business .
  20. Actually, it does make sense because the way the test tool works is to attempt to launch a "malicious" application (i.e. calc.exe) so the test executable is playing the role of the browser being exploited to launch the "malware" (again, calc.exe, which obviously isn't malware, but it's the same principal of how exploits work to execute arbitrary/malicious code and/or launch outside executables like Trojans and ransomware).
  21. It appears that most if not all of the detections on VirusTotal are heuristics/generic hits/detections, meaning the file could actually be malicious or it could just have one or more characteristics that make it appear to be malware such as using a particular kind of compression/encryption (a packer, which many of the detection names appear to indicate) and since a packer can be used for any kind of file, including malware but also safe files, this might in fact be a false positive. While there are certain packers known to be used by malware authors quite often, it isn't impossible for a developer who isn't creating malware to also use the same one so this isn't the most reliable means of identifying a file as malware (though virtually all security vendors do it in order to play it safe as they'd rather have 1 false positive than allow a lot of malicious files to go undetected). Once the Malwarebytes Research team has analyzed the file they will classify the item accordingly and whitelist it if it isn't a threat.
  22. To disable the scan at startup, you can change how the scheduled scan works. By default it is set to run as soon as possible after missing its last scheduled time (like if the PC was off during its normal scheduled scan time). To do so, open Malwarebytes and go to Settings>Scan Schedule and double-click on the entry there to open the edit window and click on Advanced near the bottom which will expand the edit dialog, then uncheck the box next to Recover missed tasks then click OK. It should no longer scan when the PC starts up, just be aware that if the PC is off when a scheduled scan is set to occur, it won't run again until the next scheduled time. As for Bittorrent, if it is blocking downloads by blocking seeders/leeches (IP addresses from other Bittorrent users), then you'll want to exclude Bittorrent's main EXE (the one showing up in the Malwarebytes Web Protection tray notifications as the source of the blocks) by following the instructions found on this page under the section called Exclude an Application that Connects to the Internet. You can find more info about why peer-to-peer (P2P) applications like Bittorrent are often blocked by Malwarebytes Web Protection by reviewing the information found here. If that wasn't the issue or you need assistance with something else please let us know. Thanks
  23. Greetings, I've tested with that tool on several occasions and as I recall it did actually detect/block the heap spray tests. When testing, be sure to add the HMPAlert test EXE to Malwarebytes Exploit Protection shielded applications list (I used the default "web browser" category, as this seemed to make the most sense given the frequency of exploit attacks on browsers and their plugins) and while it did not block all of the tests, it did block most of them (though there were a couple of cases where the HMPAlert test tool just crashed, however I considered those as failures of successful exploit attack as well since an exploit needs to actually succeed in executing code to work, not just crash its parent/attacking process).
  24. You're very welcome If you are using a large HOSTS file (as with HostsMan or from a source such as hpHosts/hosts-file.net or the mvps HOSTS file etc.) then that probably is what's causing it. If not, and you really want to find out what it is then you can use a tool such as Process Monitor by Microsoft Sysinternals and filter by the process mbamservice.exe (the process used by Malwarebytes for scanning, among other things) and try to identify what it is checking at the time where it gets stuck.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.