exile360

You're welcome, and if you need anything else just let us know.

Cool, thanks a lot for the additional info.

@Digerati: I think the reason these "FP's" as you call them are detected and modified is meant to be as a service to a user whose settings have (at least potentially) been modified by malware, although I do agree that the implementation at least could be better. Perhaps instead of a detection in a normal scan, these could be part of a special section of "fixes" within MBAM that say things like "restore Help item to Start Menu" or something similar, or at least identify the detections in the scans a bit more descriptively so they aren't percieved by users as actual threats, simply as modified settings that are often changed by malware, and perhaps with a message along the lines of "if you made these changes yourself please ignore this detection." And maybe even going as far as not having these items marked for removal by default, instead maybe show that they were detected, but force the user to check a box next to them to remove them so hopefully they'll read what they are. Just a few ideas. edit: just saw your post DW, yes, a system restore would have rolled back the changes, but it doesn't matter, as the fix I posted restored it to exactly as it was before MBAM changed it so no worries.

You got it, for some reason (at least at one point) there were frequent issues with the SecurityWonks.net server.

You're welcome dancingwoman, and remember, as I said normal malware (not entries where it says 0 bad 1 good or vice versa) MBAM will actually quarantine it so it can later be restored.

It's there in case you ever purchase the software, as everything needed for the paid version is present in the free version, just not active. They don't have a seperate installer for each one. I'm not sure if you can delete it or not, as honestly I've never tried. You can try it out though, and if it breaks MBAM, just uninstall, reboot then reinstall and it should work again. edit: I tested deleting mbamgui.exe and then ran mbam and did a quick scan, everything seems to be working flawlessly.

Honestly, there's no difference between before it installs and after as it doesn't even run on reboot if you're using the free version. If you wanted, you could actually delete that RunOnce reg key before rebooting and it wouln't hurt anything (I've done it by blocking it with TeaTimer, and deleted it on another occasion using Ccleaner) and MBAM worked just fine after reboot. The RunOnce key is only there to install the protection module if you're running the paid version of the software, so when installing the free version, it doesn't really "do" anything. Hopefully that clears it up for everyone.

Awesome

Corrupt databases mainly, but at least with one of the old mirrors before the upgraded network, there were issues where users couldn't always get definitions due to connection issues etc, or there would be a dropped/slow connection resulting in database corruption.

Isn't this worm already completely disabled (or at least the vulnerability it exploits) by an MS update released in October?: http://en.wikipedia.org/wiki/Conficker http://www.microsoft.com/technet/security/...n/MS08-067.mspx note: Vista and Server 2008 users are apparently immune to this one (that vulnerability in the Server service is absent in those 2 OS's).

Thanks for the info on the fix Andrew Jack. Good luck and safe surfing.

I saw this asked a few times and no one answered, so to clarify, if you're using the free version of MBAM, there will be NO background processes or services running when you boot your PC, and the MBAMgui.exe install thing is written to the registry as a Runonce key (as mentioned earlier) which means it only runs the first time you reboot after installing. The entire reason it runs to begin with is simply to activate the protection for the pro version, so if you're running the free version, it doesn't even run. SAS on the other hand does run from the tray and loads it's drivers at boot even with the free version, but doesn't offer realtime protection.

Well done, and I absolutely agree that no single tool gets everything. And so do the developers, they just try to keep up with the newer and nastier stuff as MBAM is a pretty specialized tool, which is why it does what it does so well, it's not trying to be a "jack of all trades" like all the suites out there. Anyways, good luck with your site, your future tests, and thanks for recommending MBAM.

Just to clear this up, I believe the reason it doesn't quarantine these particular issues is because it isn't actually deleting anything, it's simply changing the number 1 to a 0 in that reg key, not removing it, so there's nothing to quarantine. Perhaps the developers could implement something to back up the 1 key so that it could be restored (sort of like quarantine, but not quite). With normal malware where a key or file is deleted off of the system, it is actually quarantined by MBAM.

If you're dealing with old infections, then yes, something like spybot would be handy to have for removals. MBAM's main use is to remove (or for the pro version prevent) difficult to remove infections that are actively infecting users and that most if not all antivirus softwares fail to detect and/or remove. I actually keep RogueRemover on my PC to this day (the free version) I don't even have to have it installed because it's portable so I can run it from a flash drive should I encounter a pc that is infected with an old rogue and the scan only takes a few seconds so it's never a hassle to see if RogueRemover catches the rogue(s) on the system.

Happy Burpday lurkingatu2, now quit lurking at me.

Hello Mr Forrester and welcome to Malwarebytes'. I'm not one of the developers so I can't answer the question for you, I can however point you in the right direction. Please PM Rubber Ducky and he'll let you know if it's alright or not and how to go about it. Nice of you to be so considerate of your customers, by the way.

Oh, ok. What MBAM does when it deletes a threat is remove it and back it up to the quarantine automatically so you will be able to restore it/them should they prove to be false positives.

Sorry about that. It could also be an issue with your ISP as I've heard about Comcast and others deliberately throttling/blocking P2P app traffic. I'm not sure if that would be the case here though.

I had a similar issue when I set mine up for a static IP, as I recall I had to use the DNS servers from the router, not the one(s) from IPConfig.

Greetings Marcos. I saw you referenced portforward.com, was this the guide you used?: http://portforward.com/english/routers/por...neric/LDC++.htm Also, were the router setup screens the same as the ones on the site? If not, then it's not an accurate guide for your router. Who is your ISP? Answer these as best you can and I'll see if I can offer any additional info to you. Thanks. edit: I just found this, it may be more helpful: http://www.my-iptv.com/us/eng/faq_05_08.php Just ignore the stuff about IPTV (that's what the guide's for) and be sure to set the same port that uTorrent is using.

Hello andignon. Sorry no one answered your initial post. Please try the instructions in the first post here and see if it resolves it: http://www.malwarebytes.org/forums/index.php?showtopic=7038 If it doesn't help, just post back here and I'll see about getting you with one of the developers to see if they can help you further troubleshoot and fix the problem.

Greetings pepegot1 and welcome. The way the quarantine function works is that after you do a scan and a threat is found it is moved to the quarantine, it is not used to browse to a file and quarantine it. It's simply there in case a problem arises from removing a threat requiring it to be restored such as loss of system functionality, instability or a false positive. If you have any more questions or issues please let us know.

Greetings james007. To expedite your issue and get it resolved please contact support directly here: http://helpdesk.malwarebytes.org/login If you have any more questions, let us know.

Greetings Galileo. One of the keys behind using a layered approach to security is picking the right software. They need to get along well and be low on resource usage. You can have a look at my signature to see what I run, and believe it or not, it has a negligable performance cost. I'm a gamer, heavy multitasker and do video editing and I have a very old dual core processor. You'll notice I'm not running MBAM in realtime, the reason isn't it's resource usage, it's due to the fact that it's currently incompatible with Vista 64 bit, but when it is, I'll have it running. The reason I believe in the layered approach is because I don't trust any one company to block every current threat out there at any given time. For additional info about what MBAM detects and what it doesn't please have a look at this thread: http://www.malwarebytes.org/forums/index.php?showtopic=8068