exile360

Greetings and welcome to Malwarebytes'. Please follow AdvancedSetup's instructions here: http://www.malwarebytes.org/forums/index.p...amp;#entry35969 Then please follow the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs in a new topic here: http://www.malwarebytes.org/forums/index.php?showforum=7 Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing.

Yes, you have to have the same version of Malwarebytes' installed (currently version 1.31) otherwise the database won't be compatible. So you will need to install the main program first. You can download it from one of these links and then install it on the PC without internet access: http://www.download.com/Malwarebytes-Anti-...&tag=button http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html http://projects.securitywonks.net/projects...ls.php?file=158 Be sure to uninstall the old version first, then reboot, then install 1.31.

Yeah, I used to use a Bart's disc myself with a lot of tools on it but it became such a pain to update that I pretty much only use ERD Commander or one of the bootable discs AdvancedSetup mentioned. I do have a couple of links where you can get some plugins and help on using them if you want, but it's probably sites that you are already aware of: http://www.911cd.net/forums//index.php?showforum=21 http://www.paraglidernc.com/plugins/plugins.htm

Greetings and welcome to the forum. To get you fixed up please follow the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs in a new topic here: http://www.malwarebytes.org/forums/index.php?showforum=7 That is the forum the experts frequent to assist with logs. Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing.

Yeah, that makes sense. Honestly though, if a system isn't bootable then you can't even install MBAM on it in the first place, which is a requirement of the PE plugin. Perhaps if MBAM were made more portable so that it didn't require installation on the host system, then that would work. Otherwise, I'd use tools like Avira's rescue CD, Spybot Search & Destroy or (I know it's blasphemy) SUPERAntiSpyware as they are portable and don't have to be installed on the host system before they are run offline.

Well generally speaking, if the drive in question is the booted drive with Windows on it, you only need to do a quick scan because one of the main ways MBAM detects malware is based on folder structure and a file's location. In other words, you could have a trojan dll that isn't running in memory sitting in a random folder on your desktop and scan the folder with MBAM and it won't detect it as malware. But if the same dll were in say the System32 folder (if that's where the dll is located on a system that's actually infected) it would detect it as malicious. So you could simply use the quickscanterminate command. Of course, if malware is found, it won't close and will still require user input. I believe there is a special Tech license version (for repair shops and businesses) that has other command line options, but I'm not sure what those options are. If you would like to find out more info about the Tech version you should PM Rubber Ducky and he'll give you the info.

HostsMan is a similar program to HostsXpert and works very well also: http://www.abelhadigital.com/

Hello Princess Snowflake and welcome to the forum.

Greetings and welcome to the forum. Please follow AdvancedSetup's instructions here: http://www.malwarebytes.org/forums/index.p...amp;#entry35969 Then please follow the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs in a new topic here: http://www.malwarebytes.org/forums/index.php?showforum=7 Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing.

Sure thing, just open notepad and copy the following text into it notepad and save it as copy.bat (be sure to save it as a .bat file and not a .txt file): copy "%AllUsersProfile%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref" "%cd%"That will copy the definitions from the computer that has internet access to the current directory of where you create the .bat file. Place the rules.ref file on a flash drive and create the following as paste.bat: copy "rules.ref" "%AllUsersProfile%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware"Copy both the rules.ref file and the paste.bat file to your flash drive and then take them to the PC without internet access and run the paste.bat file. When you do this, make sure Malwarebytes' isn't running and that you are logged in as an administrator.

Nope, it's not malicious. Norton protects itself and it's registry keys as well, that's why you can't delete it. Nor would you want to as it's related to LiveUpdate which is the component Norton uses to update itself and it's definitions.

Hello. I believe it's related to Norton. But if you don't have any Norton products installed, then you might want to get checked out.

Hello gavilaso, yes there is. Simply download the definition installer from here: http://www.gt500.org/malwarebytes/database.jsp then put it on a flash drive and install it on the PC that isn't online. Do keep in mind however, that Malwarebytes' updates frequently and the definitions installer is usually behind.

Most likely that's accurate seeing as MBAM seeks malware specifically based on location and the registry. You can load the registry in a PE environment, but since the PE CD is considered the %systemdrive%, that will be the place MBAM looks for malware and if it is set to full scan, it may not hit on the offline Windows folder, at least not for most of it's detections.

Greetings. As IE 8 is still in beta it will be tough to find info on it. I did find a couple of good places for you to start though: http://social.msdn.microsoft.com/forums/en...opment/threads/ https://connect.microsoft.com/IE/Feedback https://connect.microsoft.com/IE/ Hopefully those will help. The fist one gets you into contact with the IE developers, so if anyone can help you decipher the cause of the problem, it'll be them. I hope I was helpful. Good luck and safe surfing.

Hello again, scheduled scans are only available in the paid version of the software. It gives you that plus auto updates and realtime protection and costs about $25 for a lifetime license. If you see any signs of infections whatsoever, please consider following the other 2 links from my previous post.

AGREED! This is coming from a former McAfee user.

Hello again. If you can, try to run MBAM in normal mode, but if it won't, then go for safe mode (you may need to rename the setup file to get it to fully install). Once it's installed, go the C:\Program Files\Malwarebytes' Anti-Malware and rename the file "mbam.exe" to something random, like your name or your favorite color, anything as long as it's not mbam. Then double click the renamed file to run it and have it check for updates then try to do a quick scan and remove what's found. After that, follow the rest of the instructions I gave you previously regarding posting in our HijackThis forum that way an expert can guide you the rest of the way to getting your system cleaned up.

If the problem is reappearing, then yes you need to follow those instructions. An expert will help you remove the infection manually so that it doesn't come back.

Well, if it's an issue with freezing and ZoneAlarm or Bitdefender then it's somewhat intermittent. Some people have the problem, and some don't. I heard Bitdefender did a patch that fixed their incompatibility but the developers are still looking into the issue with ZoneAlarm. You can see what's going on with ZoneAlarm here: http://www.malwarebytes.org/forums/index.php?showtopic=8095 There was also a recent issue with widespread false positives identifying all processes as Vundo due to modified heuristic detections that was causing lockups, but that was fixed the same day it happened (about a week ago) so updating the definitions would fix that one. There aren't any other issues that I've heard of so far about it freezing but if you do purchase the licenses and have an issue the developers would be more than willing to investigate and with your help try to find a fix, or if you don't want to troubleshoot they would be perfectly willing to refund your purchase. They're really good about customer support around here.

Greetings and welcome to the forum. To get you fixed up please follow the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs in a new topic here: http://www.malwarebytes.org/forums/index.php?showforum=7 Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing.

Greetings and welcome to the forum. To get you fixed up please follow the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs in a new topic here: http://www.malwarebytes.org/forums/index.php?showforum=7 Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing.

Greetings and welcome. Your best bet would probably be to send a personal message to Rubber Ducky and ask him about it.

Unfortunately I don't know of anything at the moment, but maybe one of the mods does. I know that with SAS (SUPERAntiSpyware) you can use the bluescreen screensaver from Microsoft Sysinternals (it gets detected and the user gets warned because it is sometimes bundled with actual malware to convince users they're having bluescreens when they're not). I'm not sure if MBAM detects it, but it could be worth a try. I unfortunately can't test it because I'm running x64 and the realtime module for MBAM isn't yet compatible with it.

Greetings. Would it be possible to get a bit more info about the user's systems that are having the issue? First off, do they have ZoneAlarm installed? Second, what database version is loaded and are there any nofications (detections) popping up from MBAM?