Jump to content

NoelC

Members
  • Content Count

    40
  • Joined

  • Last visited

Community Reputation

0 Neutral

About NoelC

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. And of course there are several different kinds of update checks (definitions, program updates). None of which should require a temporary disappearing executable that attempts its own DNS resolution. Something I hadn't recalled before... The protocol was TCP, not UDP. -Noel
  2. For what it's worth, whatever ig.exe may be being created during a scan, it's not normally reaching out to the net. I just detected the activity the one time only so far, and I did not enable it to do so again. This is a time when cloud-integration also brings a responsibility to be aware of what your software is doing, AND that you're doing so only with the customer's blessing. I'm just here to make sure the Malwarebytes authors continue to understand that. -Noel
  3. > A good portion of protection and scans is cloud based. I appreciate your trying to be helpful, but please understand that I already know that. We're kind of working at two different levels here. There is a difference between Malwarebytes contacting the Internet through known pathways to known servers and what I observed. I have rules set up to allow some names to be resolved normally (e.g., keystone.mwbsys.com, sirius.mwbsys.com, cdn.mwbsys.com) specifically to support Malwarebytes. It's this business of "I didn't get the DNS resolution I liked so let me try to sneak a n
  4. Uh, no. I absolutely don't want Malwarebytes contacting DNS servers on its own. I have my own DNS servers that block sites I don't want contacted, and here I see Malwarebytes trying to do an end-run and contact 8.8.8.8 port 53 all by itself. Wrong! Again I say: Malwarebytes, stop acting like the very malware you're here to block. If this cannot be accomplished, then it will be just another package that doesn't get to run here. -Noel
  5. Hello, When closing the MalwareBytes service after running a scan with your FREE edition, my (uncommon) firewall setup just caught (and blocked) the executable c:\users\noelc\appdata\locallow\ig.exe trying to resolve names using UDP to the Google DNS server (8.8.8.8 port 53). When I went to look at the ig.exe file, it was gone! That’s a very malware-like activity pattern, and it had me a little worried. Now, maybe you Malwarebytes folks are in such good understanding of the malware you typically find or block that you feel using malware techniques to help protect their own soft
  6. No edit capability here? Correction for my post above: * I'm a vanishing breed of user who wants complete control over what his computer does. -Noel
  7. Hi Folks, I have a desktop workstation, optimized for serious computing. From time to time I want to run a simple scan, without having to run ANY Malwarebytes code (no services, no nothing) for all the rest of the day. I don't need active protection. I don't want background auto-update. I want 100.0% of my system resources maximized for my use for what I have the computer for. Then, occasionally when I have a free moment, I want to easily be able to invoke a Malwarebytes scan - which for many years now has just said "no infections", and then just be done. No, I don't wan
  8. I've been looking at the following page to know whether there have been updates. It seems like it's been quite a while since I've seen an update... https://www.malwarebytes.com/support/releasehistory/#malwarebytes-premium Two questions: 1. Is the above the right place to look to determine whether a new version has been updated. 2. Is 3.5.1.2522 the actual latest release? Thanks! -Noel
  9. Thanks, Devin. Let me know if there's anything more I can do. Oh, and could you please verify that the version of the dll (3.0.0.26) that I restored from my backup is the one that's supposed to go with the latest MWB package (3.5.1.2522)? -Noel
  10. Also bear in mind I didn't retain the updates; the system has been reverted back to the December patch level. -Noel
  11. I seem to have accumulated a lot of stuff in there. Bear in mind this was not a Windows in-place upgrade. I brought a Win 8.1 x64 Pro MCE system up to date from December patch level to June patch level. Any particular folder you'd like me to send you from this set? C:\TEMP>dir C:\Windows\Panther /s Volume in drive C is C - NoelC4 SSD Volume Serial Number is 00ED-C11E Directory of C:\Windows\Panther 11/13/2013 01:05 PM <DIR> . 11/13/2013 01:05 PM <DIR> .. 11/13/2013 12:07 PM 42,475 cbs.log 11/13/2013 12:08 PM
  12. I can't offer any other reason a Windows Update should remove the above mentioned file, but MRT didn't log the deletion. That being said, it's certain that the Windows Update process is what caused it. It's not the first time I've seen it happen during a Windows Update (I compare my AutoRuns output every time I run a Windows Update). This is the pertinent section of the MRT log. --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.61, June 2018 (build 5.61.14929.3) Started On Fri Jun 15 07:14:11
  13. I have before and after listings from the following SysInternals AutoRuns command: autorunsc64 -a * The one just before the application of cumulative Windows 8.1 updates on June 15 at 7am showed this: MBAMShlExt HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} Malwarebytes Malwarebytes 3.0.0.26 c:\program files\malwarebytes\anti-malware\mbshlext.dll 1/25/2017 5:37 PM The one just after the update showed this: MBAMShlExt HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} File not found: C:\Program Files\M
  14. My take on this problem: mbshlext.dll is being deleted during Windows Updates by the Microsoft MRT. I have evidence of this. Of course a MalwareBytes reinstall brings it back, but it shouldn't be deleted in the first place. -Noel
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.