dvk01

now I am even more confused Where do users download the trial version from instead of the paid for one Normally users use the free version to remove the malware & then when that has been successful then use the buy link from inside the program. In my case I had a copy from regnow on the website with regnow affiliate links inside it I can't see any trial versions on the cleverbridge site & if I use their link it just send victoim to pay page & no free download Using download .com, etc doesn't have my affiliate ID inside the program so how do we do this now

Thanks Marcin I was expecting it to be like the standard affiliate scheme where it is all computerised & no human interaction

how long does it normally take to get a confirmation email from them

just signed up so I am waiting for the conformation email so I can change the affiliate links from regnow to cleverbridge I wondered why I hadn't had any sales recently

I am still working on them, it is the download system taht regnow use that they detect NOT mbam

dr Web should have fixed it in todays update. I have just heard from my contact there

I have spoken to my kaspersky contact and he is working on it he is travelling at the moment & giving talks & lecture but has promised to pass it on & keep an eye on it top make sure it will get done for dr web I have also asked one of my contacts there to see if he can sort it out

I am speaking to Kaspersky about it but my contact is away at the moment but he will deal when he comes back he fixed it last time but another submission must have been done & a more junior one must have not seen it properly I will see if he can do a permanent whitelisting for it

I will sort Kaspersky tomorrow morning UK time

I have emailed Kaspersky again today as it is still detecting it detected: riskware not-a-virus:Downloader.Win32.WinFixer.fs File: C:\Documents and Settings\Derek Knight\Desktop\mbam\Download_mbam-setup.exe If no response I will speak direct to someone high up who has the power to deal with the problem seems to be with regnow using a stupid download system & not downloading the file itself but the detection is for the regnow downloader for the download

vista version from my computer attached rundll32.zip rundll32.zip

does MBAM work on Vista 64 bit versions I can't see on the documentation anything to say it does, but also can't see nay that says it doesn't but as most AVs don't I wonder about mbam

looks like a big mistake here http://forums.techguy.org/malware-removal-...tml#post5758049 it appears from the log that MBAM deleted rundll32.exe did it

fixed in Kaspersky now I haven't heard from the others who did detect it but as they all seem to follow or use KAV detections in some way they should hopefully soon fix it

it isn't the packer they are detecting or worried about this time but th actual downloader Regnow don't put an actual download on the site BUT when you follow an affiliate link you get a small downloader which acts as a download manager and the downloader downloads the actual file I can see why they do it as it makes it easier for them to track and for the developer to upload new versions more easily The downloader contains the affiliate code which on contacting the main file injects the affiliate code into the actual program that is downloaded I can see why the antivirus companies consider it a risk as it would not be difficult to alter the downloader to inject malicious code

I have just heard back from KAV and after a bit of a s=discussion with one analyst I have bypassed & gone to a higher level who is getting it fixed

Heads up warning There has been a FP in the regnow downloader for MBAM & most probably all regnow sold products via affiliate links I have been in touch with the AV companies to get it fixed & expect a speedy resolution, but watch out for a few complaints for the next couple of hours It isn't the actual MBAM file but in the system that regnow use where they download a download manager first and it is the download manager that is the problem ---[ www.virustotal.com ]--------------------------- File Download_mbam-setup.exe received on 03.14.2008 09:15:31 (CET) Antivirus Version Last Update Result AhnLab-V3 2008.3.14.0 2008.03.14 no virus found AntiVir 7.6.0.73 2008.03.13 no virus found Authentium 4.93.8 2008.03.13 no virus found Avast 4.7.1098.0 2008.03.13 no virus found AVG 7.5.0.516 2008.03.13 no virus found BitDefender 7.2 2008.03.14 no virus found CAT-QuickHeal 9.50 2008.03.13 Downloader.Keylogger.a (Not a Virus) ClamAV 0.92.1 2008.03.14 no virus found DrWeb 4.44.0.09170 2008.03.14 no virus found eSafe 7.0.15.0 2008.03.09 no virus found eTrust-Vet 31.3.5614 2008.03.14 no virus found Ewido 4.0 2008.03.13 no virus found FileAdvisor 1 2008.03.14 no virus found Fortinet 3.14.0.0 2008.03.14 Download/Keylogger F-Prot 4.4.2.54 2008.03.13 no virus found F-Secure 6.70.13260.0 2008.03.14 no virus found Ikarus T3.1.1.20 2008.03.14 no virus found Kaspersky 7.0.0.125 2008.03.14 not-a-virus:Downloader.Win32.Keylogger.a McAfee 5251 2008.03.13 no virus found Microsoft 1.3301 2008.03.13 no virus found NOD32v2 2946 2008.03.14 no virus found Norman 5.80.02 2008.03.13 no virus found Panda 9.0.0.4 2008.03.13 no virus found Prevx1 V2 2008.03.14 no virus found Rising 20.35.40.00 2008.03.14 no virus found Sophos 4.27.0 2008.03.14 no virus found Sunbelt 3.0.963.0 2008.03.14 no virus found Symantec 10 2008.03.14 no virus found TheHacker 6.2.92.245 2008.03.14 no virus found VBA32 3.12.6.2 2008.03.13 Downloader.Win32.Keylogger.a VirusBuster 4.3.26:9 2008.03.13 no virus found Webwasher-Gateway 6.6.2 2008.03.13 no virus found Additional information File size: 128368 bytes MD5: 4971a5730dc3fb83d66935578f0cd388 SHA1: 69c1143c716a2261dbb6fe5411d6f1b03ae61fee PEiD: Armadillo v1.71

the old one doesn't do a lot but the new one even though bright & attractive looks too pac man ish & gives the wrong impression I don't think an animals head fits right either but it does need something but I don't know what

good idea in theory but in practice very difficult the rogues change from day to day & what was a "good" rogue ( one you believe the advertising but the product is as useful as a chocolate fireguard) can overnight change & be advertised by or installed by spam , trojans , exploits or other malicious means

where are the pretty banners I can't find them on regnow & I use text link in side the instructions on spykiller which seems to work well