lordpake

Hmm?? Only 1.29 required removal and reinstall, others have succesfully been installed w/o reboots over the previous installation. What comes to the latest version I believe only the users of the commercial version with background protection are required to reboot. All in all, I do think it's good to release improved versions, since they usually contain something relevant, such as the performance improvements in 1.29

Why not check the options and see that the right-click context-menu scanning is enabled? Then only scan the location(s) needed That way you can start the app in dev mode and quickly scan the suspect locations

Fixed. Either that or the file has changed http://www.virustotal.com/analisis/9308c90...d0257fb8731bdfd (0/36 detection)

Thx for the explanation. That actually makes sense, especially since when I re-installed I had Scotty running, just in case to notice any strange additions to autoruns for example, it did bark about said Runonce entry I just didn't manage to come up with that line of thought myself.

I do think this is a bit odd approach. I too got the updated version when I ran the updater, didn't even know about a possible need to do a clean re-install. So what I got was an application that took nearly twice the normal time to do a Quick Scan and that otherwise also acted sluggishly. After that I naturally browsed around here and found out about the suggestion to remove older version. Which I did, and after reboot I got the oddest error msg ever, "C:\Program Not Found" or something similar. After installing v1.29 from scratch I seem to be back to normal. It seems odd to me that the buil-in updater can and will push newer versions to users when suggested approach is to remove older version first.

2 weeks has passed. False positive detection involving mbam-dor.exe remains. They obviously place high priority on fixing false positives Lucky for us MBAM users Clam-derivates enjoy such widespread usage in the Windows world

Just a thought. Those apps you mentioned no doubt use a SYSTEM service that runs all the time in background and that actually does the works, with elevated SYSTEM privileges. At least the free version of MBAM does not have any resident SYSTEM service.

@Jean: I think you are ignoring the human element here It's about perception. We are used to seeing our software downloading stuff, usually quite slowly even. Now when you suddenly have an app that updates so fast you don't even know what hit you, it's no surprise some may have the passing thought that questions did anything really update at all? I know I did think about that.

@futons1: see also this topic http://www.malwarebytes.org/forums/index.php?showtopic=6688 You aren't the only one surprised by the fast updates recently

That site has also been recently reported in CastleCops Web Malware Links subforum.. http://www.castlecops.com/p1113527-webcams_obxhost_net.html

Got a reply from Fortinet. They have removed the detection. And running the file throug VT confirms this http://www.virustotal.com/analisis/a551202...b6899e29f49b527

I reported that one to them (or so I hope).

I second the observations of Hank52. Especially when update is done from malwarebytes.org it has often seemed almost instantaneous.

I was trying to be sarcastic

Discussed already: http://www.malwarebytes.org/forums/index.php?showtopic=6676 http://www.malwarebytes.org/forums/index.php?showtopic=6608 It's a false positive Surprisingly they haven't fixed it yet ...

Correction, not many. McAfee detection is clearly generic detection (Generic.dx), meaning something in the file resembles something malware uses. Then we have ClamAV, which seems to detect it as some sort of joke program?? They have not responded so far and have not removed the f/p from detections yet. And we have SecureWeb-Gateway detecting it as "Win32.NewMalware.PA!61440!2" which frankly sounds heuristic detection to me. Heuristic meaning the app guesses this might be malware. This would mean "detection" by 3 out 35+ mainstream AVs. Just verified this by running the file through VirusTotal and VirSCAN.

Will do I have no idea have fast (or slow) those guys are correcting f/p's ...

You do know Kaspersky provides a removal tool in case their product is not properly removed via conventional methods?

1226 from 10/1/2008 is latest I got. Try updating again.

It's a false positive from ClamAV signature database (which ClamWin uses). Already reported here http://www.malwarebytes.org/forums/index.php?showtopic=6608

Seems there's f/p in ClamAV database regarding certain file belonging to MBAM. (At least) I have reported this to them.

Didn't ZoneAlarm license their AV from Kaspersky? If I remember correctly the version 6 engine to be exact. Unless they have of course changed to another vendor.

Good, interesting question.

This may be a more techie thing, but if you know even little about coding websites, you can take a peek at the site itself, w/o actually opening it in browser. Malzilla is one nice tool that let's you check out pages, and see where they link, and if they have obfuscated javascript present. Obfuscated script is always sign of danger. Everyone needs some rest and relaxation every now and then. Don't work too hard, you are of no use to anyone (especially to yourself) if you exhaust yourself