lordpake
-
Posts
210 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by lordpake
-
-
I just didn't want to subject myself/system to another redundant several-hour-long scan
Why not check the options and see that the right-click context-menu scanning is enabled? Then only scan the location(s) needed
That way you can start the app in dev mode and quickly scan the suspect locations -
Fixed. Either that or the file has changed
http://www.virustotal.com/analisis/9308c90...d0257fb8731bdfd (0/36 detection)
-
-
Regarding that error message, immediately after installation of version 1.29, it adds a Runonce entry in the registry for "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent, but when you removed MBAM 1.29 before rebooting, and then rebooted, the program was no longer in the folder but the reg key remained.
Thx for the explanation. That actually makes sense, especially since when I re-installed I had Scotty running, just in case to notice any strange additions to autoruns for example, it did bark about said Runonce entry
I just didn't manage to come up with that line of thought myself. -
If they want us to uninstall and re-install, it should be noted before we do the update. Then after we uninstall, we re-install from the download page. Does anyone think that we should install the update, uninstall, and then reinstall?
I do think this is a bit odd approach. I too got the updated version when I ran the updater, didn't even know about a possible need to do a clean re-install.
So what I got was an application that took nearly twice the normal time to do a Quick Scan and that otherwise also acted sluggishly.
After that I naturally browsed around here and found out about the suggestion to remove older version. Which I did, and after reboot I got the oddest error msg ever, "C:\Program Not Found" or something similar.
After installing v1.29 from scratch I seem to be back to normal.
It seems odd to me that the buil-in updater can and will push newer versions to users when suggested approach is to remove older version first.
-
ClamAV update process started at Thu Oct 16 12:40:03 2008
main.cld is up to date (version: 48, sigs: 399264, f-level: 35, builder: sven)
daily.cld is up to date (version: 8433, sigs: 48055, f-level: 35, builder: guitar)
2 weeks has passed. False positive detection involving mbam-dor.exe remains.
They obviously place high priority on fixing false positives
Lucky for us MBAM users Clam-derivates enjoy such widespread usage in the Windows world -
Well, I'm pretty sure AVG antivirus updates fine from my user, steam can update and install games on my user...
Just a thought. Those apps you mentioned no doubt use a SYSTEM service that runs all the time in background and that actually does the works, with elevated SYSTEM privileges.
At least the free version of MBAM does not have any resident SYSTEM service.
-
@Jean: I think you are ignoring the human element here
It's about perception. We are used to seeing our software downloading stuff, usually quite slowly even. Now when you suddenly have an app that updates so fast you don't even know what hit you, it's no surprise some may have the passing thought that questions did anything really update at all? I know I did think about that. -
@futons1: see also this topic http://www.malwarebytes.org/forums/index.php?showtopic=6688
You aren't the only one surprised by the fast updates recently
-
That site has also been recently reported in CastleCops Web Malware Links subforum..
-
Got a reply from Fortinet. They have removed the detection. And running the file throug VT confirms this
http://www.virustotal.com/analisis/a551202...b6899e29f49b527 -
Fortinet is now detecting this file as a PossibleThreat
I reported that one to them (or so I hope).
-
I second the observations of Hank52.
Especially when update is done from malwarebytes.org it has often seemed almost instantaneous.
-
What do you mean surprisingly? When does McAfee ever fix problems with their software?
I was trying to be sarcastic
-
Discussed already:
http://www.malwarebytes.org/forums/index.php?showtopic=6676
http://www.malwarebytes.org/forums/index.php?showtopic=6608
It's a false positive
Surprisingly they haven't fixed it yet ... -
why is that file recognized by so many antiviruses?
Correction, not many.
McAfee detection is clearly generic detection (Generic.dx), meaning something in the file resembles something malware uses.
Then we have ClamAV, which seems to detect it as some sort of joke program?? They have not responded so far and have not removed the f/p from detections yet.
And we have SecureWeb-Gateway detecting it as "Win32.NewMalware.PA!61440!2" which frankly sounds heuristic detection to me. Heuristic meaning the app guesses this might be malware.
This would mean "detection" by 3 out 35+ mainstream AVs. Just verified this by running the file through VirusTotal and VirSCAN.
-
Will do
I have no idea have fast (or slow) those guys are correcting f/p's ... -
As I did not want to continue using Kaspersky I tried to un-install it then install Avast! but no matter what I tried I could not so I tried using System Restore to go back before it was installed but that failed also.
You do know Kaspersky provides a removal tool in case their product is not properly removed via conventional methods?
-
hello everybody, I noted that the last update of MBM is 29 september, version 1225, is something wrong? usually every day I get new update.
1226 from 10/1/2008 is latest I got. Try updating again.
-
It's a false positive from ClamAV signature database (which ClamWin uses).
Already reported here http://www.malwarebytes.org/forums/index.php?showtopic=6608
-
Seems there's f/p in ClamAV database regarding certain file belonging to MBAM.
C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe: Joke.FakeInfect FOUND(At least) I have reported this to them.
-
ZoneAlarm AV is not the best by a long shot.
Didn't ZoneAlarm license their AV from Kaspersky? If I remember correctly the version 6 engine to be exact. Unless they have of course changed to another vendor.
-
Good, interesting question.
-
Is there any way that I - as a non-techie guy - can determine if a site actually contains malicious code, as you call it?
I'll be happy to explore on my own and send samples to you. Just tell me how to find/recognise it!
This may be a more techie thing, but if you know even little about coding websites, you can take a peek at the site itself, w/o actually opening it in browser. Malzilla is one nice tool that let's you check out pages, and see where they link, and if they have obfuscated javascript present. Obfuscated script is always sign of danger.
I work 7 days a week at least 10 hours a day
. In the end though it will be worth the sacrifice .Everyone needs some rest and relaxation every now and then. Don't work too hard, you are of no use to anyone (especially to yourself) if you exhaust yourself
That way you can start the app in dev mode and quickly scan the suspect locations
Lucky for us MBAM users Clam-derivates enjoy such widespread usage in the Windows world
. In the end though it will be worth the sacrifice .
Plese stop updating every 2-4 weeks!!!
in Malwarebytes for Windows Support Forum
Posted
Hmm??
Only 1.29 required removal and reinstall, others have succesfully been installed w/o reboots over the previous installation. What comes to the latest version I believe only the users of the commercial version with background protection are required to reboot.
All in all, I do think it's good to release improved versions, since they usually contain something relevant, such as the performance improvements in 1.29