[Question about scan]

yeah I was just wondering and didn't want you to do that. Just curious how some scanners use <some method> to find that something bad is in a program without that program being discovered yet/in a database.

Also wondering if malwarebytes has taken advantage of such a method.

That's all, thanks for the timely reply!

pi`

[Scanning via a flash drive]

I run malwarebytes off my jumpdrive to help fix some friends' computer.

It doesn't always work, especially on vista. I usually just install it on the computer and tell them to use it instead.

[Question about scan]

I am curious how malwarebytes does it's detection, well for a few reasons.

I was messing with the koobface virus and I hex edited one byte of test; malwarebytes didn't find it as an infection anymore.

The other reason is because 3 programs on virscan.org found one of my programs to be a virus, and it's never been released on the net.

Is there any such scanning, looking through the program, not just the checksum/filename/etc ?

The text in the koobface virus is interesting, it includes words/phrases such as "Company Name"/ "Skype"

The hex edit I performed was changing Skype to Snype.

Have the file if you want it, don't run it unless you are testing/know what you are doing because it is the koobface/facebook virus.

setup.exe = original koobface

_setup.exe = 1 byte edited

Sorry for making so many posts on the forum as a new member, I just like learning things. Sorry to bother.

pi`

files.zip

[atapi.sys]

I already updated it before scanning the first time.

I de-quarantined, updated again, and it does not detect it now.

Thank you for helping!

[problem solved, lock topic or whatever]

[atapi.sys rootkit - can't start computer]

I have the same problem with the Atapi rootkits.

no cd of XP to use.

cant use my pc.

You can use your pc.

Have yourself on a different computer or a friend burn you a copy of bootable linux, then it's possible you can fix the problem or delete the nasty files, right?

[atapi.sys]

(we can't edit posts?)

I scanned the atapi.sys file on virscan.org and nothing said it was a virus.

(I just let malwarebytes remove the file for now, I'll un-quarantine it if it is something useful?)

Thanks for the help anybody.

[atapi.sys]

I read the topic about atapi.sys and I've never heard of such a file, but a full scan by malwarebytes found this.

I don't know what it is, and I don't have any problems with my machine.

Hex editing (a copy of) the file by one byte made the scan return no malware.

This was found on the partition of Windows XP Professional 32-bit

"C:\WINDOWS\$NtServicePackUninstall$\atapi.sys (Rootkit) -> Quarantined and deleted successfully."

[IOBit Steals Malwarebytes' Intellectual Property]

Posted bad review for McAfee Site Advisor!

http://www.siteadvisor.com/sites/iobit.com

(scythe 56)

[IOBit Steals Malwarebytes' Intellectual Property]

I have been peeping around these forums for a bit and finally made a forums account.

I will email all the sites but can't find a proper e-mail to contact download.com/cnet or brothersoft

Could someone post here and/or message me a list of e-mails who host IOBit software?

Thanks for the help and best wishes for the Malwarebytes team!