flamewalker

MBAM is not an Anti Virus, although it will catch many of them. I personally run it along side Norton Internet Security 2012. I know, Norton has a bad rap, but their latest products (2010 and later) really turned everything around for them as far as performance and catch rates and false positive rate. Any rate, there are a couple videos on Youtube showing off MBAM, catching every malicious URL thrown at it (granted a small subset of 25 most recent, nonetheless, still impressive). These are sites that typically can sneak past most antiviruses and IE. I highly recommend MBAM, as it can catch a lot of active infections better than most (if not all) others. I rarely use anything else in my job as a PC technician anymore, except for the bad ones that require use of the tools that one shouldn't run unless they know what they are doing! One other snippet I discovered today is that it is number 1 on CNET for anti malware programs

OK, I have a unique situation here... I have a Windows 7 Professional with XP Mode installed (for software compatibility reasons). The XP Mode has a really nasty rootkit of some sort, can't even run removal tools from safe mode. Unfortunately it's not like a normal machine, I can pull the hard drive and scan it from another computer. So, I am looking for ideas, other than backup files and delete and reinstall the VM. I suspect this may be the only viable option at this point, but willing to try anything. TIA. If anyone else runs into this issue, I used the Microsoft Security Sweeper @ http://connect.microsoft.com/systemsweeper. Downloaded the ISO and then set the virtual machine to load the ISO as a CD. Then I followed this page to get the VM to boot from the CD (ISO): http://www.sevenforums.com/tutorials/59908-windows-virtual-pc-boot-cd-virtual-machine.html. The VM must have 768MB RAM or more for the MSSS tool to run. Once it ran and removed everything, I was able to reboot, re-enable integration features, and reinstall and run MBAM. Hope this helps someone!

I have a customer's PC who has the regtool.com program loaded... and searching Google just came up with a bunch of sites promoting it, and 1 or 2 that say it is malicious. So, I searched here. I have found posts saying it is detected and removed by MBAM, and others saying it isn't because it is more of a 'snake oil' product...Well it isn't detected by the latest updates, so I don't know what the truth of the matter is :x It did update Adobe, Java, and other programs that were out of date, which I find useful since it is usually the older versions of software that gets exploited the most. It said it found and removed quite a few other "problems". As far as system performance? No change. (Not surprised either, as I have never seen a registry tool make Windows run better, ever... unless it was trying to load bad drivers or something). Since it isn't being detected, I assume MBAM considers it to be non-malicious? (Other than being a 'snake oil' product). And since it appears the customer may have paid for it, is there really any harm in leaving it? TIA

Yeah unfortunately another program had already purged the autorun file from the flash drive or I would have submitted it. I understand the battle. Was just surprised that it didn't detect something it detects during a scan, when it tried to run.

I got my flash drive infected with the following apparently: Files Infected: C:\WINDOWS\sysguard.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. Shouldn't malwarebytes protect against infected flash drives that get an auto-run file installed on it, if MBAM detects the file in the first place? Before you ask, yes malwarebytes was up to date and the protection module was enabled. Or was it possible that the file that installed this wasn't detected? Confused... Thanks

"It pays to pay" - me

1st, suggestion... For the updates, you could probably save some bandwidth if you were to implement a method of updates where you don't have to download the entire installer every time for the new version, just updated files... And second, I have questions as to what the MBAM real time protection actually does. What does it detect, and does it scan files/registry as they are edited/written? (I haven't actually experienced an attack with the real time protection on yet). What about the ever infamous IE exploits? What about an infected flash drive that tries to auto run a virus installer file? Thanks, flamewalker PC Technician

I concur. Definitely one of, if not the best. Misses some minor stuff (usually registry entries or other entries that by themselves can't harm), but is able to get some of the nastiest stuff out that the others cannot. I purchased the protection module, and am currently testing it, but so far so good.

The software is definately very good at what it does. Unfortunate that you have had trouble contacting them via email...I just bought the software today to test the background protection. Give them a chance to respond here IMO before you chargeback...

Have you tried safe mode with networking by chance? It actually sounds like there may be something else that mbam isn't detecting... have you run any other antispyware software out there?

Rest assured, this is indeed a legitimate program. If you had removed it from the Add/Remove control panel, it has always uninstalled fine for me. The worms it found, I can attest that they indeed are worms if it says they are. If you ran into problems running/removing the program, it is possible there are other malicious softwares on your computer that are still mucking about.

Once you get this fixed, get Firefox... I haven't tested MBAM paid version yet (going to very shortly), so I don't know if it will protect you from those, but every time I get those redirects on Firefox, I just close the window and open a new window and I am never (at least yet) infected. If the above recommendations don't help, one useful tool I found for a one-time run cleanup to help get some of the ickies out of the way (so other software such as MBAM can do their job) is called Dr Web CureIT from drweb.com. I have only recently discovered it, and it helped for one PC I was working on... so your results may vary. It will not protect you in the future, it is purely a scan only engine.

Is that what that is? I see those in my Gmail and techsupport email frequently... never opened or clicked on them though (fortunately ). I've been around the block so many times already that rarely does a new one trick me into opening/clicking

I had this same issue a while back... the file was over 500mb uncompressed... it was a hacked software partially downloaded on a customer pc I was working on. Rubber Ducky, have you had any time to fix that problem yet?

Do you mean overall or just with MBAM? The first time I found MBAM, there was several thousand, no joke. That PC was so horrendously destroyed by spyware, almost had to wipe and reload. Did have to do a repair install tho. Wish I had kept the logs/screenshot

I don't need further assistance, I am well versed in system cleanup (but this MBAM software is new to me, and so far I like), but thanks for the help. I do this on a day to day basis, and this is a customer PC, not mine. I suspect it may be a partial download from a Bittorrent or the like...I tried to "RAR" it (since they had winrar) but it only compressed 6%. EDIT: It actually zipped to 25MB: http://www.wizwire.com/test/Bots.zip Let me know when you have it so I can remove the file. Thanks for the help in figuring out what was causing it!

found it. In the heuristic/extras scan if finds c:\bots.partial ... at first i unchecked the 37 items it found but that and it crashed with error. When I rescanned (JUST doing the heuristics/extra - files registry etc unchecked), and unchecked just that, it removed the rest. C:\Bots.partial (Trojan.Agent) -> No action taken. I will see about submitting it as a sample. EDIT: Its a 430MB file... Guess MBAM can't handle a 430mb file eh? Still want me to submit it?

That is what I am doing... since FunWeb/MyWeb stuff seems to be a large chunk of it, I am removing those right now and then rescanning... will keep you updated.

Follow up: Ok I manually removed those and it did it on a different file this time... its like the files its quarantining are either too many or too big... PS - I did, and yes same issue with quick scan. I thought I said that earlier sorry. Edit 2: Would be nice if there was a way to feed a log file into the program and have it reprocess those entries than having to wait for it to scan again EDIT 3: Doesn't seem to matter what I unclick...but now its just exiting without any errors.

Same effect except this time the program shut off without an error.

Have to scan again because it crashes the program... will take a bit (~30-40 minutes)... will let you know.

Looks like it fails on this one (according to the status bar it was trying to remove this): C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd\WinSpywareProtect\SAVED (Rogue.Multiple) -> No action taken.

Attached is the logfile. mbam_log_7_10_2008__13_04_14_.txt mbam_log_7_10_2008__13_04_14_.txt

I will attempt to save a log next time i try to scan. Also, I am in safe mode because I was thinking it would be better since it was giving that error in regular mode too. EDIT: It will be at least 45 minutes before it finishes scanning again. Is there a way to skip the 'quarantine' function? Also, I did figure out the right click thing. I thought the problems it found were in the Windows folder but they weren't so that didn't help much lol...

PPS - I tried with 1.19 and 1.20 same result. It is a P4 with 512mb ram, running in safe mode so I doubt system memory is the issue.