EliteKiller

Why are using a 5 year old engine? Norton was extremely bloated from 2004-2006 and does not have a capability to deal with recent malware even though you may have up-to-date signatures. If you have a current subscription you can update to 2010 for free. On a lighter note, I just reinstalled MBAM 1.45 on my Win7 Ult x64 workstation that is running NIS2010 (v17.5) & Prevx paid (v3.0.5.106). MBAM updated successfully without me having to add exclusions. I have not activated real-time protection since it causes conflicts with the Win7 backup/image feature.

Out of the three products that you list Avira has a history of offering the highest detection rates. FP's really aren't an issue even when the heuristics are set to high. However I have found that it's lacking in the removal dept. You can easily block the update nag screen by searching Google. Please keep in mind that in the end all of the responses are based on opinion. The best is what performs best on your system. Read some credible antivirus reviews/comparatives, use the forum search, and drop one on your pc to see how it works out.

Right-click the Norton tray icon and disable protection.

Is there any chance for a public explanation about the technician license or is this a private matter?

Glad you got it fixed. It sounds like you were infected with a TDL3 rootkit. If you still have the infected atapi.sys you should send it to the MBAM research team.

Nothing is 100% on any given day. Losing faith in a product such as MBAM over some missed sample(s) is acting in haste. Instead you should look at the number of times it has saved you. Zip those samples up and send to the research team. F-Secure focuses on viruses where MBAM focuses on other malware. Everyone would benefit if you could post the F-Secure scan log. For all we know it only found some cookies.

Many thanks to MBAM Staff for all of their efforts. This is one of the many reasons that MBAM continues to flourish.

RubbeR DuckY, what I posted is what was relayed to me a while back when the tech license was first made available. Would you be so kind as to clarify as to what I posted was incorrect so that we can all benefit from this new information.

AFAIK there is no special version to download or 'tech' license key that is input into the program. You simply use the latest 'public' (aka free) release on your clients computers as you are servicing them. You are basically paying for goodwill use of the program in a commercial environment.

I doing the backup/image creation to an internal WD Black 1TB. Since MBAM has been uninstalled for a few days I have experienced zero issues. I will reinstall MBAM and disable the real-time protection once I return to that computer on Wed. to see what happens.

I use CCleaner to remove them. If you install with the default options on your user account then you can log on to each user account (in this case your wife's), right-click the recycle bin, run CCleaner.

If you are already running another A/Virus it is not a good idea to run a second A/Virus program - FWIW HitmanPro is not an antivirus. It is a Second Opinion on-demand malware scanner that incorporates several cloud-based scanners, some of which happen to be anti-viruses.

Good observation. I was fixing to ask MBAM staff the same thing.

I'm running Win 7 Ult x64 w/ NIS2010. Two days ago MBAM (paid) was installed and excluded in NIS. I have a daily backup w/ image scheduled @ 4am (to an internal 1TB hard drive) using the built-in Windows backup utility. Ever since MBAM was installed the computer eventually becomes unresponsive once the backup has started. As an example I'll click the start button or try to pull Firefox up from the taskbar and they will appear on the screen. However Task Manager will not open up. A few seconds later you can continue to move the mouse but can no longer click on anything. After waiting several minutes the system is still not responding, so the only option is to press the reset button on the tower. What I have noticed in the even log (system) is that MBAM appears to be interfering with the Volume Shadow Copy service. Event ID: 7009 A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect. Event ID: 7000 The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Event ID: 10005 DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F} There are no more events generated until the pc is restarted. If I disable real-time or uninstall MBAM the problem goes away. ** added reference to backing up to an internal hard drive

I also recently started receiving the FP on install.exe http://www.virustotal.com/analisis/08966ce...1da2-1253182365 Malwarebytes' Anti-Malware 1.41 Database version: 2815 Windows 5.1.2600 Service Pack 3 9/17/2009 9:34:04 AM mbam-log-2009-09-17 (09-34-00).txt Scan type: Quick Scan Objects scanned: 115109 Time elapsed: 3 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Agent) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\install.exe (Trojan.Agent) -> No action taken.

Sorry, I totally missed the link to the log.

Was your pc connected to the internet? Are you behind a firewall or router? They could be false positives (FP's) so we'll need you to post the scan log(s) to confirm or deny.

Post the logs since it may be detecting FP's. Is your desktop a Mac as well? Under 'Other Devices' I see SMBus Controller which indicates that you need to install the appropriate chipset drivers. Afterwards you should be able to install the NIC drivers. FWIW I've run MBAM on hundreds of PC's (zero Mac's) and never had it uninstall drivers or cause resource conflicts.

FWIW I have an empty USB flash drive hooked up, and a quick and/or full scan on that drive completes w/out an error.

Just a thought, but it sounds like MBAM is triggering HP printer/scanner software. HP software is notorious for bloat and becoming corrupted (photogallery aka image zone errors).

Don't kid yourself. The fact of the matter is that no AV is 100%. I've got SAV 10.1 Corp deployed at the office, as well as other client locations, and it fails to detect a lot of nasty malware. One of the guys at my office managed to infect a pc with Antivirus XP 2008 a few weeks ago.

That's your opinion. It's also worth mentioning that bleepingcomputer.com is one of the reputable sites that suggests certain tools for specific infections. http://www.bleepingcomputer.com/forums/forum55.html You'll find a lot of threads suggesting Smitfraudfix only. Some of the newer threads suggest MBAM due to its versatility. No problem. In any event the advice I offered is accurate and helpful to the topic of discussion. nosirrah didn't appear to have a problem, or at least he didn't make it public. http://www.malwarebytes.org/forums/index.php?showtopic=7194

IMO you're making things more complex than they really are. MBAM is an anti-spyware/adware/trojan. The term malware covers the aforementioned plus worms, poly's, rootkits, keyloggers, etc. Having MBAM paid w/ real-time active, a real-time AV such as Avira, AVG, NOD32, etc., a hardware firewall (router), and possibly a light HIPS or behavior blocker such as Threatfire is a robust layered defense. Even with such a fine arsenal of tools it's still not 100% effective.

My initial reply was to the OP of this thread who claimed that he's already tried running various tools to clean up an infected pc. Majorgeeks.com recommends Combofix in their 'Read and run me first' before they will even assist you. I've been cleaning systems since malware became an epidemic (~6 yrs. ago) and used Combofix on close to 1000 or more pc's during that time. TTBOMK the number of times Combofix has hosed a pc to where I have to perform a repair install is <10 which is close to their estimate. IMO it's no different than people posting that MBAM has hosed their pc after a scan & reboot. It happens with other anti-malware software as well.

Technically you use all anti-malware tools at your own risk. Both Combofix and SDFix (not as often) are typically recommend as "run this first" tools, and they generate logs in case an expert wants to review them. Most experts know by now that HJT logs don't tell the whole story. In any event I'm sure the MBHJT forum is more appropriate for the OP in case he still needs assistance cleaning up his infections.