mynorgeek

Plus I see a 20% discount coupon there. Question... I suppose it is advisable to uninstall v1.46 first before installing v1.50, or are the devs saying over-the-top installations are okay?

Homey don't play that.

I can't wait to install this new build when it is ready for public release. I am almost tempted to say the heck with it and install the beta... it seems as though it is a very stable release. So, for those of us who are anxiously waiting, are you about a week away from final release? Maybe the 1st of December?

When v1.50 goes public, I intend to purchase another license, just to show support. Thumbs up to MBAM!

It's been almost 3 months since the announcement. I know I signed up but no newsletter as of yet... (unless I missed it!). Anyone else receive one?

Okay, if you don't need anything else from me I'm gonna log off. Good luck.

Your steps worked fine on my second computer. This time, upon relaunch of MBAM, it saw the missing database and asked if I would like to download a new copy. YES. It went from 0 to 4819. The issue appears to have been resolved at this time, at least for me, as I did not quarantine anything. Bruce, did the attached zip file help shed any light on this situation? Thank you for your very prompt assistance with this. Great support.

I'll try your instructions on the other computer now and report back...

Okay, it worked. FYI, upon relaunch, MBAM did not see the missing database and download the latest version, as you indicated it would. So I tried to update manually and it said I had the most current (v4818). I enabled protection & told it to load on startup & rebooted. So far, all seems fine. I haven't done this on the other machine yet, (I have to tear myself away from these computers) but I anticipate the same results. I feel fortunate that I did not quarantine anything... I chose either Ignore or Disable Protection. Experience has taught me that much.

I'm following these steps now and will report back...

XP,SP3 (just installed the most recent MS High Priority Updates too... prior to this issue). Yes, I have avast v5.0.677 Free installed. Here is a zipped copy of the first file that MBAM detected as malicious... setupapi.dll setupapi.zip

I came home and found both of my computers locked up from one hour ago with a MBAM alert dialog on the desktop saying... "MBAM detected a malicious process attempting to start and has blocked the execution attempt." The malicious file was C:WINDOWS\system32\setupapi.dll. My other computer was similarly locked with C:\Program Files\PuranDefrag\PuranADT.exe. Both of these are trusted files. I had to reboot and on startup I got one MBAM alert after another on both machines... ntmarta.dll clbrafq.dll mbamgui.exe ipfltdrv.sys Avastui.exe knetcfg.dll etc. etc. before I finally disabled protection. When I try to start the scanner I get this message: "MBAM_ERROR_LOAD_DATABASE (0,5)" When I try to update, it says I have the most recent database version. Yikes!

It was my pleasure.

My apologies if this has been covered here. My attempt to search for an answer resulted in an IPS Driver Error. My question is this... is it normal for the tooltip balloon that shows after a successful update to not go away on its own? I have to click on it to make it disappear. I know that I can choose the option to not show it in the first place, but ideally, the balloon pops up after a successful update, then goes away in 10 seconds or so. That is how the blocked malicious website tooltip balloon functions for me. It appears for about 10 seconds, then goes away on its own. Can that be done with the successful update tooltip balloon?

Perfect! That's what I needed. Thank you. Btw, where does one find that info, for future reference?

Sorry for my ignorance. Can someone tell me how to add blocked IP addresses to the Ignore List? Thanks so much.

I noticed this morning when I tried to manually update SpywareBlaster that MBAM's website blocking stops access to updates via the program updater. It called 173.244.198.143 a malicious website.

Database version: 4018 is still detecting it.

It's back. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 4017 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/21/2010 2:20:34 PM mbam-log-2010-04-21 (14-20-34).txt Scan type: Quick scan Objects scanned: 112834 Time elapsed: 3 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\sed.exe (Trojan.Agent.Gen) -> No action taken. [C0B5751AFE809D7ED1963CD22CB2A648] sed.zip

Okay, 4011 fixed it.

Database version 4010 says it is the latest, and it is still detecting sed.exe as a trojan.

Jotti and VirusTotal both say clean, as well as avast! and HitmanPro. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 4009 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/19/2010 3:49:04 PM mbam-log-2010-04-19 (15-49-04).txt Scan type: Quick scan Objects scanned: 112192 Time elapsed: 3 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\sed.exe (Trojan.Agent) -> No action taken. [8E47C0B6CD76D382D2FDBD0E761828C9] sed.zip

All better here. Thanks!

Here is the dev log. Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3934 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 3/30/2010 12:28:23 PM mbam-log-2010-03-30 (12-28-23).txt Scan type: Quick scan Objects scanned: 109863 Time elapsed: 3 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1} (Trojan.Agent) -> No action taken. [2819A87556568AA701D577E39E2652B4] Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

It's possible that this suggestion/request has already been made, and if so, I apologize. I did look back and kind of skim the thread and didn't see a similar suggestion. As I posted here, I think it would be a very good idea (less annoying even) if MBAM Pro did not show the same bubble for the same IP blocking multiple times. The log below shows 18 entries over a span of about 3 minutes. I don't know for sure how many bubbles actually popped up during that time frame, but I'm going to guess it was 6. Each one was closed by me clicking on the X. 12:22:02 user IP-BLOCK 208.94.233.132 12:22:05 user IP-BLOCK 208.94.233.132 12:22:11 user IP-BLOCK 208.94.233.132 12:22:23 user IP-BLOCK 208.94.233.132 12:22:26 user IP-BLOCK 208.94.233.132 12:22:31 user IP-BLOCK 208.94.233.132 12:22:32 user IP-BLOCK 208.94.233.132 12:22:34 user IP-BLOCK 208.94.233.132 12:22:40 user IP-BLOCK 208.94.233.132 12:22:52 user IP-BLOCK 208.94.233.132 12:22:55 user IP-BLOCK 208.94.233.132 12:23:01 user IP-BLOCK 208.94.233.132 12:24:40 user IP-BLOCK 208.94.233.132 12:24:43 user IP-BLOCK 208.94.233.132 12:24:49 user IP-BLOCK 208.94.233.132 12:25:01 user IP-BLOCK 208.94.233.132 12:25:04 user IP-BLOCK 208.94.233.132 12:25:10 user IP-BLOCK 208.94.233.132 Here is another partial log spanning 31 seconds with a half dozen entries. I know for sure that 2 bubbles popped up for this sequence. 21:50:15 user IP-BLOCK 208.94.233.132 21:50:18 user IP-BLOCK 208.94.233.132 21:50:24 user IP-BLOCK 208.94.233.132 21:50:36 user IP-BLOCK 208.94.233.132 21:50:40 user IP-BLOCK 208.94.233.132 21:50:46 user IP-BLOCK 208.94.233.132 It would be nice if the bubble stayed closed after being clicked, unless it is the intent of the programmers to show us users that the malicious IP address is making repeated access attempts. I am not talking about disabling the IP blocking. I'm not talking about false positives. And I am not talking about hiding the bubbles, i.e implementing silent blocking. I'd just like to see fewer bubbles when MBAM Pro does its thing. Thanks for your consideration. This program and this team of people working on this program are quite impressive and I'm glad to have the program onboard!