mynorgeek

Is it advisable to disable protection when installing new software? Thank you.

No need to get stuck on the "once every hour" interval... that was just a personal wish of my own. I'm spoiled by avast!, which allows for auto-update intervals in minutes as selected by users.

Hello exile360. That's what I needed. Appreciate it.

I'm pretty sure that this has been suggested already, but I'll post anyway. Will the MBAM Protection Module ever allow users to schedule checking for updates at specified intervals? I would love to be able to have MBAM check every hour. As it now stands, auto-updates are once every 24 hours, which could be improved upon, especially since you guys release updates more frequently than once a day. Thank you

After using MBAM for free for a long time, I just purchased a license. Now I am trying to learn more about IP Protection... are there any notes on how it works? What is the difference between IP Protection and a Hosts file? Aren't they similar? Thanks!

I'll ditto what Sunshine said! I purchased a license today, just to say thanks. You folks have been helping me for free for long enough!

Scanned and confirmed.

The folder that is supposedly infected is named Media Index. As was pointed out a bit earlier, it is an empty folder. Rogue.SmartProtector is the name of the malware.

Malwarebytes' Anti-Malware 1.39 Database version: 2533 Windows 5.1.2600 Service Pack 3 7/30/2009 5:12:34 PM mbam-log-2009-07-30 (17-12-30).txt Scan type: Quick Scan Objects scanned: 94611 Time elapsed: 2 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index (Rogue.SmartProtector) -> No action taken. [3742513036276137806886787079858401667969015270858574797284613477770154847083846 13481817774686685748079013766856661467468838084807185614670697466014279697089] Files Infected: (No malicious items detected)

FWIW... Today for the first time I got the Error Code: 732 (0,0) when trying to update MBAM on two different computers. Since last running MBAM, the only thing that had changed on these computers was avast! had updated its detection database and I recycled the router. I followed the suggestion to uninstall and reinstall MBAM, and that has worked fine.

I hope that you consider making it a feature for non-corporate users as well, Marcin. A great many security products these days have the database and program updates separate. This provides the user/customer with greater options. Let's be honest, new program versions do at times have problems. The ability to decide for myself whether or not to install an upgrade right away is indeed a huge plus for me. In my time using your program, I have always experienced success. Nevertheless, I see others here in the forum who have not been so fortunate. It would be helpful for some of us to be able to choose whether or not we wish to jump into the fray, when we suspect that a new program version might cause trouble with our particular set up.

Thank you for the fast reply. That's what I thought. The concern, of course, is that the program update might be problematic, and some users would prefer to allow others to try the newest version first before doing so themselves. I tend to do that myself whenever that option is available, but I can't with MBAM. I wish they would consider making this possible, rather than tying the database updates to the version updates.

Is there a way for users to update the database without updating the program version? Thank you.

A quick post to say 1.37 installed fine. Thank you so much for the efficient upgrade.

Steps you can take involve blocking popups from that site. I run IE7 with pop-up blocker enabled, but I still got AntiVirus 360 pop ups from Windows Live Hotmail. At the time I did not realize that I merely needed to block those pop ups. I already was running the browser pop up blocker, so I assumed it was ineffective against the AV360 variety. Then I was perusing the settings under Tools|Pop-up Blocker and discovered mail.live.com listed under allowed sites. I removed that setting right away! So I recommend you check your browser pop up blocker or third party ad blocking software to see if you can prevent the Foxsports site from dishing up those funky AV360 ads.

Hi YoKenny1 and thanks for the helpful reminder about Task Manager. Truth is, I was just sort of playing with the pop ups, feeling relatively safe and secure with IE isolated behind GeSWall. Also, as noted in a thread I started on this topic about a week ago, I engaged my firewall's internet lock right away, so the malware couldn't download anything. By no means do I have either of my computers set up as test machines, but between the two precautions mentioned above and a recent Acronis disk image on hand, I felt comfortable enough to mess around a little bit in order to see what sort of creature I was dealing with. I appreciate the advice.

To the best of my knowledge, and as was pointed out to me yesterday by a member of MBAM staff, "the end user would still have to select to open a file via prompt window for any infection to import onto their machine". My experience with the pop ups was that "no means yes", wherein attempts to close out the dialogs by clicking cancel just opened another dialog. Ultimately the pop ups and phony scans resulted in a download dialog (as posted), and x'ing out of that did work. What I experienced was while on the Windows Live Hotmail page (something I keep open for extended periods of time while online), the page suddenly resolved into a browser window tabbed "My computer Online Scan". I've posted that screenie as well.

Glad to hear it is gone. I guess there are so many sites like that one that it is pointless to try to block them all. When I encounter one, however, I can't ignore it.

I tracked down the site that was launching AntiVirus 360 pop ups on my machine and I blocked it. I was getting them while on the Hotmail page. http: / /proantimalwareonlinescan.com/ Edit: link disabled by mynorgeek

Here --> http://www.malwarebytes.org/forums/index.p...ost&p=60012

Thanks a million for taking the time to look it over, and to suggest I run ComboFix. Glad it looks okay!

Here's the log. ComboFix rebooted my machine, which was unexpected (after having read the instructions, that is). The reboot restarted several of the resident programs I had shut down, such as the firewall, the AV, and BOClean. BOC jumped up to report ComboFix\HIDEC.exe as RSK-HIDE.SAA Variant. Hopefully the reboot and restart of those few resident security apps didn't phase the ComboFix process. Thank you for your assistance! <Log removed by OP>

OK will do. I'll be back.

Yes, WinXPHome, SP3, all current with Windows updates.

Thanks for the reply, Electrobrandino. Anyone else? Are the Antivirus 360 pop ups themselves evidence that I have this malware on my computer?