Raid

Which is still our policy. Rumours aside. No truth to it. Keep the free version installed and updated! We would prefer you surf safely!

Hi Guys. Would you mind submitting those files here uploads.malwarebytes.org and I'll be able to confirm whether or not these are false positives.

Hello All. Sorry about this, our hueristics are hitting on a combination of things Trojan.Agent is known to take advantage of. Please select to ignore the file for the time being.

Please update your database. I believe this has been cleared up.

Hello. The bad definition should be removed now. Please update your copy of MBAM and let me know if you continue to have an issue with spyware blaster installation.

It could have been installed via a drive by download, especially if you surf with IE and/or have older versions of Java, Adobe products, etc etc etc. If you play on limewire and download mp3s or videos, it's possible while you were watching the video/listening to the music, a browser opened in the background and downloaded something. At this point, there are several vector points to infect a machine with this garbage. The program is actually a Rogue. it pretends to find problems with your computer, and offers to cure them IF you fork out your credit card information. I'd suggest changing login passwords for everything, from email to any online bank accounts you use. Just to be safe. Update your Java if you haven't already, as it's very important. If you don't already surf with firefox, I'd recommend you start doing so.

I have isolated the bad definition responsible for the false positive and sent the information to Bruce. The next update should resolve that false alarm by the resident protection module. Thanks for bringing it to our attention and I sincerely apologize on behalf of MalwareBytes for any issues you suffered as a result of this. Thanks again!

It will remove considerably more than what's listed in the list. We have a very nice hueristics engine in use as well as somewhat smart definitions. We just don't get really nitpicky and classify things as variant A, B, C.

Crud... Please provide a developer log so that I can get this removed from a future update. It's a false positive, in the mean time, please tell mbam to ignore it.

No problem. Sorry for the hassle your going thru. At this point, I'd suggest you start a new thread in the hijackthis forum and allow one of our experts to help you disinfect your machine. I have no reason at this time to believe any of them are necessarily false positives.

It's not a false positive. The file has a version id string which matches the company who published it. It's perfectly okay to let MBAM remove them.

Can you provide a developers log please? The registry keys are tied to the suspect file. MBAM is very good at tracking things down.

I have forwarded this to our lead researcher. He will be able to confirm whether or not these are all FP's and should be dealt with.

It's a FP. Please select ignore for now, We'll get it fixed with the next update. If by chance users did remove it, simply going to quarantine and restoring it will fix things. Sorry for any inconvenience this might have caused anyone.

We have no current plans to convert MBAM to run in a PE environment. There's several options which have been discussed several times now to help users in situations where MBAM cannot run due to the infections already present. While we realize some people do want PE support, PE discs aren't often built by home users, We still do not support it in PE environments. It wasn't designed for it, and PE provides no real benefits to you in this case. I suppose we should place this question in a FAQ someplace.

We are active in the pursuit of malware affecting people. if you ever encounter something we don't deal with, that you feel we should; you can always submit it to us for analysis and possible inclusion into a later database update.

Your thinking of a database in the old fashion and meaning. Think of an adaptive database, that has... the ability to make.. decisions of sorts. and as you've already been told, MBAM is more than one person. kk... Official Intro Hi there, My Name is Dustin Cook, I'm one of the persons under Bruce's command responsible for the database that we're all very proud of.

Drivers have much higher access to a system than normal applications. Everybody has them nowadays, it's a requirement if you want to defeat resident nasties.

First, thanks for the comments concerning our program. We're very pleased with it ourselves. *grin*. Second, Rogue Installers are programs that will install known rogues, such as XPAntivirus2008, 2009, etc. Trojans are well known for downloading installers for these. So if you had a few lying around, your old scan? killed them, but missed the copies recycled (heh) by windows. If you'd like, you can toggle system restore off and then back on, and it'll clean out the dirty cache for you. Or just wait and windows will eventually purge them from the cache on it's own.

Will be fixed in next update. thanks!

Hi There. If your system is doing fine, and everything is now running normally and has been for say... 2 days or more, sure, you can safely empty it. B) Quarantine is a backup plan basically, just in case something is wrong.

could you please run mbam in developer mode and paste your log? developer mode is initiated via a command line switch /developer

Technically, your reverting MBAM back to unregistered mode. RealTime protection would be disabled in unregistered mode. B) We may in the future change the location of user registration information. But so far, malware we've seen seems much more interested in keeping us from running in the first place. Resident or otherwise. If your intent on a targeted attack against XYZ program, there isn't much that's really going to stop you.

Not to worry. We have no plans to turn MBAM into something else.

It's not a false positive. It's just hitting on an old registry key left over.