Jump to content

Mike_136

Honorary Members
  • Posts

    22
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks for all the comments, especially Ron from MB. I'll stick with v1.75 on all client PCs and control the update process manually. I'llkeep an eye on the next releases of v2 on my PC. Mike
  2. Hi, v1.75 and earlier allowed users to disable automatic updating of the program version. There appears no such feature in version 2. Will this feature be added in the future, if so when? I recommend MB to my customers but don't want them panicking everytime it requests a re-install when a new version appears. Mike
  3. Hi Samuel, Thanks for clarifying the database update details. Many thanks for your help today. Mike
  4. Hi Samuel, Thanks for the quick response. Just to make sure I'm 100% here, as it stands it is NOT possible to keep the service on an Automatic (only) start-up, since the first daily (or hourly) identity update will simply reset the service to Automatic (Delayed Start), even with NO program updating enabled? Is this correct? I don't quite understand the logic whereby accessing the scheduler automatically resets the start-up method to "delayed start". If the service is set-up to start Automatically (NO Delayed start) and is hopefully running, why can't the scheduler see that the MBAM service is running and therefore avoid the need to reset the start up mode? I can understand it resetting the service start-up mode IF the service had NOT started. I guess there's more to it than I understand? I'm glad you're looking into incorporating the "delayguistart" function. Is this update likely in the coming months? Mike
  5. Hi Samuel, Thanks for the update regarding the possibility of removing the delayed start. I've worked with ESET (and MB) for years and know there's no conflict with a 20 second delay (via the Registry DWORD). Can you not simply include an 'advanced' option (that I can enable) that prevents the resetting of the service to delayed start mode? Or, can you provide an option to enter a user-defined time delay? Can you confirm whether a program update and/or identity update reset the service start-up mode, as asked in my original post? Thanks. Cheers Mike
  6. Hi, I have setup Windows 7 (64-bit) with ESET 4 and Malwarebytes Pro (v 1.60.xx onwards). In order to delay the MBAM Service by 20 secs (to avoid potential conflict with ESET at start-up) I do the following: 1. Change the start-up type for service "mbamservice.exe" to Automatic, from Automatic (Delayed Start). 2. Add a new DWORD Value "delayguistart" and set it to 20 at the Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware This works great, however, I notice that the MBAM service can revert back to Automatic (Delayed Start). This leads to a much longer start-up (1-2 mins) and hence a delay in protection when online. I have just isolated one thing that causes this change of the start-up type (back to delayed start). If I start the scanner and click onto the “scheduler settings” tab, without doing any changes even, I notice that the service is reset to delayed start. Why does this happen? Secondly, I believe that updating the program version may also change the MBAM Service start-up back to delayed start. Can you confirm this? I isolate this by turning off the “program update” options within the “updater settings” tab. Finally, I think I have noticed it change without the above 2 steps occurring. Are you aware of the regular identity updates triggering this action? Are you aware of anything else doing it? It would be great if the user-chosen start-up type was never reset by the program. This would allow the program to start protecting the PC at the desired, shorter delay time and not after 1-2 mins. Thanks in advance Mike
  7. Yea, I'm contacting support too, however, I was interested in posting the problems too since it normally gets a quicker reply! BTW, the link to Malwarebytes Commercial Support you give goes to a "Page not Found". Mike
  8. Hi, I've read a few threads and see there's a problem with updating the latest version of MB, which seemed to be linked with Zone Alarms and AVAST. I've had several customers report problems whereby on a reboot a message appears saying "MB service was terminated unexpectedly..." and the MB protection is inactive (with no "M" icon in the taskbar). ALL PCs are ONLY running MB with ESET Smart Security V4 (Home Edition) with all of the listed MB files added as exclusions within the ESET setup, as recommended on this forum. The PCs run either XP SP3 or W7. This error started happening at the time of the release of MB v 1.60.0.1800, suggesting it's related to this update, since this error has never occurred before. Manually running the v 1.60.0.1800 installer (without the need to run the cleaner) solved the problem on all PCs except one (today) which pointed to mbamcore.dll (ver. 1.60.0.52) as a problem. The text file the error message generated in the user\local\temp folder is attached (aeba_appcompat.txt). Looks like this updating error is not confined to the ZA and AVAST software, any ideas welcome. Mike MB reseller aeba_appcompat.txt
  9. Hi Samuel, Thanks for the links and sorry for posting those instructions, I was honestly only trying to give something back, having taken such advice in the past. However, I fully understand your policy, it does make sense. I will look into taking a training class in the near future as it will be great experience as well as allow me to post help officially. All the best. Mike
  10. Hi Samuel, Again, many thanks for answering my questions and giving the link. I guess the customer may have clicked a file without knowing, perhaps not wanting to admit it! Either way the system is now clean. I did post a detailed removal method for someone else on the MB forum, link below, in order to be helpful. I hope this was OK, please advise if it was in the wrong forum area. http://forums.malwarebytes.org/index.php?showtopic=81797 Thanks again Mike
  11. Hi Samuel, Many thanks for your prompt, clear answers. Two final question related to this "MS Removal Tool" .exe infection, which probably relates to other similar 'rogues': Q1. Could this infection have copied itself to the PC without user input, e.g. by browsing an infected website? Q2. Could it have also executed itself, even if only to the extent of adding the registry value in the 'Run once' Windows key, without user input? I only ask because when I returned the PC and asked the client, he said he didn't click on any attachment or knowingly download any .exe before the 'MS Removal Tool' fake scanner first appeared. Perhaps you could also point me to technical references on how certain infections get onto PCs, so that I can gain more knowledge in this area? Many thanks Mike
  12. Hi, I am a reseller for MB and yesterday I fixed a PC which was infected with the 'MS Removal Tool' malware (which was already active with it's fake scanner and process blocker running in Windows XP normal mode). However, I was interested to know how the file got onto my client's PC, since it was running MB Pro (database 6350) at the time. When I scanned it with MB in "safe mode" (with database 6350) the .exe and registry key value were not detected, I therefore found the infected key and file manually and removed the threat. In subsequent testing I noticed that database 6351 does in fact detect the threat. Q1. Was this a new threat that got on the PC ahead of your database 6350? Q2. Now that database protects against this malware, will the on-access scanner (in MB Pro) stop the file/code downloading onto the PC? I was testing the system out subsequently, by copyng the folder with the infected .exe file back onto the PC (now running database 6351) and the file happily got copied to the hard drive. When I opened the folder, MB seemed to flag the infection when I hovered over the .exe with the mouse. Q3. Is this the way the on access scanner works, i.e. an infection can be copied but not executed? I have the infected .exe if you want to inspect it, let me know. Look forward to your answers and gaining more knowledge on how things really work. Regards Mike
  13. Hi, I hope the info below sorts you out, it worked for me yesterday, however, I believe Malwarebytes only put out a fix for the infection I encountered in database version 6351, since their program didn't find the malware with database 6350 (perhaps MB staff could confirm this). The PC I fixed was also running MB Pro (on access scanner with database 6350), so I guess the infection was very new and hit the PC before MB had rolled out the latest fix (very unlucky to have got the infection). I therefore did a manual fix, detailed below. Manual Fix to remove MS Removal Tool - Windows XP 1. Enter Safe Mode (Hit F8 after reboot to bring up the selection) 2. Run Regedit from the "Run" box or "Command window" 3. Go to HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\RunOnce\ 4. In this registry key there should be a key entry (value - in RHS pane) that runs a .exe from your PC location C:\Documents and Settings\All Users\Application Data\"Random folder name" NOTE: The name of the .exe file will be the same as the "Random folder name" above. In Vista or W7 the location will probably be C:\Users\All Users\AppData\"Random folder name" 5. DELETE this registry key value 6. In windows Explorer enable "show hidden files" and browse to the C:\Documents and Settings\All Users\Application Data\"Random folder name" 7. You should find the .exe file in it. 8. DELETE the folder (including the 2 files in it). 9. REBOOT into normal windows NOTE: This will have removed the malware from auto-running (registry key value) and also the .exe, so rescanning with the latest database on Malwarebytes will NOT detect it, since you've deleted it, don't panic! Automatic Removal Below are the instructions on the MB forum, however, this did not work on the PC I was fixing, suggesting that the malware has modified itself since this post, and hence required database 6351. If you have MB installed you could go into "Safe Mode with Networking" and run MB and update it to the latest database, then run a quick scan to find the infection). Follow their instructions to remove. However, if in "Safe Mode" there's no need to rename the MB .exe file to "Explorer.exe", just launch the MB program from the desktop icon or Start bar. http://forums.malwarebytes.org/index.php?showtopic=81102 I use Malwarebytes and recommend it to my customers, so it's worth getting a full license to allow it to update and run 'all the time' using the 'on-access' scanner. The cost of the lifetime license is only
  14. Hi Ron, Thanks for the interest. Seems like I need to run this 'add-on' (issued free from the bank's website) and try it. It was just I was hoping you guys may have heard of it (losts of banks appear to be recommending it) and could comment on how it worked against keylogger attacks and communication attacks, via DNS bypassing - compared to how MB works in these areas. Not to worry though, however, any technical information on how Malwarebytes works against these 2 types of attack would be really helpful - I could read up on the Trusteer Rapport website, which has technical info. Do you have any such resources you could post them here or email them to me? You have my private email address. BTW thanks for sorting out the resseller discount problem earlier this week. Thanks Mike
  15. Dear Noknojon, I just wanted to ask the question to a wider readership, my bank is also asking me to use Trusteer Rapport so I could easily make it a non-client issue - would that be OK? However, I will try corporate as well, fingers crossed for a reply though. Mike
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.