FutonDog

Hi, all: My daily morning scan flagged the following two instances of backdoor.bot: Files Infected: C:\WINDOWS\Temp\Perflib_Perfdata_1b8.dat (Backdoor.Bot) -> No action taken. C:\WINDOWS\Temp\Perflib_Perfdata_23c.dat (Backdoor.Bot) -> No action taken. It first appeared during this morning's scan (app. ver. = 1.46; db ver. = 5237). I update the db and quick-scan once daily. Yesterday, everything was clean (app. ver. = 1.46; db ver. = 5232). As indicated in the scan-log excerpt above, Malwarebytes took no action, and not knowing what these files are, neither did I. Googling the files earlier this morning I see that Perflib_Perfdata_* (Performance Library - Performance Data) files are created by either the OS or by any program that has a system monitoring function. So they appear to be normal and "clean" files. I run on XP Home SP3. Good luck to all, Ron

Currently, in version 1.46, in the "Logs" window, the "scan" logs are listed in ascending chronological order and are then stacked on the protection logs, also displayed in ascending chronological order. This morning, I was wanting to delete some of the oldest protection logs from the top of the protection-log stack. Deleting individual logs, one at a time, requires one to use the Delete button vs. the Delete All button -- no problem. But after deleting an individual protection log, the window shifted focus back to the very top of the window, losing my place in the window. This required me to scroll back down into the protection-log stack and find the next protection log that I wanted to delete. I would to like to see this behavior modified, so that after the log delete and the window refresh, the focus shifts to the next log in the stack, and not to the very top of the window. A suggestion, but one that I think would make for an even better application. Thanks for all the good work that you guys/gals do. You've got a nice app.

Hey, Endorush: I do daily updates at 5:30 A.M. and then a QuickScan at 6:00 P.M (coffee is done brewing at 5:40 and the newspaper is done at about the same time that QuickScan finishes, and the family is still asleep. Yes! ). Since I followed the MBAM update with the QuickScan, I don't elect to scan the memory after the update. I don't run FullScan (there has been many threads on this board from Malwarebytes staff about the absolute sufficiency of QuickScan). I don't do realtime updates, as some of the other posters do. My personal preference has always been to control, as much as possible, when my computer gets updated, be it AV updates, MBAM updates, Windows updates, etc. This way, if my computer ever starts "wigging out" (sorry for the technical jargon) on me, I'll have a better idea of what changes occurred and how they might be related. Besides, my family is on and off the computer day and night, so I don't like updates consuming resources, during these times. But again, this is a matter of personal style and preference. I reviewed my daily scan logs for the past month and noticed that, on average, there are about three version updates every day (sometimes it's higher -- I seen the DB version increment by 5, even 7 one day [this must have been a particularly nasty day for mischief and malice]). So, on average, my MBAM, in a 24-hour period, might be two version behind -- I've seen threads here where users have been hundreds of updates behind. For me, this is an acceptable level of risk. Plus, I also run real-time protection. I use Norton Internet Security suite for my firewall (I have an XP machine, so no native Windows firewall) and AV; the protection it affords has been satisfactory, but I wouldn't necessarily recommend it either: it's heavy on resource usage. I just starting using Avast free on my new Windows 7 laptop -- I read some good things about Avast, here on this board, and on other sites. And I know many people also use Avira Antivir. Good day, endo!

Executioner, By "running in the background," are you referring to MBAM's real-time (RT) protection module, expressed as an MBAM icon down in your computer's systray? If so, you can turn off the protection module by deselecting it in the application (I believe the tab is named "Protection"). Do not confuse MBAM's RT protection feature with separately scheduling updates and scans (at the intervals you choose), now done, starting with ver. 1.45, within the MBAM application, and not through Windows Scheduled Tasks.

Good morning: I checked my machine (XP SP3) this morning, and my regularly scheduled daily 6 A.M. QuickScan (app. ver. 1.45; DB ver. 4052) ran without error. I double-clicked my desktop shortcut, saw the message box about the available update, accepted the message, the update downloaded, the machine restarted, and MBAM service and RT protection started without incident. No double-installation, no double reboots, and no errors. I launched the app., saw the news item about the 1.46 release, downloaded DB ver. 4053, and the update date on the "Update" tab and the tool tip from the systray icon both said "4/30/2010". I know others (and some with XP machines) are having issues, but my update went smooth. Odd, but computers are often odd.

NotTooTechy: I am also a paying MBAM customer and have been for a year. In that span, I have had malware issues, have sought assistance (by e-mail), and have received quality assistance from HelpDesk staff. MountainTree is not reprimanding you. You are mistaking guidance (and good guidance) for reproach. This is an issue of proper forum protocol. I am a new member to the MBAM forums, but during my short time here, I've quickly and clearly learn the proper places to posts threads about malware removal, false positives, etc. Many of the veteran and expert members (MountainTree, etc.) routinely and consistently guide the more unfamiliar user to the proper place to report and discuss their issue. The intent is to assure that the user receives the help they need, as quickly as reasonably and realistically possible (even if the wait can turn into days). There are a lot of people (paying customers included -- I'm one myself) having issues, and there are only so many people (staff and volunteeers) available to help at any given time. Remember the help on the forums is FREE. This is a community of users, all with a shared interest in combatting malware. Also, in my short time here, I have been nothing but impressed by the quality of guidance and instructions offered, and the consisitency of that guidance (e.g., to help yourself get help, post malware removal threads in the malware-removal forum). Also know that most of the forum members are not Malwarebytes employees. They are volunteers, freely giving of their time and expertise. That's what make this board so good. So please moderate your tone. It is clearly overdone and unnecessary. Good day to you and the rest of the Malwarebytes community. Ron

Yeah, thanks from me too, MountainTree: I've wondered the same. I've seen it mentioned in this forum that a QuickScan is sufficient and that a FullScan is not recommended. But, for me, this has always begged the obvious questions: What then is a FullScan for and why would Malwarebytes.org include this functionality in their application? Your explanation has helped greatly to "burn off the fog." Thanks also for providing the references from "nosirrah." I see there has been some very spirited exchanges and discussions about QuickScan vs. FullScan. Enough said already. Asked and clearly answered. Thanks again and good day!

Thank you all for your comments. I enjoyed reading all of them. Exile, especial thanks for your discriminating comments on AV's vs. MBAM (they were very instructive and insightful). I know there have been more than a few posts reporting instances of MBAM ver. 1.45 consuming inordinate system resources (with some even trashing the product), but I have not experienced this issue on my XP Home Edition (Media Center 2005) SP3, with 1.45, 1.44, etc. I run Norton Internet Security suite (you want to talk about system hog? man, Norton is it) for my firewall/AV and MBAM Pro (real-time protection running in the systray). Other than during db updates and scans, MBAM seems to run pretty silently in the background. This said, I cannot summarily dismiss or discount the reports of those posters, like Mr. Blais, who are claiming that MBAM pegs their system (if that's what they're seeing, then . . . that's what they're seeing). I guess it's an indication of all the possible permutations of a computer system that's in use in the greater world. Scary, the number of "variables." Good rest of the day to all. Ron P.S. YoKenny1, love your handle and picture.

Good morning (or afternoon, depending on where you are) gentlemen: Thank you, Hawk, for asking the question. It's very timely and relevant to my situation: I recently bought a new Win7 laptop and installed Avast Free AV on it, and I intend to also install MBAM on it as well. And thank you, Exile, for your response (it's very helpful and I have confidence in your responses, on this situation and others). Of course, my new machine also contains the native Windows Defender program as well. With the increasing plethora of security software available (anti-virus, anti-spyware, anti-malware, anti-rootkits, etc.), it seems to me there is increasing overlap or redundancy among products and their claims. And I'm finding myself increasingly confused about what distinguishes one product from another, feature-wise (performance, efficiency, and efficacy considerations aside). For instance, where does Avast AV end and MBAM begin? I know MBAM is not an AV program and that Malwarebytes fully discloses that you must still use AV, but does Avast AV do all the things that MBAM does? According to Avast, Avast AV is an anti-virus and anti-spyware program that also provides RT anti-rookit protection, and uses a heuristics engine to detect additional, non-definition-based malware. What distinguishes MBAM from Avast AV? I've used MBAM for a year now. It helped me greatly a year ago resolve an infection by Spyware Protect 2009 (my Norton disappointed me, but again, Norton is AV. I'm starting to understand the difference). Ever since then, I'm sold on MBAM (I subsequently purchased the Pro version for the RT protection). I think MBAM is a great product, and I think the support forums are very competent and professional. So I have no intention of discontinuing MBAM use. But it keeps nagging at me: Avast, MBAM, Windows Defender, what's the dif? Right now, I don't have an issue to post, because MBAM is doing a great job helping to keep my desktop computer clean and protected. Good day to all. P.S. And now I see the thread from Mr. Spragg, which at a more generic level, seems to be asking the same question as me. Thank you, Andy.

Hi, Not Bob: I have also experienced the same issue: the error is raised on the desktop (the application doesn't have to be open), i.e., real-time protection shuts down, and the MBAM systray icon disappears if you hover your pointer over it. To reenable the MBAM service, you have to relaunch the application and reenable the real-time protection module. The odd thing about my experience, at least, is that this has been a very occasional and sporadic error. In the year that I've used MBAM, I've had this occur many times, but again, we're talking a duration of one year, with my machine running almost continuously. I have not experienced this on ver. 1.45 yet, only 1.44, but, of course, 1.45 was released only three weeks ago today. In the year that I've run MBAM, I've used Norton Internet Security to provide my firewall and AV, so stable platforms there, aside from application/signature updates. I also run on XP. My XP is updated to SP3. I surely have not welcomed this error when it has occurred, but because of its relatively low incidence, I have regarded it as an annoynance, its resolution relatively painless and easy. I focus my time on checking my AV/firewall and MBAM logs for suspicious activity. I do not intend my reporting my experience to discount the importance of your situation and experience. Instead I offer it up to let you know that you are not alone on this. As soon as I saw the title of your thread, I was immediately "there." You have described the situation accurately. Good luck on its resolution (I'll keep monitoring this post for I'm real curious about this one). Exile is a good one!

Good morning: I have also experienced what trichter and vampiredog have reported. I also am running MBAM on XP SP3, and last week Thursday, MBAM flagged a suspicious file, but when I tried to show results, MBAM wholly shut down. I reopened MBAM to find Quarantine empty and the previous scan results not logged. So I manually rescanned (again, it flagged a file), but this time, I skipped the show-results step. The flagged file was now exposed in Quarantine and the scan results logged. Since then, I have not had any further detections (either by MBAM or my Norton AV), and MBAM has been working fine. Odd.

Good morning, Exile: Thanks. I found the option to have the scan run "silently." My scheduled scan early this morning ran like a charm. Admittedly, I do now remember seeing that option a few weeks ago, when I was browsing the then newly released v. 1.45, and recreating my daily update and scan tasks. At the time, I didn't comprehend what the option was for. But boy, do I understand now. Thanks again Exile. You rock.

Thank you, Exile, for your response. However, I'm not fully understanding your guidance. You write, ". . . (there is an option to run scheduled scans silently from the System account)." I cannot find the option you refer to in the MBAM application itself (I am using the paid version of MBAM v. 1.45), in any of its tabs or sub-tabs. I also checked Windows Services, and the only MBAM "service" I see running is "MBAMService" and it is running off my machine's Local System Account. So if you could clarify your prior guidance and provide me a more exact location of the option you referenced, I would most appreciate it. Thanks again, FutonDog

Hi: Ever since ver. 1.45 was released, I have been having problems with my MBAM automated daily scan. My machine is running XP Home Edition SP3. As with ver. 1.44, I have MBAM update its database daily, before running a QuickScan. Ever since ver. 1.45 was released, QuickScan does NOT execute when I am NOT logged onto the machine. The DB update still runs, as shown in a representative protection log that I've reproduced below. Apparently, "update" still runs even though GetUserToken evaluates to "null", while "scan" will not run if it cannot acquire proper user credentials. 05:30:05 (null) MESSAGE Scheduled update executed successfully 05:30:08 (null) MESSAGE IP Protection stopped 05:31:34 (null) MESSAGE Database updated successfully 05:31:36 (null) MESSAGE IP Protection started successfully 06:00:00 (null) ERROR Scheduled scan failed: GetUserToken failed with error code 0 Again, if I am logged into the machine before the scan is scheduled to run, it executes fine. I've also noticed that unlike ver. 1.44, update and scan jobs created within MBAM no longer appear in Windows Scheduled Tasks. Any helpful insight would be most appreciated. Good day to all!

Hi: Yes, I have also been experiencing "mysterious" IP blocks by MBAM, even when there is supposedly no IP activity. My machine does not have and has never had P2P software on it. The IP blocks occur even when the machine is idle at the desktop (no browser sessions open under any user account). The blocks number only a few a day (thank you MBAM for exposing the protection logs), but it still bedevils the hell out of me. My machine is XP SP3 and IE6 SP3. I first installed MBAM a year ago when I got infected by Spyware Protect 2009 (sysguard). MBAM worked great, it helped me greatly in disinfecting my machine. Within the past week, my daily QuickScan detected C:\Program Files\Common\_helper.sig. So I thought, ah, maybe this _helper.sig file is the culprit making calls to the suspicious IP's that MBAM is blocking, and with its removal, the "idle" IP blocks will stop. But even after deleting this file, I'm still getting a few blocks a day. Since then, my daily MBAM QuickScans have come up clean (I also update the MBAM database daily, before my QuickScan runs, so my MBAM protection is always current) and so has my weekly Norton AV full scan. Again, this mystifies the hell out of me, and I just wish I knew what's going on. Any feedback and guidance would be most appreciated. But for all the people at MBAM, thanks for what you do and for the product and service you provide. It helps a great deal.