Falkra

Hello, refer to this document for planned features. Next version will bring realtime updates for customers (paid version) : http://forums.malwarebytes.org/index.php?s...st&p=194452

MBAM blocks IP, not domains. In fact, this is the logical way for the protection module to work. It blocked a blacklisted IP (not GAOTD's one), not because of a link on gaotd's webpage, but because of data loaded from another server, from a banned IP range.This way, the legitimate domain and server could be accessed, but the unwanted server could not load data : your computer was not able to display data from that server. Servers have an IP and can host multiple domain names, including legitimate and malicious contents. MBAM blocks IP, that is to say entire servers/machines, not specific domains.

Hello, I checked things, and GAOTD's server IP is 208.88.224.199, it is the only IP for all the GAOTD domains (and localized domains). The blocked IP is 208.94.233.132, and can be a remote server used for to display advertising, among other things. With Firefox and Adblock and NoScript, I had no IP blocking message at all. With ads displayed and JavaScript allowed, the IP is blocked randomly, and ads are the only random element. Anyway, GAOTD loads fine, even if MBAM blocks the second IP. MBAM blocks IP calls, not links or domains, but remote scripts, iframes or code can be blocked, if the website you are reading uses external content (like google-analytics, or advertising, hosted on other servers/IPs). The html code reveals some scripting like this : function InitLinkInformer(accountId) { var ref = document.referrer; if (isSelf(ref)) { return; } var currentTime = new Date().getTime(); var r = new Array(); r.push("VisitPage="); r.push(enc(document.URL)); r.push("&Referrer="); r.push(enc(ref)); r.push("&AccountId="); r.push(accountId); r.push("&Time="); r.push(currentTime); var url = "http://statistic.link.informer.com/WebGate/SaveStatistic.aspx?" + r.join(''); var img = new Image() img.src = url; img.onload = function() { }; } function isSelf(ref) { if ("0" == ref || "" == ref || "-" == ref || null == ref) return false; var i = 0, h; if ((i = ref.indexOf("://")) < 0) return false; h = ref.substring(i + 3, ref.length); if (h.indexOf("/") > -1) { h = h.substring(0, h.indexOf("/")); } if (h.indexOf(":") > -1) { h = h.substring(0, h.indexOf(":")); } h = h.toLowerCase(); if (document.location.hostname.toLowerCase() == h) { return true; } return false; } function enc(o) { // return window.encodeURIComponent ? encodeURIComponent(o) : escape(o); return escape(o); }

If you need to exclude files from antivirus scanning, you will find the list here : http://forums.malwarebytes.org/index.php?s...st&p=167851

Even better, if you expercience no problem. If you are not using the resident module, you may have no problem at all. But in case, refer to this tutorial in the official faq, here are the files to exclude from scanning (for example, with AVG) : http://forums.malwarebytes.org/index.php?s...st&p=167851

Hello, I have heard of Avast 5 causing BSOD alone, especially when upgrading from v4.8 instead of doing a clean uninstall + 5.0 install.

Hello, there are no conflicts between Antivir and MBAM, you can turn on the protection module. There might be some conflict with other antivirus software, if so here are the files to exclude from scanning (for example, with AVG) : http://forums.malwarebytes.org/index.php?s...st&p=167851

Is the SUPERAntiSpyware resident module active ? It doesn't look like, just for confirmation.

Also, be careful not mixing too many active resident protections or tools. This can be checked, if you want, using a tool. Download Security Check by screen317 from here or here. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If I remember well, MTP devices can't give direct Windows access to the files, so they need a synchronizing program (like WMP, or iTunes) so MBAM shouldn't access these. UMS will work with MBAM.

Hello, is your MP3 player UMS ? (Universal Mass Storage) If so, you can use it like a flash drive and from "My computer", drag and drop files to the player.

This is why there can be a high amount of false positives. A-squared and PrevX may produce them, if used this way (the riskware concept of A-Squared uses to flag VNC or any legitimate remote admin tool, for example, those tools, per se are not malware, and require passwords to be dangerous).

Thank you too for coming here and posting this.

I don't think Spybot is, today, a good choice. Personal opinion. Here's why : Spybot has been for a long time a reference (like ad-aware), when the first malwares (they were called "spywares", at the time) appeared. This was the beginning, when fixing a HijackThis line or deleting a single registry key and file coiuld stop infections. Spybot used at the early stages a simple and efficient technique to identify infections, based on file and registry key locations. So it scanned for infection a, then b, then c and if the infection was found, you could delete it. It worked great. This structure is now obsolete, and malwares are really sophisticated. Even if spybot evolved a lot, parts of that logic remain. Malwarebytes offers a different approach mainly based on heuristics. You scan files and critical locations, and files structure or contents and structure (that's the point) will tell you if there is malware or not, withtout scanning for every known infection of database. I prefer this, and facts are MBAM destroys sophisticated malwares where most others only detect or partially remove them. I recommend you to use Malwarebytes and an up to date antivirus together. Not because we are on Malwarebytes' forum, but because antivirus and antimalware tools must be updated by reactive teams. MBAM is. You can build a marvellous antivirus or antimalware engine, if you don't feed it with the latest wild threats immediately, it makes no sense. Some companies are a bit too late and the recent threats are added to definitions over 2 or 3 weeks, and comparatives focus too much on engine and on-demand detections. Top recent threats infect computers. If your software gets the definitions 10 days later, that's too late. If you want to disable Windows Defender, disable the service, use the services interface (right click My Computer, Manage, then go down to "services") and stop the Windows Defender Service. To avoid it starting at next boot, you can set the service's startup type to "disabled".

No problem.

Sure, it was 3.5.4 Build 86. It even wanted to delete mbam-setup.exe, here is a screenshot from a security colleague. The other mentionned executable files are disinfection or diagnose tools used for live cleaning on forums :

Hello, I would suggest to check WD's service start type and state (start menu, run, services.msc then locate the windows defender service and double click the line to display start type and state). Service should be running. But one sure thing is Microsoft is not continuing WD for long, the malware database has been copied to Microsoft Security Essential, their antivirus / antimalware tool, so WD will disappear. Maybe it's time to switch to another program, and disable it.

Thank you for precisions. Well, maybe not a lot for v3.6, but there have been some, but Mozilla realeased quite quickly the fixes :http://www.mozilla.org/security/known-vulnerabilities/ I would like to see Norton's processes, modules and services eating less than 11Mb of memory. If only 10 Mb are used, maybe some features are be disabled by an undetected malware. ^^ Last time I tried Hitman pro, it made false positives on every disinfection tools I had. The database needs to be worked on. I wish common sense is really common and that everyone has the same definition for it. But that's different, the first post didn't mention them this way, I prefer you second software selection.

If a single procedure was enough to make possible an internet security guide for everyone, there would be no forums to discuss about it. Antimalware and malware evolve fast. Yesterday's guide will need to be changed tomorrow. In addition, what you suggest, if we use everything listed in first post, will overlap or superimpose protections and databases. Careful with that. There are many examples, but there cannot be a single recipe to make a tasty protection, so to speak.

Great features, thank you for the announcement.

Thank you Nosirrah, I will add identification for next version.

I'm not sure I understand what identifying is for this, do you want me to add information to the details tab (file properties of main exe file) when compiling ? I can do that for the next version.

Hello, here is a new false positive, about CanRemember, the new version (1.34), probably the packer, again (UPX 3.04). You can download the file here : http://www.libellules.ch/canremember_eng.php Direct link to zip : -http://www.libellules.ch/canremember/canremember.zip This time is it not Rogue.Agent but PUP.ActivityLogger.

Very good news !

That was really fast, many thanks Nosirrah.