numetro

My NOD32 caught an HTTP script (or an HTML script or how ever many names you want to call it) while it was coming in through or because of Malwarebytes, so why wouldn't NOD32 have caught it when it was coming in previously through a web browser like you are claiming? I've already said umpteen times that it caught this stuff with realtime detection AND it runs everyday with the very same updated virus signatures in a full scale scan of both hard drive partitions. If I should disregard what you said about AMON and IMON, then why bring those things up to begin with? I'm not sure if you guys are just glossing over what I'm writing in an effort to answer as many questions as possible in a short amount of time as possible or what, but I give up.

DonZ, I appreciate the input, but I actually went through setting up my NOD32 to scan everything including HTTP scripts with a top Eset manager quite a ways back while doing some checks with him over the phone. What is AMON? What is IMON? Forgive me, but what are you talking about there? And I don't have NOD32 v2... I have NOD32 v4, which has the same signature database as v5. Thanks.

Shadow, again, I did run a full scan with NOD32 every day before I ran Malwarebytes, including the day that all this happened... I said that twice, I think, so far. No, what I said does not back up your argument, it contradicts your argument.

PS: In spite of having all of my preferences for this forum set to receive email notices for threads that I'm on and having selected the option to follow this thread right here on the thread, I still don't get any email notices for replies from this forum and I've already been checking my junk mail folder.

Guys, I understand all the stuff that you are saying with the charts and such. But the fact remains that NOD32 caught this file, be it an HTML file or whatever, with it's realtime detector, so if the file was already there for a while, however long, why wouldn't NOD32 found caught the same file with it's realtime detections when it originally came in to the computer via my web browser?... that issue hasn't been addressed so far in you responses, and I keep repeating it. I know it the logs don't show an active infection because NOD32 caught it while coming in during the Malwarebytes scan and quarantined the files and then allowed me to screenshot the logs and then delete the malware, or whatever you want to call it. I already considered that NOD32 didn't have the virus signature for that particular malware file when it got on my computer and then it did when the file was accessed by Malwarebytes, but the clink in that argument is that I ran daily scans with NOD32, including earlier that day and everyday before my Malwarebytes scan, so NOD32 would have had a chance to find that malware file before I ran Malwarebytes... so still, why wouldn't have NOD32 found that malware file before I ran Malwarebytes instead WHEN is was running Malawarebytes? Thanks again, numetro

Hi nosirrah and shadowwar, Thanks for your replies again. Whatever you call it, virus or malware, isn't really what the issue is here. I understand that Malwarebytes will not detect some forms of virus or malware or whatever you want to call it. But if NOD32 detected this "HTML file" while Malwarebytes was running with NOD32's realtime detection, not a NOD32 daily scan, then why wouldn't NOD32 have detected the "HTML file" when it first invaded my computer, as you say? That doesn't quite make sense... which was first, the chicken or the egg, kind of thing. I'm not sure what you mean here nosirrah... NOD32 did find the "HTML file", not through it's daily scan but with it's realtime detection. We are kind of going in circles. Again, how would the file have been on my computer already if NOD32 was able to detect it with it's realtime detection at all? NOD32 caught the "file" while Malwarebytes was running. ??... that is exactly what I do and that's exactly what we are talking about. I have 2 security apps installed on my computer and I use Malwarebytes to catch things that NOD32 does not... that's what happened here in this situation that we are talking about now, right? But this time it worked in reverse... NOD32 caught something that Malwarebytes was mysteriously allowing to access this computer through Malwarebytes itself while it was running. That is why I'm using Malwarebytes along with NOD32... but now I'm afraid to run Malwarebytes at all. I understand that you would like me to purchase the pro version of Malwarebytes and that is somewhat skewing what are good intentioned answers here, but I'm trying to determine why Malwarebytes is being breached and itself allowing malware to try to get in to my computer. As I said before, I am not the first person to encounter this problem with Malwarebytes. If changing the name of the mbam.exe file keeps this from happening, as a friend of my has testified, then the idea that this malware was already on my computer is not only dis-proven by that fact, but by the facts that I stated above. If a virus or malware or an "HTML file" as you refer to it can come in through my temporary internet files folder from web browsing, then it could come in through that same folder while Malwarebytes is running. I understand that you'd like to sell as many copies of the Malwarebytes Pro app as possible and I understand that it is difficult to admit that Malwarebytes has a flaw here and someone is trying to exploit it with a virus or malware that detects when Malwarebytes is running and tries to get it via Malwarebytes itself, but looking past some motives now will only help people to solve this problem, so in the future maybe they will rely on Malwarebytes enough to go ahead and buy the Pro version. Thanks again, numetro

Hello gentlemen and/or ladies, I didn't include this screenshot before of the log within NOD32 showing that this virus was detected with the realtime detection and not with the daily scan, though I mentioned this before. Since the NOD32 virus signature database is updated four times a day or so automatically by Eset and I have NOD32 set to run daily scans, and since NOD32 detects in realtime as well, and NOD32 did indeed detect the virus with it's realtime detection, as seen in my screenshot below, then how would the virus already have been on my computer before I was running Malwarebytes? NOD32 would have caught it before I was running Malwarebytes when the virus was supposedly first entering my computer via my web browser or whatever, which it did not. I am not having any more virus detections from NOD32 and I wasn't any longer after NOD32 first detected the one's in question and quarantined them... then I took the screenshots and deleted the viruses on 07/07. I am asking if there is a way to keep these malware attacks from coming in through Malwarebytes again since they seem to be attacking specifically the Malwarebytes app while it is runnin... this has apparently happened to other people too. Thanks again, numetro ___________________ SCREENSHOT BELOW

Seagul, Thanks again for your reply. I'm wondering, if this virus was just something that Malwarebytes couldn't see, which is understandable, then why did my NOD32 only find it WHILE Malwarebytes was running and it identified it as something that entered through Malwarebytes? And if NOD32 detected the virus at all, and it was already on my machine before I was running Malwarebytes, then why didn't NOD32 detect it when it was first coming in with the realtime detector instead of catching it later WHILE Malwarebytes was running. In other words, NOD32 didn't detect a virus that was already there while I was running a NOD32 daily scan, but NOD 32 actually caught this virus with it's realtime detector while nothing else was happening on the computer besides Malwarebytes running a scan... no internet surfing or email coming in was taking place while Malwarebytes was running and NOD 32 detected the incoming virus with it's realtime detection, as seen in my original screenshots. And NOD 32 identifies the virus as coming THROUGH Malwarebytes. Thanks, numetro

Hi Seagul, Firefox and nosirrah, Thanks for all of your answers. But each of you are telling me something a little different. Seagull is telling me, basically, well, NOD32 caught it, so don't worry about it. Firefox is telling me, "No one security product can protect you or be 100% effective with the ever changing viruses and Malware being made every day."... which is why I have NOD32 as my primary antivirus app and then I use Malwarebytes to detect anything else, which it did in fact do, as I mentioned at the beginning of my original post. Then Firefox is telling me, "Also bear in mind that the Free version does not protect you in real time, you would need the PRO version to help prevent these sort of infections." But My NOD32 is my full antivirus app that provides realtime protection, which is pretty obvious since I stated that it caught this virus that was coming in through Malwarebytes while it was running. If I were to use NOD32 as a realtime antivirus app AND Malwarebtyes Pro as a reatime antivirus app, I believe they would conflict and I've never heard of using two realtime virus detectors simultaneously, and I believe that I've read that using two primary antivirus apps at the same time is not recommended. Then Firefox tells me, "Also you are using EST version 4, you should also update that to version 5."... I know he meant NOD32 4, but since version 4 caught this virus that tried to come in while Malwarebytes was running, I don't see how version NOD32 4 versus version 5 is relevant here, in this conversation. Firefox also advises me to "Download and run mbam-clean.exe", but why would I need to do that since my computer is still virus free. And there is a way to update my Malwarebytes app that can be done directly through the application, so why would I need to install the new free version from another installer? Then in a different bit of advice from nosirrah, basically suggesting that Malwarebytes detected something, meaning wbk442b.tmp, but it didn't alert me to it, but because Malwarebytes was looking at it, then NOD32 detected it and quarantined it and sent up an alert signal like I would have hoped that Malwarebytes would have done. Another response that I got from Tom Mercado with Malwarebytes support suggests that it was all a false positive and that NOD32 was mistaken, in spite of the detailed information about the virus and it's original method of entry that NOD32 gave that Malwarebytes did not. Do you see why I'm a little confused by four distinctly different answers? And then I have a fifth opinion from my friend who had a similar experience when running her Malwarebytes app a few days before my similar experience, but her primary antivirus app did not catch the virus, and it got in to her computer and she had to remove it with yet a different anti-malware app outside of Malwarebytes, but it still said that the virus had come in through her Malwarebytes app while it was running, and the advice that she received was to actually change the name of her mbam.exe file to stop any further invasion of viruses through Malwarebytes. Can you please look at the five different options that I've gathered here and advise me further? Thank you very much, numetro

Hello Malwarebytes support people, I have the free version of Malwarebytes, version 1.51.0.38. I always update the virus signatures in my Malwarebytes before I run it, I've been using it for years and I like it very much. Malwarebytes even caught a virus in a scan after my NOD332 antivirus app missed it one time. But on July 7th, while running Malwarebytes, my NOD32 antivirus app caught a virus that apparently had breached Malwarebytes while it was running, but fortunately my NOD 32 caught it and quarantined it so I could delete it. Below are two screenshots showing the Eset NOD32 alert about this Malwarebytes virus breach and showing the virus while quarantined in NOD32. Can you tell me what to do and if Malwarebytes has addressed this issue?... I'm now afraid to open or run Malwarebytes. I heard from a friend that changing the name of the Malwarebytes .exe file solves this problem, but that sounds a little funky. This is for a Windows 7 Ultimate machine with the free Malwarebytes version 1.51.0.38. Thanks, numetro

Thanks Daledoc1, This time, your more complete description of the path to changing the icon via the right click on the icon and "PROPERTIES > "shortcut" tab > "change icon" button > select the default icon" worked. Except I was selecting the identical "mbamgui.exe" icon, since the actual mbam icon in the programs folder is also defaulted. To change the mbab icon on the taskbar I needed to first get rid of the defaulted one, unpin, then go to the defaulted mbam icon in the start menu and go through the same procedure with it, fix it, then select it and select pin to task bar... now all three look normal and take me to mbam, as they always did since this was a cosmetic problem only. As for all the other fixes, I am weary of downloading and installing anything without a major name on... even some bloated HP software installer and a funky installation process made me nervous. Your final suggestion that, "If you are having problems beyond that, these solutions might not work, and the problems may reflect another issue (possibly malware?)." had to make me laugh a little... the idea of the anti-malware program being affected by maleware is ironically ironic. It's like when the NOD32 tech rep suggested that my antivirus program may be affected by a virus... maybe similar to having to deleted your deleted files from the delete folder. I have NOD32 running all the time and run update database and a full scan with mbam each day while I've been coming over and setting this computer up with W7ULT and checking it for my mom after it died of Vista's disease. Windows 7 is nice, almost Mac like, and very "analyze this and fix that" oriented, just like, as I've learned, PC users enjoy. I can see the big difference between Mac users and PC users is that PC users love and relish fixing, repairing, and talking about fixing and repairing their computers... while Mac users just enjoy using their computers. I do like the little desktop calendar gadget and the speedometer looking CPU and RAM usage thingy, oh and the other usage desktop gadget from the website that shows the progress bars for CPU and RAM usage... that is the little bit of PC user and junior-baby PC IT guy that has developed in me through the last 56 days. I'm sure I'll be able to find those same desktop gadgets for my Macs someplace now that I've learned to enjoy them on this PC desktop. I originally started trying to fix a sound problem in Vista for my mom on her PC 56 days ago... amongst the tons of other corruption, lack of service pack updates that failed in behind the scenes installations, or mis-installations, through Windows auto update (an oxymoron if I ever heard one) was just simply a bad OS. For a novice PC user, as many are, my mom does not use her computer more than maybe once or twice a week doing an email check, looking at the QVC website for a minute and listening to some semi-illegal music in her Windows music player, and some legal CDs too. She's like the lady that only drives her computer to the store on Sunday. Now I've turned her on to a 21 century iTunes app that makes the Window Media Player look like the original horse and buggy compared to a new Z series BMW. Amazingly, the state that I found her PC in when I intervened, as corrupt and messed up as it was, it was virus free with no antivirus software running since her AVG had expired almost a year prior. That Vista computer had destroyed itself with things like auto updates of Realtek and NVIDIA drivers that it didn't need updated to begin with... those two drivers were fine until Windows downdate corrupted them in to oblivion. I could tell you the story of the 7 Microsoft techs (like "The Seven Apostles") that I've been dealing with, 5 on the phone in India, and a couple in China or Japan on email (I'd love to travel as much as my multiple Microsoft service case numbers have) the 2 main MS techs, Alok and Ashish, in India that I spent over 30 hours with on the phone first trying to troubleshoot Vista when I just felt like shooting it instead, having two failed in-place upgrades, multiple corrupt drivers, no sound, constant service failure messages, windows explorer stops and restarts, program freezes, crashes and malaria-like symptoms along with a little cancer thrown in to make the Vista completely suicidal, just as it was making me. I had to turn off the "Windows Problems Reports and Solutions" thingy in Vista because it kept freezing on the desktop... that's another one of those ironies like the old Norton Crash Guard making the old Mac Quadras crash way back in the '90s (that's 1990's, not 1890's)... it's just funny, frustrating and ironic. Finally after the first 33 days of failure trying to keep the Vista monster from devouring Tokyo, and my sanity, one of the Microsoft techs in India took pity and ordered me a gratis copy of the full Windows 7 ULT. That W7ULT installer arrived only to fail 6 times at various points of the "expanding files" stage as my frustration expanded... and that was after blanking out the hard drive and re-formatting it... so there was then no OS or anything on this computer besides the Dell diagnostics test on the utility partition and backed up files on the D drive. I had previously discovered, on my own, the Dell PSA Diagnositc tests built in to the utility partition and, at that point in this history of the bible, was able to determine with a sound diagnostic test that the hardware was sound. The MS techs determined by the error number that it was a defective media installer after we ran a complee hard drive check through the command prompt interface, and a prostate exam on this PC... but the diagnosis of a defective W7 installer disk turned out to be COMPLETELY WRONG... but I may not sue for malpractice. That MS tech, Alok, who I grew to know like an angry brother while we spatted on the phone about whether or not we were going to try to delete ghost drivers in Vista, then ordered me a replacement W7 installer disk for the original W7 installer disk that was ordered as a replacement disk in the first place. After a week of waiting for that 2nd disk to arrive, I grew frustrated that my mom was sitting with a hard drive that was as blank as GB Junior's brain. So I tried the first original W7 installer disk again, for the 7th time while waiting in frustration for the 2nd disk to arrive, and out of nowhere, it installed completely... I was so happy that I could have run naked through the Castro district in San Francisco, but my hetro tendencies and love of women kept me from doing that. So I went happily along installing all the accoutrement on the fresh new W7ULT. The I started getting some error messages, service stoppage panels, crashed programs and the cancer remetastisized in the patient, even after the W7 transplant. Then one prophetic night when I was installing a simple RealPlayer plug-in, the new 9 day old W7ULT baby glitched and crashed and was un-retrievable... no restore points would show, then it wouldn't boot in safe mode, unsafe mode or any mode... there was no mode... it was dead again after only 9 short days of W7 life. Then after being up all night on a Friday night with this Friday the 13th type of horror upon me, Microsoft tech support opened at 6:00 am and I got on the line with the installation specialists... 3 of them, in addition to 4 or so mutant customer service people in various parts of the world. Now armed with TWO W7ULT disks, we tried and tried, actually about 11 times, to re-install W7 to no avail. Early that morning, one of the MS phone tech installation experts, an Indian woman with an attitude, said if I was having crashes previously that resulted in the BLUE CRASH DUMP screen that it indicated bad RAM... but not one of the other MS technicians, not even one of the Seven Apostles, in 49 days of problems, at that point, with Vista and Windows 7, had suggested that RAM may be the problem... not even once... the Vista had it's own problems and was very corrupt anyway, but now bad RAM was being implicated in this crime. Then I remembered there is a RAM test interface located on the Dell utility partition, along with the formentioned hardware tests that I found. So I ran the diagnostic test and it showed the RAM as being DEFECTIVE... it FAILED the diagnostic test! Apparently this one gig of RAM has always been defective and has been reeking havoc on this computer and my mom for 4 years... and now me while trying to repair this poor creature of a machine for 49 days at that point. I believe that Dell sold many many computers with defective RAM in the past, and probably still is. I learned through another experience 10 years ago with installing RAM on one of my Macs that defective RAM is fairly common and makes a machine work correctly sometimes and completely schizophrenic at other times... the major clue for me turned out to be this one angry MS tech rep finally telling me that the blue crash screen indicated defective RAM... I always thought the blue crash screen was just another pesky problem built in to Windows, like the old "You have performed an illegal operation" error message that us Mac users used to laugh at in PC disgust, so I never never related it to the RAM before that morning. Apparently defective RAM is so common in the computersphere that digital departments buy $5000 machines to test their RAM before putting it in their important workhorse computers... I found out about this when working in the Macy's photo retouching/advertising department in San Francisco, the northern California Baghdad by the bay. Maybe now they don't have to buy or use those expensive RAM testers since hardware diagnostics is often built in to today's computer operating systems and manufacturer firmware, like this Dell PSA Diagnostic test that enlightened me. So I took the antique Dell from 2006 down to the Geek Squad at the local Best Buy store, and within an hour it had 2 gigs, not just one, of fresh, new, quality PNY RAM and the W7ULT installer then ran and completed the very first time after the new RAM installation, as it should. Now this thing runs like a dream and it hasn't crashed once in 7 days of setting up everything again. And working on it again today setting things up, while writing this letter, having 5 different programs open, 8 windows, 15 tabs open on each of 3 browser windows and listening to internet French jazz radio on the PC version of iTunes (again, irony)... and not one crash, no Windows error messages, no programs stopping, and no failures of any sort that were plaguing me in the last 45 days and my mom for 3 years before... not one. Now, on day 56, Windows 7 ULT seems like a dream... no longer the nightmare that was invading my sleep and waking time... and that's coming from an avid Mac user. This computer is now as stable as an Egyptian Pyramid and as clean as a freshly showered virgin princess. And my mom has a new machine with a copy of Windows 7 ULT compliments of a particular Microsoft tech in India, and 126 bucks for the 2 gigs of RAM and installation compliments of me. Now I have created a system repair disk and I'm also about to create a disk image system backup set of DVDs too, besides already having burnt file backups... just in case. But I am positive that the bad RAM is what was reeking havoc on this machine and making the installer disks work 1 out of 18 tries...but something in the future could always happen again with funky 3rd party software installers and the like. I had a weird experience the other night with an "HP Deskjet Full Feature Software and drivers" installer... it was a weird process of disconnecting the printer first and then running the installer, then re-plugging in the USB connection during the installation when prompted by the installer process... I was nervous about it, but it installed correctly. But then the scan-to-email function didn't work the way an online HP chat person said it would during an hour long chat. And the huge 246 MB downloaded "HP Deskjet Full Feature Software and drivers" installer installed 6 applications hiding in the one installer... there were apps installed for everything from shopping for HP supplies to Martha Stewart cookbooks. I just ended up doing a restore point back to 5 hours earlier instead of uninstalling all the extra software that this crazy installer put on the computer. Now I re-installed that HP software again, finding the part of the installation interface that let's you leave out the supplies apps and the Martha Stewart cookbooks... but, or course, the desired scan-to-email function isn't there or doesn't work as promised by the HP specialists... my mom liked that feature on her old Vista because she can't navigate to a folder and click on the paperclip icon, as I've tried to gently and patiently teach her several times. So why this story that's longer than the bible?... to prove why I am scared of downloading and running mbam-clean.exe, of course! I really didn't take me 6 hours to write this letter, as it may seem, since parts of it were copied and pasted in from a prior letter that I wrote to the MS tech reps that helped and hindered me over the last 56 days... but it may seem that it took longer to write this letter than to go through the actual experience described above. I still have the habit though, while typing on this machine, of copying and pasting whatever I'm writing into a text document after every nine words or so that I write for fear of a crash dumping everything I've written... but like I said, this machine hasn't crashed once since the fresh RAM and the following W7ULT installation a week ago today... that terrible and joyous day. The moral of the story?... buy a Mac and make sure it has good RAM in it. Enjoy, and don't get too techy, And Thanks! numetro

Hi Daledoc1, Thanks for your reply. I can see when I go through the threads that you pointed me to that many other people are having the same problem, including you. You said the fix for you was "If you right click on the icon and choose to change the icon, then point it right back to the program and choose the normal icon, that too may fix it." But when I right click on the icon there is no "choose to change icon" option, so I'm not sure how that fixed the icon. This is the only icon that I'm having this problem with. It changes to the Windows default icon in the taskbar, on the desktop, in the start menu and in the programs folder... yet the "mbamgui.exe" app, also in the programs folder, shows it's icon as correct... that is the only MBAM icon that does show up as correct. All the rest of the stuff about downloading apps and installing them to fix an icon, rebuilding caches, turning off antivirus, doing un-installs and re-installs, like I've been doing, restarting and running "mbam-clean.exe" restarting twice... it all sounds like a lot of risk and trouble to keep one icon looking as it should to begin with. Where is "choose to change icon" when you right click?... what is "mbamgui.exe" in the MBAM folder in the programs folder, and why is it the only MBAM app that keeps it's icon correct. I've un-installed and re-installed this program 5 or 6 times now just to keep the icon normal... it stays good for a couple of days and then either defaults on it's own or it defaults if I install another new application. I'm just setting this PC up for my mom and I'm about to dump MBAM just because it won't keep it's icon right for a few days or through installing some other application... no other apps out of about 10 that are now on this PC have this problem. I feel kind of dumb just spending the time writing about it now, let alone doing the constant un-installing and re-installing... some of the user descriptions on fixing this problem sound like they are describing a procedure that would have taken place at the Manhattan Project. Thanks, numetro

Hi all you byters, The Malwarebytes icon on my desktop, the one in my taskbar and the one in the start menu in Windows 7 goes to Windows default icon over and over again. I uninstall and re-install Malwarebytes and the icon stays as the correct logo for a few days, then turns in to the default Windows icon, which is kind of annoying. Does anyone have the same experience or have a solution? Thanks, numetro