Jump to content

DonZ

Honorary Members
  • Posts

    74
  • Joined

  • Last visited

Everything posted by DonZ

  1. I restored the keys that were originally quarantined since I have now multi-quarantine entries. For what it is worth, this issue with MBAM heuristics stated a couple of days again. Prior to that all was fine. Image_File_Execution_Options_2.txt
  2. Also appears this is not a new issue? https://forums.malwarebytes.org/index.php?/topic/156567-mbam-not-getting-along-with-emet-50/
  3. Here's the reg key. Note that wininit.exe and wuauclt.exe are missing from the root since MBAM quarantined them. They are listed under the C: subkey. Appears EMET uses that C: subkey. Image_File_Execution_Options.txt
  4. Did some research. All those keys that have been quarantined are used for is setting SEHOP. So I am clueless as to why MBAM all of a sudden wants to flag them.
  5. Here's the most recent log. I thought I found the problem. For those registry keys, appears for some reason EMET did not add a DisableExceptionChainValidationKey. I added it and ran another MBAM scan but MBAM still flagged the same keys. So if you guys can't come up with a reason, I might just reinstall EMET 5.1. MBAM_log_02-160-2015.txt
  6. WIN 7 SP1 x64, MBAM ver. 2.0.4.1028 Recently whenever I do a MBAM threat scan, it is detecting what is shown in the below screen shot. MBAM heuristics is detecting these. They occur after I modify applications within EMET 5.1. I am fairly certain these are valid registry entries that MBAM is alerting on.
  7. Ok. Back from a short vacation. Did a cold boot today after PC, WIN 7 x64 SP1, MBAM Pro latest ver., sat for a few days and no strange event log entries after the cold boot. Perhaps a hiccup up with this new ver. of MBAM after initial installation? Really don't know but problem appears to have corrected itself. Full scan with with Norton AV 2012 shows clean. Also clean with the latest version of Emisosft Anti-malware which I use as a stand alone scanner. Since this Anri-malware 7.0 ver. includes the Bitdefender engine, I feel confident I am clean.
  8. There is something definitely strange with this updated version. Today after I did a cold boot after the clean install I did using MBAM_Clean, etc. as noted above, I had over 60 WIN 7 firewall inbound blocks from svchost to/from IPs like 93.184.215.73, 50.17.232.268. Additionally I had an inbound a DNS block from NortonDNS which I use as my DNS server. I have never seen anything like this before. I beleive MBAM uses Ip 93.184.215.73 which is Edgecast. I did a few AV and anti-malware scans including Norton PowerEraser and I am clean as a whistle. Also no strange outbound activity per monitoring with TCPView. What I did notice that MBAM icon appeared immediately after desktop initiialization but it was gray colored for a minute or so. I will be out of town for a few days but will definitely post back if this weird cold boot activity persists. BTW - this doesn't occur on a regular restart.
  9. I had the same issue plus updates were not working right either. WIN 7 x64 SP1. I just uninstalled MBAM. Ran MBAM_Clean. Rebooted and downloaded latest ver. again and installed. Everything working now. My experience with MBAM updates on WIN 7 has no been good. Maybe MBAM should just instruct people to uninstall, clean, download latest ver., and install. Only takes a few minutes to accomplish.
  10. Kapersky is all over the place. Anywhere from 2MB when PC is idle to 100MB when is doing scanning, etc. It's memory management does appear to be fairly efficient in that it does release memory resources when not needed. BTW - There was an issue with my WIN 7 PC I did not mention previously. When I reinstalled MBAM Pro after running MBAM-clean and after KIS 2012 was installed. MBAM Pro was starting up immmediate at PC boot. I did checked mbamservice and it was set at auto delayed as it should be. Recently I reactivated MBAM Pro realtime protection including startup at boot time option. Guess what? MBAM Pro now starts up delayed. Go figure. I decided to use MBAM Pro real time protection again after throughly checking out KIS 2012 Web Virus protection and not being overly impressed. The URL protection is bogus to say the least. I used to think Norton's Safe Search held the record with the number of "good" web sites. KIS 2012 puts Norton's Safe Web far behind! Appears almost every site is OK to KIS 2012 URL protection with a few unknowns thrown in I guess to make it appear it is doing something. KIS Web Virus only scans Windows Script Host scripts and not JAVA scripts that contain most of the malware. I can go on but I think you should get the picture.
  11. Normally I would agree with you. However, I have KIS 2012 Web Site protection cranked up to max settings. Considering it has URL and dangerous web site blocking, hueristicis, phishing, and script protection, I feel I am adequately covered. As to the mbamservice.exe memory issue, I beleive it has a memory leak issue with the current version. Yesterday with realtime protection turned off, it was using 2.5MB. Today with no MBAM configuration changes it is using 4.3MB. Also yesterday when I had the PC on all day, mbamservice.exe memory just kept increasing in size. I beleive you as far as what you stated in regards to CNET . However if I were MBAM, I would order CNET to change it's download icon since It's format indicates that an installer/bundle is present. Whenever I see one of those icons, I look for another web site.
  12. Well, mbamservice went up to 46MB. So I watched it for a while in Task Manager when I was surfing. Most of the time, it used 0% CPU. So I have concluded it is doing nothing but using memory resources. So I have solved this problem. I have disabled real time protection. I do houly updating with a memory flash scan. That only has mbamservice using 2.5MB which is acceptable.
  13. Yesterday uninstalled all my existing security software; PrivateFirewall, Norton AV 2012, and MBAM Pro. Ran respective cleaners for Norton and MBAM. Installed Kapersky 2012 without incident. PC running great. This morning I installed latest version of MBAM. Set all exclusions for Kapershy and MBAM as recommended. Definitely did not download it from spyware monger CNET! Shame on you MBAM for using that outfit and having all your customers install CNET's tracking software. Anyway activated MBAM with my Pro license key. Guess what? Mbanservice.exe is currently using 33MB of memory; same amount allocated as previously. My advice - improve your product's resource allocation methods.
  14. As far as I am concerned, there are no legit keyloggers. Employers install them and spouses to spie on the signifigant other. Most malicious ones I know of would probably evade Kapersky's Safe Mode for on-line banking. Using KIS's virtual keyboard might help but some of these bad guys can trap that. I'll run the AKLT test and see how KIS does with keylogging protection enabled.
  15. Just installed KIS 1012 after uninstalling PrivateFirewall, Norton AV, and MBAM Pro. Ran clean tools for MBAM and Norton. One recommendation I will make is after running these clean tools, go into Device Manager and make sure nothing is hosed. Norton's removal tool hosed my USB card reader registry entries. Figures ... Uninstalled both and did a scan for new hardware and let WIN 7 reinstall them without incident. You really don't want to install something like KIS with hosed hardware. Installed KIS 2012 w/o incident now. Shaking it down presently. One interesting setting they had set off is keylogging protection. Don't now why that was set off. I am debating installing MBAM Pro's realtime and URL protection. KIS is literally monitoring every IE9 TCP connection for the same. From what I have determined from the KIS user manual, KIS realtime protection far exceeds anything in MBAM Pro's realtime connection. Plus after some pondering, I enabled KIS's cloud scanning. Really didn't like their data collection policy but I wanted that additional cloud protection. Finally pleasantly surprised with KIS performance so far. Previously had read all these negative comments about how KIS slowed browsers, etc. So far have seen none of that.
  16. I agree with this approach. You definitely don't want one security product uninstalling another; that is just asking for problems. What was quoted to me previously in a separate thread in this forum was that KAV/KIS would install OK with MBAM installed and active. Obviously, that is not the case based on OP's experience.
  17. Just double checked by WIN 7 installation. Mbamservice.exe is currently using 35,112K. That is 35MB approximately. I am an IT pro. I know the difference between KB and MB.
  18. Thanks for this important info! It will save me a lot of grief. BTW - this procedure also conflicts with prior advice I was given on this topic in this forum.
  19. Recently on a visit back home, I did my usual tune-up of my daughter's and son in-law's PCs. Both are old and at the time using minimum memory; 512MB and 764MB respectively. On both PCs, current version of MBAM Pro installed. Real time and IP blocking enabled. On the 512MB PC after a clean install of MBAM Pro, I was able get mbamservice.exe to use around 30 - 40MB. After I installed another 512K of memory to that PC, mbamservice.exe went up to 100+MB! On the other PC no matter what I tried, mabamservice.exe stayed at 100+KB. I also finally added more memory to that PC. I think this is a bit rediculous. No app should consistently use that kind of memory. On my WIN 7 installtion with 8GB of memory, mbamservice.exe uses 30 - 40MB on average.
  20. This is interesting since I plan on shortly installing KIS 2012 on my WIN 7 x64 installation with MBAM Pro installed. According to Kapersky's web site, MBAM is not listed as a conflicting application. I wonder if poster had MBAM's IP blocking and real time protection active at time of KAV installation? Also was "the start with windows" option unchecked and the PC rebooted prior to the KAV installation?
  21. I plan on installing MS Security Essentials on a WIN 7 x64 SP1 box. Should I: 1. Disable MBAM Pro Enable Protection, IP blocking. and Start With Windows options. 2. Reboot. 3. Install MSE. Reboot if required. 4. Set MBAM exclusion in MSE per FAQ instructions. 5. Open MBAM and set MSE exclusions. 6. Re-enable Protection, IP blocking. and Start With Windows options in MBAM Pro. Or: 1. Uninstall MBAM. 2. Run MBAM Clean. 3. Reboot. 4. Install MSE. Reboot if required. 5. Install MBAM Pro but don't activate real time protection. Reboot I believe is required. 6. Set MBAM exclusion in MSE per FAQ instructions. 7. Open MBAM Pro, and set MSE exclusions. 8. Re-enable Protection, IP blocking. and Start With Windows options in MBAM Pro. I would prefer doing the former rather than the later but want to avoid any conflicts between MBAM Pro and MSE.
  22. Anyone know how MBAM Pro and Kapersky AV 2012 run together on a WIN 7 x64 install? What exclusions are necessary for both the above? I didn't see Kapersky referenced in the forum FAQ.
  23. Per the link given in the post by DarkSnakeKobra: If you are already experiencing the freezing issue: Restart your computer in Safe Mode (instructions at this link), uninstall Malwarebytes' Anti-Malware and restart your computer normally. Once you've started back into normal mode, reinstall Malwarebytes' Anti-Malware, but do not enable the protection module yet. Did you try this and then proceed with setting the exclusions and finally enabling the protection module? Note: this assumes you are running MBAM Pro, since it is the only version that runs in real time. Also no mention is made in the MS Essential exclusion write up about excluding mbam.sys. The only ones mentioned are the the files in MalwareBytes Anti-Malware folder,C:\Program Files(x86); mbam, mbamgui, and mbamservice.
  24. If NOD32 caught it, it never would have been stored in the IE temp directory. Bottom line - NODAD32 does not appear to scan scripts in realtime or at the time of the dowmload, NODAD32 did not have a signature for it.
  25. Ignore my comments on AMON and IMON. Appears to apply to earlier versions of nod32 and possibly only the commercial versions. Since you did configure eSET to block HTTP scripts and it obviously did not, I guess you have to get with eSET about that. As said previously, they possibly did not not have a sig. for it at the time the script was downloaded. Script sat in IE temp file until MBAM accessed it via the manual scan at which time an updated nod32 virus database sig caught it as stated previously. Question is was that script run prior to the MBAM access by using sleath malware from infected web site? BTW - MBAM Pro has scheduled update/scan options. I update hourly and run a flash memory scan also only available in the Pro version scan after every update.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.