Virus breach Malwarebytes while it was running

[numetro]

My NOD32 caught an HTTP script (or an HTML script or how ever many names you want to call it) while it was coming in through or because of Malwarebytes, so why wouldn't NOD32 have caught it when it was coming in previously through a web browser like you are claiming?

I've already said umpteen times that it caught this stuff with realtime detection AND it runs everyday with the very same updated virus signatures in a full scale scan of both hard drive partitions.

If I should disregard what you said about AMON and IMON, then why bring those things up to begin with?

I'm not sure if you guys are just glossing over what I'm writing in an effort to answer as many questions as possible in a short amount of time as possible or what, but I give up.

[shadowwar]

I have done my best to explain this too you. I am sorry if you do not understand me.

The best i can suggest is to research on your own what temporary internet files are and how virus/malware scanning works.

I have nothing more to add.

Good luck.

[DonZ]

My NOD32 caught an HTTP script (or an HTML script or how ever many names you want to call it) while it was coming in through or because of Malwarebytes, so why wouldn't NOD32 have caught it when it was coming in previously through a web browser like you are claiming?

If NOD32 caught it, it never would have been stored in the IE temp directory. Bottom line - NODAD32 does not appear to scan scripts in realtime or at the time of the dowmload, NODAD32 did not have a signature for it.

[DarkSnakeKobra]

@numetro

You were running a scan. That is completely different then actively protecting your computer. As stated several times the free version of Malwarebytes' does not offer the ability to monitor your system 24/7 only scan and remove when you run it. When you run Malwarebytes' Free it pops open the program and you give it instructions to check existing files on your computer. Real-Time protection on the other hand is always running in the background and checking new files that are introduced to your computer and existing files and shows an alert. When you run the application it does not necessarily mean is protecting you. While scanning your computer any malware can hide itself or attack Malwarebytes' to prevent removal. Although this is not what happened. What happened was Malwarebytes' was checking your computer for existing malware which Nod32 read the Malwarebytes' scan process. This is quite common when running security applications. Nod32 probably did not notice it right away as it may not have had the signature available. It would have found it eventually, but it was not being used so therefore wasn't detected right away. Active threats or threats introduced to the system are found much quicker with the real-time protection compared to dormant or non active threats.

Edit: Think of scanning as going through a box of stuff. You examine one by one everything in the box and if you see anything undesirable you remove it. Anything new gets added to a second box. You aren't able to read or see that box until you finish your existing box and start over. Now think of real-time protection as adding a helper to your box sorting. This helper looks at everything new that is going to be added to the box. Anything undesirable is dealt with immediately by running it past the second person and tossing it. Hopefully that makes sense.

[Firefox]

numetro, bottom line is it was your NOD32 that failed to detect this threat you have found and removed. Malwarebytes was just the program that touched the file that alerted your NOD32. I honestly believe that the answer you seek is better answered by the folks at NOD32. Perhaps you should direct your question to them in their forums.

In my opinion (this is my opinion only).... you are going to continue to get these sorts of things until you upgrade to the latest versions of software on your computer. I would think that even the folks at NOD/EST are going to suggest you upgrade to the latest version of their AV. Yes your version may be using the same database file as the latest version, but its the programs NEW technologies and detection capabilities that were probably added to the newer version that may have detected this file in the first place, then again that is only a question the folks at EST/NOD can answer.

[Guest Seagull]

I agree with Firefox. I am using the latest version of ESET Smarty Security 5 (5.2.9.1) which includes the NOD32 Anti-Virus and I have never experienced or had any issues with anything getting past ESET.

I have the settings tweaked in ESET to allow maximum protection, and I never had anything make it onto the computer, it would stop it by blocking the IP or if something was malicious on a web page it would kill it and if ESET didn't have a malicious IP blacklisted yet, Malwarebytes would then step in and block it (Thats why the PRO version is worth it).

Almost every single major build from any Anti-Virus company includes detection enhancements, as Viruses and Malware are becoming more and more sophisticated all the time, they need to stay on par with the Malware writers, thus why everyone here on the forum recommends the PRO version of Malwarebytes.

I have read through this post and they have answered your same question several times and you still don't understand, instead of me beating a dead horse with a stick refer to DarkSnakeKobra's post, he pretty much went into full detail for you and has the same answer for you that the experts and researchers of Malwarebytes been telling you.

I hope your questions have finally been answered for you so this topic can finally be layed to rest.