Jump to content

Faith in MBAM protection following FP Trojan...ED attack?


Recommended Posts

Helplessly, I watched my machine quarantine system files by the hundreds while my attempts to stop it only exacerbated the situation.

After finally forcing a shutdown, I went to another machine to perform search and rescue for the disabled machine, logged onto the net, accepted the MBAM update pop-up thinking it would help protect me from another heinous attack and before the thought left my mind, an attack on machine # 2 ensued.

I proceeded to machine # 3 and for some reason didn't accept the MBAM update pop-up, which allowed me to finally learn what had occurred.

I realize humans are imperfect. I very much appreciate Malwarebytes acted promptly in this situation. I have never had any serious issues with Malwarebytes program and it has effectively protected my systems for years.

That said, I depend on my computers for my livelihood.

I am deeply concerned and struck by the irony that said attacker is actually the one I put my faith in and paid to protect my machines.

I feel unsure as to how to proceed. I would sincerely appreciate a straight forward statement from Malwarebytes as to:

1. what happened and why,

2. what will be done to prevent any similar event from occurring and why I should have faith that it will work,

3. and lastly, tell me if they believe it is the best choice to continue to enable filesystem protection and automatic quarantining of filesystem threats.

Thank you.

Link to post
Share on other sites

Malware software rely on definitions. There is a defined segment of software, with some sort of signature, that makes it almost universally recognizable, that anti-malware software use to look for that particular file in all the files on your computer. Each particular instance of a malware program has a unique (usually) signature that these programs put all together into a single database so that they can scan for thousands, even tens of thousands of malware files on your computer.

In this fiasco from last night, apparently the signature for one particular piece of malware, trojan Downloader ED, was messed up - so much so that it matched a lot of normal files on your computer. And MBAM was doing its job.

For the future, don't reboot your computer or force a shutdown - that is the fastest way to really break it - when the scan is sunning press the exit button - it may take a few minutes, but then you get a chance to go to the quarantine section and unquarantine any files it quarantined before rebooting, and preventing a system meltdown.

Of course, this is hindsight, but also disabling the auto quarantine function will save you a lot of time - but in retrospect, it will also cost you some time b/c everytime a potential infection is found in the future, you'll be the one making the decision to keep it or not - and that mens that you have to be proactive.

I hope that answers your questions.

Link to post
Share on other sites

era:

The word "attack" in your thread subject is overblown and unwarranted.

The word "attack" conveys a deliberate and planned offensive measure.

A False Positive is never deliberate or a planned event. It is an accident. Yes there are or may be detrimental consequences to a False Positive declaration but it was not a deliberate act. Unfortunately and historically all anti malware software suffers from a False Positive from time to time. Some events more traumatic to the user than others. But to use the inflammatory word attack is excessive, overblown and unwarranted. The mistake should not in any way be construed as an attack.

Link to post
Share on other sites

John, it's admirable of you to offer your help and support to the many customers and users of MBAM. Thank you for sharing your time and knowledge to help me understand what happened and what's best to do in a similar event. I appreciate it.

I tried diligently to avoid shutting down, which seemed to make matters even worse. The first thing I did was to try and open Malwarebytes, but it was locked up. Nothing responded. Very shortly, the screen went black, the computer was completely unresponsive and remained that way. I used another computer to research the problem and once the new file was posted with instructions to boot in safe mode, I forced the computer off, booted in safe mode and applied the fix. Although 363 files show quarantined, the computer is running well and has indicated no other problems. I've checked randomly on many of those files and each exists in its place. My other laptop was not so lucky. It won't even boot.

Mr. Lipman, my use of the word "attack" was not an attempt to hurt anyone or to purposely call the event something it was not. What happened yesterday felt like an attack and acted like an attack, and at the time, that is what I thought it was. I have a $2,000 computer that won't boot. I'm not happy about it, but I'm not angry. I simply wanted to know what happened and to hopefully hear that some form of security or test can be put in place to prevent this from happening again. I was not attacking Malwarebytes by purposely labeling what happened as an "attack" and it's obvious I lacked the knowledge to refer to the event accurately. Thank you for correcting me. If you are truly sincere about helping to educate others, your information would be shared and taken more effectively and successfully if you give it without belittling someone and without anger.

Link to post
Share on other sites

Are all malwarebytes definitions scanned in a test envorment agains supported operating systems (all the combinations of service pack levels, localizations, CPU architectures) as well as popular applications (Microsoft, Adobe, Google, et cetera) before releasing them to ensure a hit on a false positive doesn't reach their customers?

Link to post
Share on other sites

Are all malwarebytes definitions scanned in a test envorment agains supported operating systems (all the combinations of service pack levels, localizations, CPU architectures) as well as popular applications (Microsoft, Adobe, Google, et cetera) before releasing them to ensure a hit on a false positive doesn't reach their customers?

I imagine that will be part of their workflow now...

Link to post
Share on other sites

In my humble opinion, taking responsibility for ones own actions is becoming more and more rare, and it is also my opinion that someone who passes the buck and refuses to acknowledge their part in something deemed negative is a fearful coward. When I see this behavior in a person or a business, I steer clear of them, because that is the most one can expect from them and it's likely it won't get any better than that.

I have always been a strong promoter of this company's Malwarebytes product and when things went awfully wrong yesterday, I wanted more than anything for them to be straight with everyone, tell it like it happened, take ownership of any fault and then share solutions on the agenda. That is exactly what Marcin, CEO of Malwarebytes, has done and I appreciate it very, very much! His action speaks volumes to me, and I believe the situation, as bad as it is for some, is being handled with great diplomacy and responsibility. I sincerely wish for them as much patience and understanding as is possible from those who are suffering and much support from people like myself who have benefited by having this wonderful product for so long. I also hope they come out stronger than ever for having gone through it and for handling it they way they are.

Show me someone who hasn't made a mistake or learned something via the school of hard knocks and I'll show you someone who hasn't done anything in their life. What is learned and how that learning is positively put forth is key.

I wish I could offer help to them, but I am useless here. I will help by sharing what I believe to be a wonderful product with wonderful people behind it. These are people I am proud to do business with. Thank you!

Very sincerely,

Susan

Link to post
Share on other sites

John, it's admirable of you to offer your help and support to the many customers and users of MBAM. Thank you for sharing your time and knowledge to help me understand what happened and what's best to do in a similar event. I appreciate it.

I tried diligently to avoid shutting down, which seemed to make matters even worse. The first thing I did was to try and open Malwarebytes, but it was locked up. Nothing responded. Very shortly, the screen went black, the computer was completely unresponsive and remained that way. I used another computer to research the problem and once the new file was posted with instructions to boot in safe mode, I forced the computer off, booted in safe mode and applied the fix. Although 363 files show quarantined, the computer is running well and has indicated no other problems. I've checked randomly on many of those files and each exists in its place. My other laptop was not so lucky. It won't even boot.

Mr. Lipman, my use of the word "attack" was not an attempt to hurt anyone or to purposely call the event something it was not. What happened yesterday felt like an attack and acted like an attack, and at the time, that is what I thought it was. I have a $2,000 computer that won't boot. I'm not happy about it, but I'm not angry. I simply wanted to know what happened and to hopefully hear that some form of security or test can be put in place to prevent this from happening again. I was not attacking Malwarebytes by purposely labeling what happened as an "attack" and it's obvious I lacked the knowledge to refer to the event accurately. Thank you for correcting me. If you are truly sincere about helping to educate others, your information would be shared and taken more effectively and successfully if you give it without belittling someone and without anger.

Thank you so much for the kind words. As I've told the staff here I just happened to be the right guy in the right place at the right (or wrong, depending upon your POV) time.

As for your laptop, using a Window 7 Installation DVD you can perform an inplace 'upgrade' that leaves all your files and programs and most (not all) of your settings intact. See http://www.sevenforums.com/tutorials/3413-repair-install.html for more information - its a lot better option than formatting your HD and losing everything.

As for Mr. Lipman, I'm sure he was not trying ot belittle you - but here's something to put this whole scenario into light.

You were dealing with 1-3 computers that had issues. I was dealing with 6-7 including my own personal machine (which I thankfully saved before anything serious happened).

The staff here have been dealing with thousands of machines, both in the forums and in the support channels. And it's been like this since around 6:00 PM EDT last night. I know b/c I was one of the first to report the FP problem after I saw what it was trying to do on my system. I, myself, spent the vast majority of a time span of 8 hours just in here trying to help and keep people calm and anything else that I could do to help. The staff here is always courteous and professional, so please do not take anything that that Mr. Lipman said out of context - it was meant to be a correction, nothing more, and if he actually had the time to think about what he wanted to say instead of being "knee deep in the weeds", as we used to say in the restaurant business, I'm positive it would have not seemed nearly as harsh as it did.

In my humble opinion, taking responsibility for ones own actions is becoming more and more rare, and it is also my opinion that someone who passes the buck and refuses to acknowledge their part in something deemed negative is a fearful coward. When I see this behavior in a person or a business, I steer clear of them, because that is the most one can expect from them and it's likely it won't get any better than that.

I have always been a strong promoter of this company's Malwarebytes product and when things went awfully wrong yesterday, I wanted more than anything for them to be straight with everyone, tell it like it happened, take ownership of any fault and then share solutions on the agenda. That is exactly what Marcin, CEO of Malwarebytes, has done and I appreciate it very, very much! His action speaks volumes to me, and I believe the situation, as bad as it is for some, is being handled with great diplomacy and responsibility. I sincerely wish for them as much patience and understanding as is possible from those who are suffering and much support from people like myself who have benefited by having this wonderful product for so long. I also hope they come out stronger than ever for having gone through it and for handling it they way they are.

Show me someone who hasn't made a mistake or learned something via the school of hard knocks and I'll show you someone who hasn't done anything in their life. What is learned and how that learning is positively put forth is key.

I wish I could offer help to them, but I am useless here. I will help by sharing what I believe to be a wonderful product with wonderful people behind it. These are people I am proud to do business with. Thank you!

Very sincerely,

Susan

Marcin has always been one of the good guys, and I have complete faith that this will be fixed so it never has a chance of happening again.

And as for you being helpless - not at all. Your kind words of encouragement, your faith in Marcin and the company and your willingness to keep a level head even when responding to Mr. Lipman's post - I'd say it's people like you that keep a company like this operating.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.