Jump to content

Malwarebytes PRO did not block malwares - did not protect my computers


Recommended Posts

I clean my computers of virus and malware, then I bought the 3 pro versions of Malwarebytes (each for all my computers) thinking that my computers will be protected, but I was surprised that everytime I scanned these computers (after installing the PRO) I always find malicious software. Each time I would removed them and new ones would be back in following weeks.

 

My question here is why: Malwarebytes Anti-Malware PRO is not protecting my systems as advertised?

 

Ad Quote: "Malwarebytes Anti-Malware PRO monitors every process and stops malicious processes before they even start. The Proactive Protection Module keeps your system safe and secure with advanced heuristic scanning technology..."

 

It' s been over 6 months since I bought full pro version, and this statement hasn't work for me. How can I make this PRO version work preventively without having to scan my 3 computer every week?

 

Thanks

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:
 
Please start MBAM and go to the LOGS tab and open a couple of the recent Protection logs and post those back here please.
 
Then check for updates and then do a Quick Scan and post that log back here.
 
 
 
Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply as an attachment: DDS.txt and Attach.txt
  • You can ignore the note about zipping the Attach.txt file and just post it or attach it.

 

 

Next, Please create an mbam-check log:
 

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post

 

 

Link to post
Share on other sites

hi Ron,

Thanks for your prompt response.

 

I cant really copy all the week scans since March 2013 I bought the PRO  for all the computers to October. That is too much additional works. But below are 4 samples logs with the latest malicious screenshot.

 

I hope that could help.

 

 

-----------

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
 
Database version: v2012.04.04.01
 
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
user :: USER-HP [administrator]
 
4/3/2012 7:10:36 PM
mbam-log-2012-04-03 (19-10-36).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191628
Time elapsed: 4 minute(s), 29 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
 
Database version: v2012.04.04.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-HP [administrator]
 
4/8/2012 1:33:14 PM
mbam-log-2012-04-08 (13-33-14).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192342
Time elapsed: 4 minute(s), 9 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\user\Downloads\SoftonicDownloader_for_mozilla-firefox.exe (PUP.ToolbarDownloader) -> No action taken.
 
(end)
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
 
Database version: v2012.04.04.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-HP [administrator]
 
4/9/2012 7:36:32 PM
mbam-log-2012-04-09 (19-36-32).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193873
Time elapsed: 3 minute(s), 59 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\user\Downloads\SoftonicDownloader_for_mozilla-firefox.exe (PUP.ToolbarDownloader) -> No action taken.
 
(end)
 
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
 
Database version: v2012.05.31.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-HP [administrator]
 
5/31/2012 1:03:30 PM
mbam-log-2012-05-31 (13-03-30).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242251
Time elapsed: 3 minute(s), 44 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.05.07
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
user :: USER-HP [administrator]
 
Protection: Enabled
 
10/5/2013 10:58:04 PM
mbam-log-2013-10-05 (22-58-04).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257758
Time elapsed: 19 minute(s), 45 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 8
HKCR\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE} (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3} (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72} (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKCR\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C} (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKCR\AlxTB2.ToolBarProxy.1 (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKCR\AlxTB2.ToolBarProxy (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE} (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE} (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EA582743-9076-4178-9AA6-7393FDF4D5CE} (PUP.Optional.AmazonTB.A) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EA582743-9076-4178-9AA6-7393FDF4D5CE} (PUP.Optional.AmazonTB.A) -> Data:  -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Program Files (x86)\Alexa Toolbar\AlexaToolbar.10.0.dll (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
 
(end)
 
 
 
2013/10/05 17:28:03 -0400 USER-HP user MESSAGE Executing scheduled update:  Daily
2013/10/05 17:28:09 -0400 USER-HP user MESSAGE Starting protection
2013/10/05 17:28:09 -0400 USER-HP user MESSAGE Protection started successfully
2013/10/05 17:28:09 -0400 USER-HP user MESSAGE Starting IP protection
2013/10/05 17:28:13 -0400 USER-HP user MESSAGE IP Protection started successfully
2013/10/05 17:28:43 -0400 USER-HP user MESSAGE Starting database refresh
2013/10/05 17:28:43 -0400 USER-HP user MESSAGE Stopping IP protection
2013/10/05 17:28:43 -0400 USER-HP user MESSAGE IP Protection stopped successfully
2013/10/05 17:28:43 -0400 USER-HP user MESSAGE Scheduled update executed successfully:  database updated from version v2013.10.04.06 to version v2013.10.05.06
2013/10/05 17:28:46 -0400 USER-HP user MESSAGE Database refreshed successfully
2013/10/05 17:28:46 -0400 USER-HP user MESSAGE Starting IP protection
2013/10/05 17:28:50 -0400 USER-HP user MESSAGE IP Protection started successfully
2013/10/05 21:42:05 -0400 USER-HP (null) MESSAGE Executing scheduled update:  Daily
2013/10/05 21:42:29 -0400 USER-HP (null) MESSAGE Starting protection
2013/10/05 21:42:29 -0400 USER-HP (null) MESSAGE Protection started successfully
2013/10/05 21:42:29 -0400 USER-HP (null) MESSAGE Starting IP protection
2013/10/05 21:42:32 -0400 USER-HP (null) MESSAGE IP Protection started successfully
2013/10/05 21:42:32 -0400 USER-HP (null) MESSAGE Starting database refresh
2013/10/05 21:42:32 -0400 USER-HP (null) MESSAGE Stopping IP protection
2013/10/05 21:42:32 -0400 USER-HP (null) MESSAGE Database already up-to-date
2013/10/05 21:42:33 -0400 USER-HP (null) MESSAGE IP Protection stopped successfully
2013/10/05 21:42:35 -0400 USER-HP (null) MESSAGE Database refreshed successfully
2013/10/05 21:42:35 -0400 USER-HP (null) MESSAGE Starting IP protection
2013/10/05 21:42:38 -0400 USER-HP (null) MESSAGE IP Protection started successfully
 

post-146440-0-08276700-1381032002_thumb.

Link to post
Share on other sites

  • Root Admin

Thanks, those logs are fine to show.  I only wanted a couple and not all of them.

 

Please read the following to understand a bit more. What are the 'PUP' detections, are they threats and should they be deleted?

 

Then let me have you do the following where we can look at what is on the computer and get it cleaned up.  There are infections that can infect the configurations of Firefox or Chrome that we may not be addressing.  We are working on an updated engine to deal with those in a future build.

 

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.


Thank you

Link to post
Share on other sites

  • 1 month later...

Hi,

  1. I dont know why I'm still not getting protection form my paid Malwarebytes. I'm manually doing scans almost everyday now getting to get rid of hundreds of malwares. And it is even more difficult without a "select all" option to remove items.
  2. The biggest worst now is that found over 1000s malicious items on my computers. So do I have to click each one-by-one to remove? Please advise.

See attached screenshot for results

 

Thanks,

 

Jim

post-146440-0-12933100-1385707389_thumb.

post-146440-0-54646000-1385707398_thumb.

Link to post
Share on other sites

Hi Domainaire,

 

Concerning point 1: As can be seen in the link AdvancedSetup posted about PUP's: To select all, right-click-> "check all items".

 

For what the 'malicious items' are concerend. AdvancedSetup already posted al link to what PUP's are (those are the only 'malicious files' I can find in your posts). According to the manual of MBAM (MalwareBytes Anti-Malware) PUP's are non-malicious. PUP detections always start with PUP in the name/vendor.

Quote from the helpfile of MBAM:

 

"Action for Potentially Unwanted Programs (PUP): This option detects known, non-malicious software which may causes undesirable performance or issues for the computer."

 

 

If you want to have an easier time removing and preventing PUP's you can go to "settings"->"scanner settings"->"Action for Potentially Unwanted Programs (PUP's)" and change it to "show in results list and check for removal". This will cause MBAM PRO to detect (and quarantine) programs that could install PUP's to be quarentined upon execution. I attached a screenshot of how the response from MBAM could look like. (Note that the youtube downloader itself was not the PUP, PUP's were included in the installation file. These "extra's" caused MBAM to respond.)

This will help you to prevent getting PUP's on your system, however it may make installing legitimate programs a bit harder as pup's are quite common in installers.

 

So to be able to answer your question about whether or not MBAM PRO blocked all malicious software: Did your scans show any results other than PUP's?

If so I'd strongly advise you to follow AdvanedSetup's advice and seek help in the malware removal part of the forum. This to make sure your computer is clean.

If not than I see (at this point) no reason to doubt the level the protection MBAM offers.

 

Last but not least: MBAM is not stand-alone security software. MBAM designed is to support your main anti-virus software in keeping your computer safe and removing infections. (Though it seems to do quite well on it's own, as a test of MRG Effitas shows.)

 

 

 

 

Disclaimer: If Advanced Setup/Ron disagrees with me, assume he is right.

 

 

 

 

 

post-146800-0-89690900-1385719594_thumb.

post-146800-0-52699700-1385719932_thumb.

Link to post
Share on other sites

In addition to Durew's excellent advice, and until AdvancedSetup returns....
 
Here is a recent MBAM blogpost that explains how to select all PUPs for automatic removal:
http://blog.malwarebytes.org/news/2013/09/selecting-all-pups/
 
If you want Malwarebytes Anti-Malware to remove these PUP detections reported after a scan but before making the above settings changes, each item must be checked:

  • To do so quickly, you can highlight one of the detections by left clicking on it.
  • Then, right click on the highlighted detection, and select 'Check All Items'.
  • Next, click 'Remove Selected'. That should address the PUP entries.

Cheers,

 

daledoc1

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.