An Examination for Malwarebytes' Anti-Malware

[Kelly-Bone]

Great Community here

good morning for all

its time to do some examination for Malwarebytes' Anti-Malware

this is a small application , designed to let anti-malwares detect it as a very dangerous threat

its simply safe, all what it can do is simulating some registry tracking malware ..

lets see your results

PS: 1- I am not using Malwarebytes' Anti-Malware yet!! but thats not a problem , as it should be detected as malware

2- the application will not simulating malware actions if you dont use this password for it

password to open the application : test

direct link :

[link removed by AS]

good luck for you all

Kelly-Bone

Edited April 10, 2009 by AdvancedSetup
Unknown EXE - please do not post links to unknown executable files.

[AdvancedSetup]

Sorry, but I don't know who you are and this is your first post on the board so I've removed your link to an executable file.

It may be harmless but since you're new and did not post the source code then that's not very smart for someone to execute code on their system like that.

If you really want to have someone run such a tool then you should provide the source code, or very detailed information on what it does and how to undo it.

Thanks.

[Kelly-Bone]

ok AS , the file hosted on university server, and its clean

you can simply scan it with any antivirus you want

and for that , its not understandable that i will add a program here which contain viruses as this forum have many experts and technicans

i hope you understand me AS

[AdvancedSetup]

I did scan it and it did scan clean with all the AV scanners, but that still is not a responsible method of introducing a test.

Also, just because it's on a University does not in any way assure a file is not harmful. I can guarantee you that many files on Universities across the World have all types of infected files on them. Colleges are some of the biggest P2P users around.

Thank you for your understanding.

[Kelly-Bone]

LOL , you dont understand me AS

this section of the university server is locked and not for public use

and as you want to source code or details , i add details in the post , about simulating registry tracking malware

finally , its maybe my mistake to start my activity in this forum like this

but i can say to you as you cant find any kind of viruses or malware in it , you can advice people not to download it, but in this situation, you cant say that and delete it as it is clean !!

do you see an exe virus wear an safe clothes? if you cant detect them from the outside , its not a virus .. and this is the trick what my application do after entering the password. i didn't see any virus convert from harmless to harmfull after you open it.. if it is a virus it should be detected before you excute it

you see now why this is a trick?

becuase it should be detected after opening it

and this will not be as anytype of viruses or malware !!

thanks

[AdvancedSetup]

One would think so wouldn't you. However there are all types of Malware and Virus that are NOT detected by any program for a long time. There have been cases of virus that passed all scanner tests for months and it was a rootkit virus.

Now if I knew you or the Anti-Virus, Anti-Malware community as a whole knew of you then that would be a different story, but as it is not knowing you it would not be prudent to allow such and link on the site. Try to contact Microsoft or Apple and ask them if they would host a link to an unknown file like that and I'm sure you know what their answer would be.

If you really want to help then you'd sign up and actually get to know others in the community and build some trust first, or at the very least send an email or private message asking if you can post something like that. Go sign up at any one of the dozens of site that are dedicated to fighting Malware and make this your first post and I'm sure they will either delete the message, or as I did remove the link, or maybe even ban you.

Thank you for your time and understanding and hopefully you can understand why it's just not appropriate.

[exile360]

I can't say if it's malware or not, and I'm not trying to claim it is, but the possibility of something like a malicious script could be present, or perhaps even something as simple as a new trojan not yet detected by AV's. I'm not saying that's the case, or even that it's likely the case, I'm sure the file is probably safe, but it is still irresponsible to expose forum users and passers by to any type of unknown and potentially malicious executable code. It's AdvancedSetup's job as an admin to make sure that risks like that don't occur for users of the forum.

[Kelly-Bone]

ok , i understand

but you should understand that if you wont your members harm, you shoul not punish me by ignoring my testing effort

as i said it was mistake to start posting with this kind of applications

but as you want to safe your forum , you should work harder to safe your forum PLUS don't ignore any of your members

so this is the file with you, analyze it with any type of analyze

but understand, if you keep blocking it without any reason , just ( perhaps and maybe ) , this will effect your customers in the future

humm!! should i try your program to start the way to trust me?

maybe i will not , thanks

[exile360]

You could simpy PM one of the mods or developers to test the file or to turn it loose to the experts here to do private testing since they have experience with such things, even if it were malicious, and they could then properly determine if the file's safe or not, and if it isn't, perhaps post it publicly for everyone.

It just seems to me you might have skipped a few crucial steps in proper testing for such a tool. For instance: even if the file isn't malicious at all, how many diverse systems running different OS's and different software have you tested it on, and thus how can you be certain that it would be free of causing any errors due to unforseen incompabibility?

[Kelly-Bone]

question,,

what if any of your members pm me with requesting the file?

and what if this member pm you with the same request

you will say no i cant ?

in my side its not understandable to block it from anybody who want to test as its not confirmed as a malware

and you should consider that you currently blocking it , the same thing the same way

uh

[Kelly-Bone]

exile,

about how many systems i test the tool on it, i wll tell you that this tool not for mbam only, i designe it for many antivirus but in each time i change the style

and this is the first time i publish it over the net in forums,

friends, family, some small groups tested it for some antiviruses

and so , about the steps .. i said its mistake, but the mistake can be repaired if admins and experts test the tool and say thier word about it

not just ignore it to prevent hard testing and analyzing !!

[exile360]

I think you misunderstand, it's not being blocked on the basis that it is believed to be malware, it's being blocked because it's unknown code from an unknown source. What it is, could be, or is not isn't the issue here. What is the issue is the fact that you are an unknown in the security community, at least I've never heard of you, and therefore it would be irresponsible to allow you to dispense code on this forum indescriminately. It's not about proving the file to be malicious or not, it's simply a matter of known and trusted sources, for example, if I linked a user to a file on rapidshare that was a known safe file from Microsoft, the admins would edit my post and instruct me to link to the page for the file on microsoft.com because it is a known trusted source, while a file hosted on rapidshare, or even my own personal server, if I had one, could potentially be malicious. It's a matter of risk assessment, that's all.

If you want the admins to test it, PM them and I'm sure they'll allow you to let them test it. Another option would be to upload it to http://uploads.malwarebytes.org/ and the experts will take a very close look at it.

[Tarun]

On the forums where I'm an admin, super mod or mod, you would have been banned for this due to the spamlike nature of the post.

[Kelly-Bone]

ok exile

so i want any expert to test it to make sure it is not harmfull

and so they can publish it here

its not hard to try it in VM's , VM today like playing , even you ran a real virus on it , it will not harm your system

so what you are waiting for experts

[Kelly-Bone]

Tarun , thanks for your reply

you live in this world as every body in it knows your rules LOL

lets see what you can do with this haughtiness ,

anybody make mistakes, my mistake not for posting the application, but my mistake is to share what i worked hard on it with you as effort to try your software

and please don't repeat the words about first post style mistake

oh God

[exile360]

Hey, like I said, you can still PM one of the mods or admins, I'm sure they'd be willing to check it out and test it for you, they might even be able to offer useful input for you since many of them are software coders themselves.

[Kelly-Bone]

exile

so lets see what AS will do as he have the file and tell me that he will check it

i don't like to post things from my PM's

but will wait him a little and if no response, i will say good bye

not threat , but i will go back my small group to for testing applications, and let its dev. stay alone with thier customers , promise them for fullstrong anti-malware/virus .

and in fact they dont test their anti's as good as they can

,,,

[AdvancedSetup]

We'll test and debug it and get back to you.

[Kelly-Bone]

ok , but if you can tell me how long this proccess will be

to see if i can stay to see the result or back later?

[exile360]

I don't know, Malwarebytes' Anti-Malware seems to hold up pretty well against real world threats. So much so that it is often specifically targeted by malware makers. They use rootkits and other methods to block Malwarebytes' from installing or running. That says a lot about it's effectiveness in my opinion, after all, if it was ineffective, it would be unnecessary to prevent a user from scanning their computer with it.

[Kelly-Bone]

exile , as i said i didn't test mbam yet

and for both sides , if its good or not.. iam learning very good from my mistakes

from now , helping anti's companies should be with fees

so if you ask for fees they will think you are agenius and give you the chance to test their application, and if you dont ask money or any profits they will say " there is a bad reason in his effort"

thats the world , some rules should be changed,

[exile360]

No, it's not a matter of fees, MBAM itself is free, as are many other known trusted tools like Sysinternals Autoruns, Lunarsoft's Dial-a-fix, Piriform's Ccleaner, Atribune's ATFCleaner, sUBs ComboFix, S!Ri's SmitFraudFix and many others. The difference is, they've already been tried and tested by the experts and come from known sources. S!Ri doesn't charge any fees, nor sUBs, nor any of the others. MBAM has a paid version with more features like realtime protection and auto-updating and scheduled scans, but the free version will detect and remove everything that the paid version will. You don't have to pay to be trusted and you don't have to charge either.

[Kelly-Bone]

you know exile, i missed word in my application, thats really not joking

last line , it should be " .. isn't good enough .."

and not only for mbam ( if mbam can't ) , but for all AV's that can't detect this application as malware, sure not reall malware

ok iam here from long time

[Kelly-Bone]

long time i mean from it iam replaying for long time and iam tired

oh

[exile360]

Ok, it's late. No worries, I'm sure AdvancedSetup will take a look at it and find out how MBAM does. Who knows, if you're right about your program, it may become a testing standard for anti-malware software vendors to see how well their tools work .