Jump to content

MBAM questions and comments.


Recommended Posts

OK, first off thank you for making MBAM a public beta. Install went smooth with no need for reboot.(but i did anyway)

Did a quick scan and MBAM found 45 entrys. Wow. 42 of these being related to Hotbar. 3 listed as malware trace.

Wondering if any or all are FP's. I do have a pretty good security setup FW,AV,AS,HIPS and a few other tools including Rouge Remover.

Maybe these have been on my pc for years and nothing detected them or just did not fully remove them. I will try to post my results in an attachment and maybe someone could tell me if they are safe to delete or they are FP'S.

Nice GUI. Pretty quick scanning. I like they way the main GUI is laidout.i'm not searching around tring to find something.

CPU of MBAM.exe is very low compaired to others 8-30% which is great other take up as much as 100% during entire scan.

Also unlike others and this is a good thing MBAM.exe is not always running when not scanning I realize that would change when you add the real time monitor.

I know it's the first beta but I do have a few questians outside of the FP questian.

1. Fingerprints loaded. 4892. As I said I know it's the first beta of MBAM but isn't that kinda a small data base compared to others in the anti malware market that have maybe 800,000+ signitures ?

2. It seams to do a thourh enough scan but other scanners AV and AS alike say up to 200,00 to 300,000 files scaned where MBAM says around 77,000.Why?

3. Not that this questian matters much just curious, other software developers sometimes reward beta testers with free versions of thier software when they are released for helping with bugs and thier suggestions. Do you plan on anything like that ?

4. Will there be a free version (on demand only) and a paid version (with real time monitor and auto updates) ?

Sorry for the long post but MBHA looks very promising. I will continue to test and report my findings. Good luck and hoping MBAM becomes one of the better Anti-Malware solutions out there.

OK tried to upload attachment to show results from scan but ( upload failed.you are not permitted to upload this type of file) is displayed. Its a screenshot of results.

5. How do I send them to you to tell if they are FP's ? They are in quarantine now and will stay there till i know for sure.

Uploaded OK.IN ZIP FILE :D

....LoneWolf....

MBAM_Scan_Results.zip

MBAM_Scan_Results.zip

Link to post
Share on other sites

  • Root Admin

Malwarebytes' Anti-Malware automatically saves logs to C:\Program Files\... <path of install> ...\Logs. Can you please open it and post it here. Looking at screenshots of results are a bit hard.

1. MBAM uses smarter scanning technology than most anti-malware programs. It isn't the quanity, it is how effective the program is that makes the database count. We will expand our database over time.

2. See above. The quick scan only scans about 10,000 files on my system. It is a small amount. But it it designed to scan where malware mostly hides.

3. You will see :D.

4. Yes. You are experiencing the free version. In fact, the free version will have auto updates as well. The only incentive to purchasing the paid version will be the realtime monitor.

5. Please see the first text I posted.

:D Thanks for beta testing and reporting your results.

Link to post
Share on other sites

Malwarebytes' Anti-Malware automatically saves logs to C:\Program Files\... <path of install> ...\Logs. Can you please open it and post it here. Looking at screenshots of results are a bit hard.

1. MBAM uses smarter scanning technology than most anti-malware programs. It isn't the quanity, it is how effective the program is that makes the database count. We will expand our database over time.

2. See above. The quick scan only scans about 10,000 files on my system. It is a small amount. But it it designed to scan where malware mostly hides.

3. You will see :D.

4. Yes. You are experiencing the free version. In fact, the free version will have auto updates as well. The only incentive to purchasing the paid version will be the realtime monitor.

5. Please see the first text I posted.

:D Thanks for beta testing and reporting your results.

OK here's the log. hpoe this works.

Malwarebytes' Anti-Malware Version 0.54

This logfile was saved after the removal process completed.

Database version: 091

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 42

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Typelib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{0A95BE2D-1543-46BE-AD6D-18653034BF87} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{0B8EDB8D-4575-4942-9C34-55591E415909} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{278EAD7A-2A45-4D4E-ACB4-A1A4AD9BB54B} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2B539D9C-127A-4F10-855F-EF31C83D2007} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2D91877A-468C-4802-8CD7-21F6BF776790} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3120A5E4-552D-4EDF-8C48-70C5D5FF22D2} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{31CE2164-4D5C-4508-BCA7-B10E11D08E6B} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{359A062F-CDA8-4A9C-9B28-588446D35098} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{35EFAD55-134A-47BF-912A-44A9D9FD556F} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{38F95B22-32BF-4378-B3EC-47B2C09DE1F5} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3D177BA8-BF8C-45E2-8CA2-20ACA6269A68} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3E1392BB-3B66-4A39-BBD0-259FC2BDC979} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{45128C11-A7E5-46D2-A164-3D1273E92C44} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{47146231-B550-4B13-B9E7-4257F740F39D} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{5C61669E-F0CE-4126-B365-316588E6228F} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{60E5F55E-236F-422D-A5F9-560F1778CCD4} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{62B6A513-3764-42CD-8410-9B81E8DFF135} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6A5D680A-8F9F-4752-A056-2C0273F60B4E} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6CCD925E-E833-4BE3-A62E-D3C8838C5D6D} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6CDD1F89-FC3B-401C-B1F1-932C48F45EB5} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{78412EB9-E06B-4484-BC85-0B1594F6E23A} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7EE495F3-345B-4CC1-AAB7-A255ED85EED2} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{82B58FCB-73F3-46DC-A52D-74D3FE359702} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{86797248-1A4E-41D0-A0C3-2175A36B3D0E} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{919DF860-D321-4D02-AC3D-1C25EFAE551A} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{AA6CCB5D-0F97-4A37-A077-8B49FB5BC60D} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{C18D120C-B7AB-4499-8BDC-0CD2BD0861FD} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{C1DFD382-E253-434D-B22D-2E47233B6147} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{CACB61E0-AEEA-404D-88E1-7F3BCA8B8726} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{CD5B9523-6EAF-4D63-8FE8-C081C51D1673} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{D45B0772-5801-4E61-9CBA-84120557A4D7} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{D7E6FB7C-A22F-4A9D-A89D-653D1AA37324} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{D80AC53D-E102-4A55-A265-529A626515E5} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{DBCAD616-BFD4-4C72-8D87-C5926921D378} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{E16F1874-C5B1-4400-A9F0-08E7FD4D3F8C} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{E3EC74BB-5522-462D-A00F-2728C53FCA04} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{EBB4EBA9-D546-4C85-A05A-167BF875FB83} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{F71D2854-2609-4A63-B4BF-BF2BA61A61CF} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{F7919641-3978-4668-8388-7310329C800E} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{F961CE9D-AE2B-4CFB-887C-3A055FF685C9} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{FFBBDECE-4363-4B4D-B35E-39EFF228C723} (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\System32\d3d8caps.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Cindy\Local Settings\Temp\TMP1.tmp (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Cindy\Local Settings\Temp\tmp16.tmp (Malware.Trace) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Staff

I caught the death flu from hell . I am back now .

I have nixed 3 FPs that will be resolved in the next defs .

The GUIDs in you log are leftovers from the spamblocker utility that shows up with hotbar . I am also now seeing a few mentions of another application CYBERsitter Antispam .

If you have CYBERsitter Antispam then this is likely a FP caused by reusing GUIDs . If you don't it is possible that the defs are catching part of an infection that has already been removed .

The way GUID detection works in MBAM is that they will grab the dll associated with that GUID . Since none were found in your logs this may be legit detection of something that has already been removed .

Link to post
Share on other sites

Thanks for the response nosirrah. So which ones should I delete and which ones should I restore outside of the one rubberducky already confirmed being a FP? I never had this cybersitter that I know of unless it came with something else I had installed. Never intensally installed it. Please let me know which ones I can safely remove.That you for your help.

Hope you are feeling much better.I know the flu can be hell to shake.

Link to post
Share on other sites

  • Staff

I am going to recheck all of the HotBar GUIDs to see if any of them are legit .

For now it is safe to remove all of them as not a single one hooks up with a file . If you had an active HotBar infection those GUIDs would also be adding dlls to the found list .

Even if the GUIDs were legit they would be grabbing legit dlls (creating FPs) . The fact that the GUIDs are grabbing nothing at all seems to indicate that they are left over from an infection that has already been removed in the past .

Keep in mind that many antivirus applications also detect a lot of adware/spyware but have the nasty habit of leaving more registry remnants behind then true antispyware/antiadware applications . This would explain what is in your system .

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.