Version 0.61

[RubbeR DuckY]

Lots of bugs reported on the forums fixed with this one.

Note: This version saves settings to a different location in the registry (a more appropriate one dedicated to MBAM itself). You will need to reset your settings the way you want them. Lots more settings as well including:

1. Saves scan type

2. Saves drive selected for full scan

Also includes fixes with the installer. For ease of use, if you are installing the program for the first time, Create Desktop Icon is checked. If your installing over an older version, it won't be checked (meaning you keep your settings). It is just little things like this that will make the installer easier.

[heikwith]

Bruce, can you take a look in this emailreply from Marcin:

Not familiar with FileHand. Submit it on our forums and Bruce will take a look.

Thanks,

Marcin Kleczynski

Security Software Developer

http://www.malwarebytes.org

Please visit the new Malwarebytes blog:

http://www.malwarebytes.besttechie.net

Dik Heikoop wrote:

Hello,

V0.55 said Filehand search is malware.

V0.58 still says.

Is this FP or not ??

No other anti-malware program reports this !!

Dik Heikoop

Netherlands

[nosirrah]

I will need a developer version scan log before I can answer this .

[JeanInMontana]

Smooth install, full scan ran in 30 min 26 sec. I'm sure it would be faster with the browser closed and WLM. Settings remained after close and open of program. Quick scan 4 min 19 sec.

[lurkingatu2]

update to 0.61 went good here i did a quick and full scan with database 103 fingerprints 5192 and found nothing and i see 3 steps under monitor

[ipl_001]

Hi everyone,

I upgraded to MBAM 0.61 DBversion: 103, Fingerprints: 5192

- problem with Prevx despite my message to them

- starting both scans...

[mrgigabyte]

hi everyone i just put 61 in both my computers and did a scan on both everything find on my end

[sho-dan]

Hello

ver. 061 DB103 and all is well in both Quick/Full scans. No problems with installer for newest version. Good job,guys.

[ipl_001]

Hi everyone,

Tests with 0.61 /103

- Problems with Prevx as reported above.

- Quick Scan - 6 min. 17 sec. for 14,272 objects (a bit slower)

- Full Scan - pending

Still the same problem of False Positive (2 byte-file) ( http://www.malwarebytes.org/forums/index.p...post&p=6648 )

[nosirrah]

I will need a developer version scan log before I can answer this .

[nosirrah]

Never mind , I think I found it . Check defs in about 10 minutes .

[ipl_001]

Hi Bruce,

Did you get the 2-byte file?

I guess I'm going to report my infectious files are not detected (scan still pending)... do you have my files (most of them are on MR but I could send them to you via email or upload them somewhere else).

~~ edit:

Full Scan is over: 51 min. 30 sec. 72,048 object scanned (a bit slower)

Still the same problem of malware undetected! ( http://www.malwarebytes.org/forums/index.p...post&p=6648 )

[ipl_001]

Thanks Bruce!

- updated to defs 104

- Quick Scan in progress

I don't know if I'll run the Full Scan as it is already 2:25a on Tuesday here in Paris.

~~ edit: Yes, I'll run the Full Scan as I guess you're looking forward to getting the result...

[nosirrah]

I think I got it , it turned up in another infection and the MD5 was in def so I removed it .

I don't know what you mean by "most of them are on MR" . I don't have them and would love more samples to play with .

We need a drop box for experts . Zip and attach what you can here . I there is not enough room PM me and I will PM you back a drop box .

[ipl_001]

Howdy,

- Quick Scan over: 5 min. 31 sec. for 14,312 objects

- Full Scan started...

Do you have access to Malware Research?

[nosirrah]

Yes I do , nosirrah there as well .

[RubbeR DuckY]

1. Working on improving scan speed.

2. Working on implementing a drop box for malware.

[ipl_001]

Bruce,

I'm going to upload some files on my hard disk that are not detected by MBAM.

As far as I understand, I cannot upload several files in one post (as I do at MR), right?

Here is patch.zip that includes patch.exe 132 KB described by Avast as Win32:Tibs-BAC [Trj]

[ipl_001]

Bruce,

Here is funny.zip that includes funny.exe 21 KB described by Avast as Win32:Agent-JPK [Trj]

I forgot to tell you that I don't scan with VirusTotal as the service is presently overloaded.

~~ edit: I forgot to tell you that my Full Scan (pending) seems not to have detected the 2-byte FP as after 20 min., I don't have any infected object displayed!

[nosirrah]

I will fire these up and see what they do .

[ipl_001]

Howdy,

On my hard disk, I have some rather old (January-March 2007) infectious files of the IRB family:

- dllhst.exe 260 KB -> Avast Win32:Vanbot-BK [Trj]

- read.exe 202 KB -> Avast Win32:Vanbot-BW [Trj]

- eventmgr.exe 206 KB -> Avast Win32:Vanbot-BR [Trj]

- WinSecUp.exe 138 KB -> Avast Win32:Rbot-DQL [Trj]

I'm going to check but I uploaded them to MR -> W32.Rinbot.Worm / Spybot / IRCbot / Spexta

~~ edit: I confirm that all of the 4 files were uploaded to the MR discussion linked above.

[ipl_001]

Howdy,

Prevx doesn't like MBAM and while scanning, my icon in Systray is orange with the comment:

Status Warning

Prevx 2.0 detected you were running a program that is unknown in the local and central Prevx 2.0 database.

This doesn't mean the program is a malware, only unkown. However, you should run this program with care.

For more details, double-click the program listed in the recent activity of program.

(my translation to English)

Malwarebytes'Anti-Malware / Authorized / 556 KB / Malwarebytes / C:\Program Files\Malwarebytes'Anti-Malware\MBAM.EXE

You should harass Prevx about this!

[nosirrah]

MBAM may absorb that whole thread .

[ipl_001]

Bruce,

- Full Scan is over -> 50 min. 14 sec. for 72,076 objects

No False Positives any longer <- Congrats!

Infectous files not detected but you've them!

I let you go and play as it's 3:25a in Paris... I'm going to bed, enjoy your night!

[ipl_001]

Hi

MBAM may absorb that whole thread .

You should try to play with the 6 files

Maybe a precision: all of the files are in subdirectories of

C:\Documents and Settings\G