sho-dan Posted January 6, 2008 ID:11563 Share Posted January 6, 2008 Hello MarcinThe Beta team never sleeps, the keyword is in bold.I was checking out the ver.0.87 About page at the bottom left, this line:Possible command line option: /quickscan /runupdateSo I tried it:Microsoft Windows XP [Version 5.1.2600]© Copyright 1985-2001 Microsoft Corp.C:\Documents and Settings\Owner>/quickscan'/quickscan' is not recognized as an internal or external command,operable program or batch file.C:\Documents and Settings\Owner> /rundate'/rundate' is not recognized as an internal or external command,operable program or batch file.Should that line be on the page or you were thinking outloud Link to post Share on other sites More sharing options...
adchia Posted January 6, 2008 ID:11564 Share Posted January 6, 2008 well...if you installed mbam in "C:\Program Files\Malwarebytes' AntiMalware" (I think thats what it is)then you should type in the following""C:\Program Files\Malwarebytes' AntiMalware\mbam.exe" /quickscan"C:\Program Files\Malwarebytes' AntiMalware\mbam.exe" /runupdateI'll try it later when I get back to my computer. Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted January 6, 2008 Author Root Admin ID:11565 Share Posted January 6, 2008 mbam.exe is set global. You can just do mbam /quickscanmbam /runupdate Link to post Share on other sites More sharing options...
adchia Posted January 6, 2008 ID:11566 Share Posted January 6, 2008 command-line works fine here.. Link to post Share on other sites More sharing options...
Hardhead Posted January 6, 2008 ID:11567 Share Posted January 6, 2008 Congrat's to all that have helped MBAM be where it is today. 0.87 is working great here on Vista and XP.Malwarebytes' Anti-Malware Version 0.87Database version: 242Scan type: Quick ScanObjects scanned: 15802Time elapsed: 1 minute(s), 26 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Note that the above scan is not a cached scan but a quick can and my Vista SATA drive.Cached scan below:Malwarebytes' Anti-Malware Version 0.87Database version: 242Scan type: Quick ScanObjects scanned: 15914Time elapsed: 33 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Tigger93 Posted January 6, 2008 ID:11569 Share Posted January 6, 2008 Malwarebytes' Anti-Malware Version 0.87Database version: 242Scan type: Quick ScanObjects scanned: 14781Time elapsed: 2 minute(s), 31 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\bot.dll (Trojan.Proxy) -> Quarantined and deleted successfully.C:\uxnc.exe (Trojan.Vundo) -> Quarantined and deleted successfully.C:\wgpo.exe (Trojan.Vundo) -> Quarantined and deleted successfully.The only thing is, none of the files exist. Even when viewing System and Hidden files.... Any ideas? They reappear after every scan. Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted January 6, 2008 Author Root Admin ID:11570 Share Posted January 6, 2008 Yes, can you please let me know what it says in the "Other" column. You may have to expand it a bit bigger. It should say...ERROR_UNKNOWN (#), where # is any number basically. Link to post Share on other sites More sharing options...
Tigger93 Posted January 6, 2008 ID:11571 Share Posted January 6, 2008 Good, I was really worried there for a few minutes. ERROR_UNKNOWN (1314) Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted January 6, 2008 Author Root Admin ID:11572 Share Posted January 6, 2008 Bug fixed in 0.88. Link to post Share on other sites More sharing options...
sho-dan Posted January 6, 2008 ID:11573 Share Posted January 6, 2008 mbam.exe is set global. You can just do mbam /quickscanmbam /runupdateThanks Marcin, both work for me. Link to post Share on other sites More sharing options...
joe53 Posted January 6, 2008 ID:11574 Share Posted January 6, 2008 I'm apparently the only tester to continue to have MBAM keep generating (and subsequent heuristic scans detecting) these pesky 0 byte files.With the last several versions, including .87, I have uninstalled the previous version and installed the latest as cleanly as I know how. The result is always the same: the first quick and full scans detect nothing, but when I reboot and scan- there those 0 byte file detections are. I have disabled Windows Defender, BOCleaner and Comodo FWP 3 from my startup list, but to no effect. Congrats on your public release. I hope my experience is specific to my PC.Malwarebytes' Anti-Malware Version 0.87Database version: 242Scan type: Quick ScanObjects scanned: 18067Time elapsed: 40 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 12Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Program Files\Common Files\VideoCap11.dll (Trojan.Downloader) -> Quarantined and deleted successfully.C:\Program Files\Common Files\VideoCap12.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\VideoCap10.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\VideoCap11.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ksys.sys (Rootkit.Ntrootkit) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\symavc32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\Jcq41.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\pcoj42.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\kernelw.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\rhp37.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\sysrest32.exe (Rootkit.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Default User\Local Settings\Temp\dnlsvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted January 6, 2008 Author Root Admin ID:11575 Share Posted January 6, 2008 Joe, I have made yet another change. I think it will work just fine on your system. Link to post Share on other sites More sharing options...
gerardwil Posted January 6, 2008 ID:11584 Share Posted January 6, 2008 Congratulations to everyone on the MBAM team!! Not sure this is a bug, but the monitor test gave me an error that it had failed to run. I had also gotten a notice that it was already running so seemed a bit strange. Online Armor wanted to know if it should be allowed to run ant start up and I said yes. This has happened before with the monitor, but I am not sure what we decided was the issue. Hi Jean,I don't have this problem (OA+). I have these settingsCheers,Gerard Link to post Share on other sites More sharing options...
Crufix Posted January 6, 2008 ID:11589 Share Posted January 6, 2008 Yay! for the public release. Been looking forward to this cant wait for the monitor also. Havent been able to post many bug reports but a few, but i have been using the program thoroughly and i love it. I will continue to post what i can to do my part. (Very busy with work) Cant wait to see what the "gift" is for the beta testers... Link to post Share on other sites More sharing options...
eaglehorse Posted January 6, 2008 ID:11595 Share Posted January 6, 2008 scanner worked great.Malwarebytes' Anti-Malware Version 0.87Database version: 242Scan type: Quick ScanObjects scanned: 18600Time elapsed: 5 minute(s), 26 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\569.tmp (Malware.Trace) -> No action taken.C:\907.tmp (Malware.Trace) -> No action taken. When I tried the remove button it just frozeDetected these two things when none of the other had will upload to jotti to see If I can find anymore but I think it was some leftovers of a generic adware that AVG removed. B) Overall love it but if you use comodo three it goes nuts.Thanks for the hard work Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted January 6, 2008 Author Root Admin ID:11596 Share Posted January 6, 2008 Can you please send those files to marcin at malwarebytes dot org. Link to post Share on other sites More sharing options...
eaglehorse Posted January 7, 2008 ID:11604 Share Posted January 7, 2008 Ok this is odd I had deleted the files you had requested shortly I had found them and befor I read your post. I tried a system restore point to about 0800 GMT-5 this morning . The files were not there. So I reinstalled And reran and this is the log. It has found a trojan. Adaware Spybot AVG antispy(free) And AVG AV have never detected this.Malwarebytes' Anti-Malware Version 0.87Database version: 242Scan type: Quick ScanObjects scanned: 18569Time elapsed: 6 minute(s), 21 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Documents and Settings\Default User\Local Settings\Temp\dnlsvc.exe (Trojan.Downloader) -> No action taken.I have done nothing else yet and Malwarebytes is still running. Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted January 7, 2008 Author Root Admin ID:11605 Share Posted January 7, 2008 Sounds like it could be some sort of Trojan since it is located in Temp. Have you tried Jotti yet with that file. Link to post Share on other sites More sharing options...
eaglehorse Posted January 7, 2008 ID:11606 Share Posted January 7, 2008 Sounds like it could be some sort of Trojan since it is located in Temp. Have you tried Jotti yet with that file.Waiting for them to slow down. In the quaritine folder there are some files from the previous install that survived the sys restore is it possible that that would help you with the earlier issue? It is o bytes and jotti says it cant scan it Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted January 7, 2008 Author Root Admin ID:11607 Share Posted January 7, 2008 I think we can drop this case. If you see any false positives, next time, don't quarantine, simply save the logfile =) Link to post Share on other sites More sharing options...
Recommended Posts