Is MBAM losing it's ede!

[JeffD]

I've had 2 machines to look at in the past few days. One a laptop which wouldn't connect to the Internet (running Avast on Vista home). Safe-mode scan with MBAM found 80 "infections", problems removed but had to remove a couple of connection profiles to get I.E 8 working again.

Next PC (XP Home running Macaffe suite) was getting smoothered in pop ups about being infected - wasn't able to access Task manager or anything just kept getting pop ups advising that whatever we clicked on was infected. Installed MBAM from a stick while PC off the network but it wouldn't run, started in safe-mode and it did run but quick scan found nothing, neither did full scan. Rebooted and still had problem. Safe-mode again and run RootRepeal, found nothing. Safe-mode again, disabled all startup items and non essential services. Cleaned user profiles (tmp, I.E history MRU's etc) and finally got PC stable. Updated MBAM and ran quick and full scans - nothing found. Off the network, removed Avast and installed Fsecure 2010 suite, scanned with that but nothing found, Re-enabled all disabled items at start and confirmed all seemed to be working ok. The laptop user advised his (11 yr old) son had downloaded something and got pop ups again but a scan with MBAM removed them but he couldn't get Live Messenger to work so I've taken another look, repaired messenger and noticed that the son's logon was a standard user and attempted to update Avast but it needed the admin password. Logged on as Admin and updated MBAM and then run full scan - reported clean. Removed Avast and installed Fsecure 2010 suite, run full PC check and it found 69 malware items.

I don't know what to make of this, MBAM has been my main tool for virus bashing over the past couple of years or so and have used it frequently to remove malware that Fsecure didn't find - now it seems the tables have turned! I lost faith in Fsecure a couple of years ago and now use Vipre + MBAM (paid for) or Vipre + PC Guard on my PCs at home. Is it likely that I have somehow downloaded a nobbled MBAM? It updates ok so I reckon MBAM is valid. http://mbam-cdn.malwarebytes.org/database/....check.database resolves to 87.248.211.173 CName = cds243.lon.llnw.net. or 87.248.208.27 Cname = cds17.lon.llnw.net Anyone else having similar experience?

[EliteKiller]

Nothing is 100% on any given day. Losing faith in a product such as MBAM over some missed sample(s) is acting in haste. Instead you should look at the number of times it has saved you. Zip those samples up and send to the research team. F-Secure focuses on viruses where MBAM focuses on other malware. Everyone would benefit if you could post the F-Secure scan log. For all we know it only found some cookies.

[MAM]

@ JeffD

Hello,

run Malwarebytes' Anti-Malware in the developer mode, How it gets, ---> http://forums.malwarebytes.org/index.php?showtopic=3228

MAM

[noknojon]

Hi JeffD -

Safe-mode scan with MBAM found 80 "infections", problems removed but had to remove a couple of connection profiles to get I.E 8 working again.

No wonder this one had internal problems -

I lost faith in Fsecure a couple of years ago and now use Vipre + MBAM (paid for) or Vipre + PC Guard on my PCs at home. Is it likely that I have somehow downloaded a nobbled MBAM?

VIPRE is known to have problems operating with other 'active' malware or spyware programs - MBAM must be set on delayed startup - This is the same with WISE from Webroot - I do not know all the answers but I am doing some research into both these programs -

Hope they soon learn we are all here for the same reason -

[JeffD]

Guys, thanks for the replies and your offers to help. However, I have both the machines cleaned up and running ok. The purpose of my post was only really as a general chat type missive and the topic title was tongue in cheek. I haven't lost faith in MBAM (but did give up on Fsecure for a number of reasons). I've worked as an IT tech support analyst for more years than I care to remember and virus bashing has always been a challenge that I enjoy. The pay off being increased knowledge and the thanks from the grateful user.

The 2 machines I was playing with last week were not work related, they were the home machines for work colleagues - the sort of "friends" that come round to see the IT guy when they want a favour (you know the sort). MBAM will still remain one of my favourite malware bashing tools but I still need to occasionally use bootdisks and other tools and I'm constantly aware of the fact that we have to use "Free" tools to remove malware that "paid - for" AV stuff misses, with this in mind I try to persuade the latest victim to part with some cash and purchase the full version of MBAM.

I use Vipre for a number of reasons and have never had a problem running MBAM with it. I did test this combination on a couple of VMs before applying on my main home PC, I have few other machines running Vipre + PC Guard (not as good MBAM)

I can send the Fsecure log if anyone really wants it but the 3 items that MBAM didn't pick up on (Vista Home) were Adware:W32/DoubleD.gen!C, Gen:Adware.Heur.1M3@RedeKLfO and

Adware:W32/DoubleD.gen!A. I'm pretty sure they're not tracking cookies

The biggest surprise was that MBAM and RootRepeal didn't find anything on the XP machine and neither did fsecure once installed. I'm tending to think the "infections" was more "prankware" than Malware but I was a bit savage with MSconfig and did a really good manual clear out - pity I forgot to make notes but in defence I was trying eat my bacon butty and was connected remotely to 2 other PCs and I was doing it in work time before having to drive to another office and it was POETS day I'll see the user at work tomorrow and see how she has got on over the weekend once connected to t'internet.

Cheers

Jeff