Jump to content

Missed Malware

sbcc
 Share

Recommended Posts

sbcc

sbcc

Posted
Posted

Hi,

As per LoneWolf's request on the Wilders forum, I'm reporting on a test done today in which MBAM free missed installed malware:

I took a clean computer (XP Pro SP2) with the only resident protection (Anti-Vir) turned off and did some web surfing. I'm not a professional tester by any means. I tried to emulate the browsing behavior of some of my customers.

I got a nifty Waterfall Screen Saver for free (180 Solutions/Mirar), then I watched some cool videos (Zango). Then I noticed my computer was slowing down so I got some prorams that said they could fix it (WinAntispyware and WinFixer 2005). All were freshly downloaded and installed this afternoon. I then installed and updated MBAM Free and ran a full scan.

None were found. For some reason I cannot post screen shots, but they are visible here:

http://www.wilderssecurity.com/showthread.php?t=209620

I was particularly suprised that both rogues were missed as they are "popular" infections. MBAM has been great so far, this is the first time it has failed to detect. I'm wondering if it is a quirk in this system or some other issue that can be fixed? Thanks.

Link to post
Share on other sites
nosirrah

nosirrah

Posted
Posted

It is obvious that this test is a complete fraud and its easy for any expert here to see .

1. You have SAS detecting a single zango trace when zango installs a pile of components . MBAM has extensive zango defs and if you actually installed it and did a scan with MBAM that would be seen .

2. You installed rogues that have not been seen in HJT logs for years because they blackhats behind them have long since moved on to new rogues .

3. You show SAS detecting 2 components of winantispyware . Again , this rogue has more components than that .

Looks to me that you intentionally removed malware with MBAM first and then used SAS to catch a few traces we missed . You then showed MBAM with an empty scan and SAS detecting these traces .

I will expose this at wilders , will take time away from what needs to be done to protect our customers but I have to protect us from libel as well .

EDIT :

Looks like one SAS supporter has already come in to defend MBAM .

Link to post
Share on other sites
DaChew

DaChew

Posted
Posted

SAS is a good program, especially run from safe mode in conjunction with MBAM in normal mode. It's a shame that unethical marketing like this has given it a black eye. I would have thought this kind of deceptive advertising would have died out by now.

Link to post
Share on other sites
darthsideous666

darthsideous666

Posted
Posted
SAS is a good program, especially run from safe mode in conjunction with MBAM in normal mode. It's a shame that unethical marketing like this has given it a black eye. I would have thought this kind of deceptive advertising would have died out by now.

I think it is obvious that someone is trying to "stir the pot" and create tension between the two developers and programs! The good thing is anyone that is familiar with both these programs and the people behind them will know that this is total "CRAP". I am willing to bet that Nick and his people at SAS have absolutely nothing to do with this or even know anything about it.

ds

Link to post
Share on other sites
sbcc

sbcc

Posted
  • Author
Posted

I don't know what to say.

I clearly explained what I did.

I rolled off a copy of the partition and can repeat the results.

I strongly supported MBAM in another thread on Wilders before trying this. I had excellent results with multiple current infections. I was amazed at what was found and removed.

I also stated that it was not a professional test. I went browsing, got infected and tried MBAM first. Instead I see I am a shill for SAS, and I cleverly ran MBAM first then showed no results all just to set you up to look bad. Wow. Not how it happened, sorry. I did what I said I did, and I was asked to post it here.

I just happened to run SAS next. It was the only dedicated antispyware I had installed at that moment. It missed a bunch of components. I also ran Cure-It, Anti-Vir, BD10 and Spybot. All found more components, MBAM found nothing.

I am just a computer tech trying to find the most efficient tools for cleanup and maintenance. I was suprised at the results, especially because both WinFixer2005 and WinAntiSpyware are listed in the RR database. I thought it must be a bug in MBAM specific to that machine, as I have had excellent results with it in the past.

I'll continue to respond at Wilders if you have questions. Sorry if I ruined your weekend.

Link to post
Share on other sites
GT500

GT500

Posted
Posted

I agree that this looks like a fraud. I can't be certain though without a little bit of testing on my own.

Does the guy have a list of the sites he visited? Or at least the site he started at? If sbcc can PM them to me, then I'll fire up VMware, and infect and scan a fresh install of Windows XP Pro SP2 with IE6.

Link to post
Share on other sites
John L. Galt

John L. Galt

Posted
Posted

The OP mentions that they have a copy of the 'partition' or some such - and that means there should be, at the very least, a browser history that should be easily accessible.

I too am more than mildly curious as to the *exact* methodology employed here....

Link to post
Share on other sites
DaChew

DaChew

Posted
Posted

I plead guilty to "profiling" and considering what I have read on this issue coupled with the fact that a friend called yesterday with an even greater failure with MBAM I am inclined to give the benefit of a doubt to this posters tests.

MBAM is a be here now program for current infections.

I should have reccomended stinger to my friend

Link to post
Share on other sites
nosirrah

nosirrah

Posted
Posted
I plead guilty to "profiling" and considering what I have read on this issue coupled with the fact that a friend called yesterday with an even greater failure with MBAM I am inclined to give the benefit of a doubt to this posters tests.

MBAM is a be here now program for current infections.

I should have reccomended stinger to my friend

Please look at the scan results of SAS in the post of the OP at wilders . Without there being something seriously wrong here SAS would not get those results . Anyone that has used both MBAM and SAS will tell you that zango is both a huge infection (as in number of components) and pathetic to detect and remove . The scan results just do not match up with what we would expect from either application . The fact that SAS detects next to nothing in a situation where it should detect more than 100 items (with what was supposed to be installed it could have gone over 200) tells the whole story , something is just not right .

As for intentional , I thought about it and I now doubt it . Likely just some kind of mistake on the part of the OP .

As for MBAM missing something (as your friend said) , it happens , no security software can catch everything (but we do try) .

BTW , if you can get what we missed from your friend I would really appreciate it .

Link to post
Share on other sites
DaChew

DaChew

Posted
Posted
BTW , if you can get what we missed from your friend I would really appreciate it .

Bruce,

I used MBAM to clean up 2 computers for a friend this last week when I was visiting, one had norton's and the other had McAfee's running resident, he was so impressed that after I left he dug an olde computer running W2k with 128 megs of ram

that had been mothballed with a very bad trojan over 2 years ago.

According to him MBAM started the scan and then immediately minimized and wouldn't reopen or do anything, from reading your own posts I had concluded the infection was too old. He scavanged the computer for parts/ram.

When he called yesterday I should have reccomended stinger.

I have an interesting false positive I am emailing you tho

I found it on the dark side

his methodology for aquiring zango seemed flawed?

more edit

gmail won't allow an execuatble to be sent or even a zip

but they haven't stopped rar files

yet

Link to post
Share on other sites
sbcc

sbcc

Posted
  • Author
Posted

Issue resolved.

It was a corrupt install or conflict with another program. Complete uninstall with Revo and subseqent reinstall solved it.

236 detections after reinstall. Log posted in thread referenced in OP.

Had to troubleshoot it myself. I found other issues as well. Zango had not installed completely, for one.

Guidance would have been appreciated and perhaps mutually beneficial.

I'll continue to use MBAM. It's unparalleled at certain tasks. If I have issues in the future, I'll use the official support email.

Link to post
Share on other sites
GT500

GT500

Posted
Posted
Had to troubleshoot it myself. I found other issues as well. Zango had not installed completely, for one.

Guidance would have been appreciated and perhaps mutually beneficial.

You'll have to forgive us for being skeptical about your tests, and their legitimacy. There have been a few attempts to make MBAM look bad, and sadly it seems like SAS is always the one that we are being compared to. When we see scan results that obviously don't match up, the first thing we have a tendency to think is that it's just another attempt to make us look bad. Since the information was presented as results from a test, and not in a "this doesn't make sense, why is this happening" form, it makes it even harder to believe that it really happened.

Understand that nosirrah is the head of the team that puts together the definitions for MBAM, so he knows the detection capabilities better than anyone else. When he says there is something not right about your scan results with MBAM, then it's best to go to him for help (even if he does seem cantankerous).

I'll continue to use MBAM. It's unparalleled at certain tasks. If I have issues in the future, I'll use the official support email.

It's actually best if you post issues with MBAM on the forums before you post about them anywhere else. More of us will see your issue that way, and you have a higher probability of receiving the correct answer. Obviously your first post didn't go over very well, but I hope you understand that it would have been difficult for any company to believe those test results, and that nosirrah's response was more out of frustration at what he thought was just another attempt to ruin our reputation.

Link to post
Share on other sites
John L. Galt

John L. Galt

Posted
Posted

Exactly. The results were not in line with an MBAM scan of a *complete* Zango installation - however, no one here took into account that Zango may not have installed correctly / fully - and for that I personally want to apologize. I know for a fact that I was dubious about your results.

However, I also mentioned that I was more than mildly curious about the methodology - and that is something that we never really got, because you had to troubleshoot the issue yourself until you realized it was an aborted installation. GT500 is correct - since you've gone and registered go ahead and post questions about the MB products here first - the dev team is in here some but Bruce (NoSirrah) is in here daily - in fact, nearly hourly. You'll always get a quicker response here, and all feedback posts are used as just that - feedback to make a great product even better.

I cannot count the number of times I (or me in conjunction with someone else) has reported a problem to have it fixed within hours....

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.