Jump to content

Thank you with a question


Recommended Posts

I've used MBAM since it came out of Beta. I like the ease of use, and the speed of scanning. It found 4 - Adware.Hotbar in The Desktop Weather Channel program.

I uninstalled the Desktop Weather program and rescanned with MBAM. It found two entries leftover after using Revo Uninstaller in the advanced mode.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

I have a host intrusion prevention system that alerted me that MBAM asked to run regedit.exe. I have other programs that edit the registry and don't have permission to use it.

Is there a way for a program to edit the registry other than using regedit.exe?

If so, why does MBAM choose to use regedit.exe?

I guess this would be three questions : Can you tell me more about how the Malwarebytes' Anti-Malware Protection Module works? I'm thinking of purchasing it, and dropping my HIPS because it pops up to much.

Thank you,

Jamin4u

Link to post
Share on other sites

  • Root Admin

Malwarebytes' Anti-Malware uses Regedit to quarantine items from the registry. This was a sort of hack that we threw together and just left since it was working so well. I plan to change that in an upcoming release.

The protection module stops every executable from starting, interrogates it, and releases it if it is deemed clean to the database. We plan on adding multiple heuristics to the protection module soon.

Link to post
Share on other sites

Malwarebytes' Anti-Malware uses Regedit to quarantine items from the registry. This was a sort of hack that we threw together and just left since it was working so well. I plan to change that in an upcoming release.

The protection module stops every executable from starting, interrogates it, and releases it if it is deemed clean to the database. We plan on adding multiple heuristics to the protection module soon.

Hey RubbeR DuckY,

I think you have a solid application with great potential.

Thanks for the reply.

Jamin4u

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.