Jump to content

Dll Locations + scanning is to aggressive


Recommended Posts

You need to locate shared dll's in C:\windows\system32 folder, MBAM is referencing shared dll's in the registry to "C:\Program Files\Malwarebytes' Anti-Malware" which is bad, it also installs old dll's which is bad.

FileAnt... http://fileant.com has an incremented unmodified version of the ssubtimer, all I did was increment the version so that the ASM version will not overwrite it. (The ASM version will crash in a 64-bit machine because it does not lock memory). If you added to this dll then you will need to change all the GUID's to keep it in your folder, I am also not sure why you signed it as Malwarebytes.

Registered MBAM constantly scans eboostrCP.exe non-stop (a virtual ram drive type program) and probably other files. It needs an exclude list and maybe a temporary cache of checked files.

See eboostr.com for the program

Google filemon for something to view activity easily.

Also disable protection does nothing, MBAM still accesses all the files as can be seen in filemon.

Link to post
Share on other sites

Have you tested version 1.50 -- the exclusions list now means to literally exclude the file or folder from the scan.

I had a quick look for 1.5 last night, but could not find it. Is it in the sticky somewhere?

I was thinking about it last night and maybe two or more modes would be better. A more passive "protect" that monitors executable file creation and webpages only and an aggressive mode that triggers if a malware is detected.

The current "webpages only" still seems to hook all executes which will slow down peoples PC's.

I also noticed I had to manually clean a few places on my wifes PC...

-Scheduled Tasks was full of webpage links

-The user temp folder had a few dodgy temp files (although harmless).

-I also had to open the printer drivers in CP and set to defaults to reset the print spooler (the worm seemed to change the settings to read the Windows Print Folder non-stop somehow)

You program was great at killing the bad stuff though.

Link to post
Share on other sites

I found 1.5 using google. I can see the improved the scanning a lot, it does not get aggressive with eboostr anymore, but there were still a few...

I was able to exclude ps3media server which remedied it a bit, but it would be nice to have a tick box next to the exclude that told mbam to scan it "every now and again". As ps3 ms is java and a service it is a good target for malware, but it does not need to be scanned all day.

mbam also seems to get medieval on msctf.dll and windows update.

The file accesses it does to scan each file still seem a bit excessive.

No big dramas for me, because I run these things manually, will effect people who use the realtime scan though.

p.s. 1.5 still replaced ssubtimer with an older version in the wrong location. This is an easy fix, so you should do that one.

Link to post
Share on other sites

To be Microsoft compliant it is suppose to place them in the windows system32 folder.

Other applications use these dll's and placing them in your appliaction folder

A/ breaks windows security (my app has to access your programs folder and may not have the privileges to do so)

B/ overrides existing dll's that may be newer

Link to post
Share on other sites

  • 4 weeks later...
  • 7 months later...

So a direct violation of the concept of shared dll's has no priority, great. You have taken a shared dll used by other programs owned by someone else and put it in your own private folder, you have even badged it as your own.

There is even now an event in the eventlog dedicated to people like you for this problem.

Link to post
Share on other sites

We also make a cash register used by thousands people in two countries as well as call center software so it is not a minor problem. I understand it is a hassle to change software, I will be updating our software as specified above and have been too lazy to work around the issue until now.

vbalsgrid6.ocx has the same problem, but that does not effect me. I know you are not the only person who does not understand this issue, but it does causes problems.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.