New Malware Submissions

[clb123]

How long do new malware submissions take to be incorporated into MBAM? Not rushing them, or anything, but want to make sure that a file for for "wdmaud.sys" in "c:\windows" or "c:\windows\system32" made it to Malwarebytes the evening of December 28, or if it needs to be re-submitted.

I would like to see users heading over here or another malware removal forum to take care of this instead of manually deleting the file(s) and still wondering what else they need to do. However, as long as the programs they are using aren't catching it, they are going to continue the self-cleaning process. I just hope they aren't leaving remnants of things that really need to still be removed.

The thread started with someone who finally got rid of D:\WINDOWS\system32\sysaudio.sys (Rootkit.Agent) with Malwarebytes, but the thread morphed into one in which users were struggling with what turned out to be "wdmaud.sys" instead of (or in addition to) sysaudio.sys.

http://www.google.com/support/forum/p/Web+...7c68d&hl=en

[AdvancedSetup]

As long as there is nothing special going on like out of town meetings, or the Holidays (like we're in now) often uploaded samples are incorporated into the new definitions within a few hours, and if the timing is right sometimes within a few minutes.

[clb123]

As long as there is nothing special going on like out of town meetings, or the Holidays (like we're in now) often uploaded samples are incorporated into the new definitions within a few hours, and if the timing is right sometimes within a few minutes.

OK ... it's holiday time now and folks are still struggling with this new one. Do I tell them to keep submitting them, or just keep deleting them and assume that Malwarebytes (and the other vendors) will catch up?

[exile360]

I suppose you can do that. But it also might be helpful to catch it live on a system in case there's anything else related to it not being caught. You can have them follow the instructions here:

http://www.malwarebytes.org/forums/index.php?showtopic=2936

and post logs in a new topic here:

http://www.malwarebytes.org/forums/index.php?showforum=7

This way one of the analysts here can take a look and remove it and grab samples to give to the developers. I don't know if it would make things go faster, but at least if there are other entries related to it that need to be killed, they can find them and get them added to the defs.

[clb123]

I'm doing what I can to encourage anybody new to our threads to consider coming here instead of going full steam ahead with deleting what has been identified as the main file causing the problems. Hopefully we will get a "live one" for someone to work with to make sure that this gets added to the definitions.