Jump to content

Suggestion: random process name to prevent mbam blockage


jeroendg
 Share

Recommended Posts

Hi all,

First of all, GREAT program! It has saved me many hours that would have otherwise been spent on backing up, re-installing, and restoring computers. As of today, when I fix a computer with MBAM, I'll highly recommend the user to purchase a license, and if not, I'll make them pay me (or pay me more) for my help so I can by another license, their choice. :)

Today I've had a PC that was infected with Vundo, Vundo.H, Rootkit.Agent, Trojan.Agent, Trojan.FakeAlert, Trojan.TDSS, Trojan.Downloader, and Malware.Trace. However, I did not know that of course when I started working on it.

I downloaded MBAM-Setup, but was unable to run it, it was appearantly blocked by the virus. So, I renamed MBAM-Setup to some unknown name. This time setup would start, and the installation was done normally. When I wanted to run the program, it would not start. Again, I suspect the process was being killed/blocked by the virus. I renamed the executable and tried to run it, but no go.

In the end I had to restart in Safe Mode, and remove a suspicious rundll32 command in the RUN section of the registry, reboot the computer, and then I was able to run MBAM to remove all the items.

However I cannot believe a normal end user, who generally would not know where to start solving their problem, would be able to do this.

My suggestion: during MBAM setup, have setup generate a randomly named executable that, when run, performs an automatic update & quick scan + clean with certain default settings. If running the normal MBAM is blocked in any way, people can start this "Emergency Update & QuickScan Cleaner" as last resort.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.