Jump to content

Recommended Posts

Being "crypted" (encrypted/packed) doesn't matter if the encryption type of the file is heuristically detected (something that MBAM and AV's do with certain types of packing/encrypting on files, detecting them as "suspicious"), not to mention the fact that even if encrypted/packed, it has to unpack/decrypt to execute, so it still gets caught when it tries to enter memory.

As for HIPS, I don't use one myself, but you can find a bit of info about what it is and what it does here.

You also have to remember that just because the YouTube video showed something as being undetected, doesn't mean it will be undetected forever, or that the security software they used was up to date with the latest definitions. Detections change daily (and for MBAM, even more frequently since on a typical day we update our database 5-8 times). Some AV's update their database hourly, so what wasn't detected earlier today, may possibly be detected now.

Link to post
Share on other sites

You're welcome, I hope that cleared things up a bit :).

Trust me, infecting computers is big business, so if there were any full proof method of making an infection truly "undetectable" then every infection out there would be using it. Crypting files to obscure their contents is old hat and has been used for many years and all the security software vendors are well aware of this tactic (it's also frequently used by polymorphic infections to try and make creating definitions for them more difficult, again, this is where heuristics comes into play because if done right, it can often still detect a polymorphic infection when it changes).

Link to post
Share on other sites

No protection is 100%, but doing so will most likely keep you clean. Also remember to keep Windows up to date along with any browser add-ons you use, such as Adobe Flash Player, Adobe Reader and Java.

Surfing safe goes a long way too, avoiding shady sites on the web and avoiding downloading stuff with P2P software (torrents etc.).

Link to post
Share on other sites

You're welcome, I hope that cleared things up a bit :).

Trust me, infecting computers is big business, so if there were any full proof method of making an infection truly "undetectable" then every infection out there would be using it. Crypting files to obscure their contents is old hat and has been used for many years and all the security software vendors are well aware of this tactic (it's also frequently used by polymorphic infections to try and make creating definitions for them more difficult, again, this is where heuristics comes into play because if done right, it can often still detect a polymorphic infection when it changes).

Sorry for posting that, because of your quick reply that i didn't see, i don't needed to write this:

'So exile by updating the Anti-Malwarebytes daily and updating my anti-virus. (Microsoft Security Essentials+ free avast anti-virus) daily. I will not have any Virus like a 'FUD' keylogger/RAT? By the way thanks for helping me! '

Link to post
Share on other sites

I'm now doing the Full scan on MBAM (before that i updated the version), after it i will do the flash-scan but what are the differences?

When i used the MBAM the first time, 10 things where infected.. including a ardamax keylogger. i delete them all thanks to MBAM.

My anti-virus said before i scanned my PC with MBAM, it was Safe. So i trust MBAM more now!

Now after 3 days i scan my PC again with MBAM (till now noo infectss )

thankss :P

Link to post
Share on other sites

Here's the different scan types in MBAM and what they do:

  • Quick Scan - This is the default and recommended scan type. It checks all the known locations where infections like to actually install on your system, including program folders, system folders and the registry (and many more). Every time we find infections installing in a new location, it automatically gets added to the Quick Scan :). It checks everything that the Flash Scan checks and a lot more.
  • Flash Scan - This is a very quick check of your system for active infections running in memory, the registry as well as a heuristics check to look for new/unknown threats. It is less comprehensive than a Quick Scan, but is useful if you just updated MBAM and want to make sure that nothing that was added to the current update but wasn't detected by the previous database has infected your system (this is why we have an option for it to run after a successful update in the Scheduler if you have the PRO version of Malwarebytes' Anti-Malware).
  • Full Scan - This is the last resort. This is what you use when you suspect your system is infected, but the infection was not found by a Quick Scan. It will check all locations on your computer, not just the locations where threats are known to install. It is generally not needed, but can be useful for finding dormant traces as well as infection installers/droppers that might be saved in a location that is not checked by the Quick Scan (if, for example, you save your downloads to a custom folder somewhere etc.).

Link to post
Share on other sites

Thanks i let to type to mutch, i'm sorry :P

Just Finished the Full + Flash Scan with the newest version of MBAM with no infections :D

The first time i used MBAM before 3 days with the full scan, 10 risks/detections deleted thanks to MBAM including a ardamax keylogger.

But before that i scanned my PC with my standard AV (Free Avast with the updated version) It didn't detect one of the 10 !

Soo MBAM i advise it to everything, it seems more better than AV's lol.

Link to post
Share on other sites

if u use mse and avast free, u r not protected because they r all based on traditional signature based security. avast is better than mse. but use comodo internet security, it has defence+ technology(HIPS) with mbam. no virus can't do any harm to ur computer with these two in action. but u have to learn how to use comodo internet security, so watch youtube videos on comodo internet security. its the BEST combination to protect ur computer. i am using comodo and mbam and i frequently test these two with zero-day threats which are very very latest like 1hour or something like that. finally u have to decide. but mse is waste, if u don't believe watch mse test and reviews on youtube.

Link to post
Share on other sites

  • Root Admin

@karthik

I'm happy that you like and enjoy Commodo but please do not post Malware detection or removal advice here on the forum. Only authorized and trained helpers are allowed to provide such advice in the HJT forum.

Your multiple posts about Commodo are now bordering on advertising spam on the forum. If you really wish to help out then please sign up at one of the schools for training.

Please see here as well.

The following are websites who host training facilities: United Network of Instructors and Trained Eliminators

Thank you

Link to post
Share on other sites

sorry advancedsetup, i am new member to this forum, so i don't know about that and one thing i am not advertising comodo because my search for the best security stopped when i installed MBAM and comodo. so i want to help others if i can.

But any way, i am a normal member so i won't reply to those type of topics ever. Thanks for the telling.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.