Is MBAM is a 100% safe application? - Page 6

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Is MBAM is a 100% safe application?



Ant wrote:
Quoted text here. Click to load it

I had a son who was a computer guru - he's an angel now. He guides me!

Quoted text here. Click to load it

Thank you. What you say holds no surprises!

Quoted text here. Click to load it

You sound much like the cyber-friend I made on the Kaspersky forums!

P2U is/was Dutch, Married to a Russian woman and lives(d) in Moscow. I
'met' him on the Kaspersky forums after I had bought KAV7 a few years
ago. Amongst other things he specialised in computer forensics and was
trying to help me investigate how 'bad guys' do things.


Here is a past PM conversation:

QUOTE (by me! BD)

If I type http://www.annex.com into IE7, my AOL browser or Firefox - it
works as expected (or should I say as I might expect?).
I wouldn't be surprised if you told me something was not quite right,
even at first base!

REPLY

I understand that googlesyndication and google-analytics are there
asking to execute scripts and to drop cookies, but what the **** are
live.com and msn.com doing there?!?
OK. I'll register later today as p2u. I have to go and see a student
right now. I'll be back in an hour or three.

Paul

_____________________________________________________________________

Regrettably, little further progress ensued. Here's the reason why.

Message from Paul, 27.09.2008 05:50

Hi, Dave!

Yes, I owe you an explanation, but I couldn't find the strength to write
you about it. At the end of last year, I was diagnosed with a swelling
in the pancreatic area. I've been through hell all this time. Life
expectancy is not much; at most 2 years. The problem is that the
swelling was benign, but is turning into a malignant one. An operation
means almost certain death. I'm not afraid of dying, not for myself - I
just wonder how my little son is going to take this.
I hope you understand, that in such a state of mind I'm not eager at all
to communicate with anyone. This is nothing personal. I hope you
understand that. That's also the reason why I rarely appear on this
forum - the 'how-are-you' stuff scares me. I don't know how I am and why
this is happening to me...

Kind regards,

Paul
_______________________________________________________________________


There is more information here should you be mildly interested.

http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.security&tid=7f8b4469-dc0f-4b3a-97b9-bff300db8714&cat=&lang=&cr=&sloc=&p=1

Or  http://snurl.com/vy6sc

It is basically an extract of posts I 'stored' on Jenn's BB but folk
would have to register to read same there. http://pqlr.org/bbs /

If I'm wasting your time, forgive me. My only ambition is to help, in
any small way, to ruffle the feathers of the bad guys to which you
refer. I seek only the truth.

--
Dave



Re: Is MBAM is a 100% safe application?



On 5/1/2010 7:19 AM, ~BD~ wrote:
Quoted text here. Click to load it


So ask specific questions based on your research, if you post links to
where the information was obtained folks can look at the original material.

Many folks have told you that in their opinion, and experience this
behavior has not been observed in the wild.

If you don't want the opinion of folks in the newgroup why would you
continue to ask for it?

John






Re: Is MBAM is a 100% safe application?




[...]

Quoted text here. Click to load it

Bad sectors (or sectors *marked* as bad) in this case might be
considered "outside" any partition.

[...]

Quoted text here. Click to load it

Warning - - an analogy follows:

Some vaguely described monster has finally been *killed* by the monster
hunter and you have an uneasy feeling that the monster can rise from the
blood at the scene of the killing. Well, it ain't gonna happen, but when
you asked an expert if an entity like that could be resurrected from its
blood - he said yes and told you about DNA and sheep, cats, etc...

The thing is, the expert wasn't asked if the entity could self-resurrect
from the blood left behind after the killing of the monster.



Re: Is MBAM is a 100% safe application?



FromTheRafters wrote:
Quoted text here. Click to load it


You should try your hand at writing stories for children, FTR! :)

Re: Is MBAM is a 100% safe application?





| So now we are in a situation where someone (drdos) has posted
| information on a well known technical forum saying one thing ....... and
| Mr David H Lipman (whoever he may *really* be!) making a post on Usenet
| groups claiming that the original poster is wrong.

| Take a step outside the box, David.

| How could anyone simply 'visiting' these groups have any notion of who
| is actually telling the truth?

| I am /inclined/ to believe what *you* say - but there is no supporting
| evidence to that effect - is there?

| Is it reasonable for readers to accept that, as you have made no
| disparaging comment to the contrary, that "Most wiping, erasing,
| formatting, and partitioning tools will not overwrite logical bad
| sectors on the Disk, leaving the Rootkits and their accompanying payload
| of malware behind and still active."?

| If so, what action would one recommend one takes before reinstalling an
| operating system on a previously used disk - Darik's Boot and Nuke?
|
http://download.cnet.com/Darik-s-Boot-and-Nuke-for-CD-and-DVD/3000-2094_4-10151762.html

| Or, maybe FDISK will do? http://support.microsoft.com/kb/255867

| Or does one simply assume that one's disk is Rootkit free and simply use
| a Windows set-up disk and the in-built formatting facility?

| --
| Dave

Show us *any* malware in the wild that;  infects or resides within the; BIOS,
Motherboard
or Video-card.
**And I do not mean some engineer in lab environment who found he could
introduce malware
into the BIOS, Motherboard or Video-card.

There is not taking a step outside the box. This is the reality.
There is NO malware that infects or resides within the; BIOS, Motherboard or
Video-card.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Is MBAM is a 100% safe application?



David H. Lipman wrote:
Quoted text here. Click to load it

I cannot do that ...... and you know it!

However - that does *not* mean that it *doesn't* happen!

Quoted text here. Click to load it

So you say, David.

Please review my answers to Dustin Cook.

BD



Re: Is MBAM is a 100% safe application?




| David H. Lipman wrote:

Quoted text here. Click to load it

| I cannot do that ...... and you know it!

| However - that does *not* mean that it *doesn't* happen!

You can't becuase there are none!

While there are none, you are pushing FUD.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Is MBAM is a 100% safe application?



David H. Lipman wrote:
Quoted text here. Click to load it

To whom do you consider that I'm "pushing" Fear, Uncertainty and Doubt?

All I've *ever* been doing is asking questions!

--
BD

Re: Is MBAM is a 100% safe application?




| To whom do you consider that I'm "pushing" Fear, Uncertainty and Doubt?

| All I've *ever* been doing is asking questions!

To all the readers of the x-posted news groups and all the http front-ends that
access
them.

As for ...
"In particular, do you agree that "Rootkits can also hide in the Firmware
of Hardware Components, in the BIOS, Motherboard, Video-card EEPROM or
Alternate Data Streams....." ?

The part about Rootkits hiding in the Firmware of Hardware Components, in the
BIOS,
Motherboard, Video-card EEPROM has already been answered.  You brought it up
before, a few
times, and you were told that it is incorrect.  By you re-incarnating the
subject matter
you are introducing FUD as if what you had been previously told was not factual.

As for ADS that is a whole different concept and is a way of hding a RootKit.
http://en.wikipedia.org/wiki/Alternate_data_stream

There is a kind of RootKit methodology that has been used, that was NOT even
mentioned,
and was used by the Gromozon malware family (which also used ADS) and was
described quite
well by Marco Guiliani of Prevx.

Find that information and report back what that methodology is.  That's worth
discussing,
not "In particular, do you agree that "Rootkits can also hide in the Firmware
of Hardware Components, in the BIOS, Motherboard, Video-card EEPROM" shit.



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Is MBAM is a 100% safe application?




Quoted text here. Click to load it

And evidently, has some sort of universal translator for the code
differences found between them all. :)

Quoted text here. Click to load it

I would prefer it further if said engineer was able to demostrate
operational code instead of a storage site for potentially malicious code
which will never get run control; and thus, remain quite... harmless.
 
Quoted text here. Click to load it

Only few malware samples which would make an effort to corrupt the BIOS;
and it required very specific hardware in order to do it's deed. One size
doesn't fit all.
 



--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior


Re: Is MBAM is a 100% safe application?



Quoted text here. Click to load it

1) Introducing your personal vendetta against PF whenever it suits you.
2) Needlessly crossposting your posts, even when from within another's
thread and transplanting posts from other places and posting off topic
and getting too obsessed with having other people's personal information
and practically *demanding* that others assuage any personal "hinky
feeling" you may have and ... well ... that's enough for number two.

Quoted text here. Click to load it


Incompatible with what?

Quoted text here. Click to load it

???

Had this person posted here, there would have been opposing viewpoints
voiced, I haven't visited that forum, so I don't know what went on
there.

Quoted text here. Click to load it

There are user mode and kernel mode rootkits - how is that considered
"outside" the OS?

I might agree with *some* rootkits  work from outside the OS (VM or
hypervisor based perhaps?)

Quoted text here. Click to load it

There are many places to hide stuff, that doesn't mean it is code that
can be invoked or otherwise executed.

Quoted text here. Click to load it

Usually, such tactics render the malware "headless" and as such it is
not *active*.

[...]

Quoted text here. Click to load it

Rootkit's used to be a collection of programs that an attacker could use
to replace tools with trojanized versions - once having obtained root
privileges. Now they are mostly just filter drivers to filter out
information that is being made available to such tools.

Quoted text here. Click to load it

Why infect programs when you can install malware in a stealthed
(filtered) condition?

When you have the system as host, there is little reason to also use a
program to host code.

[...]

Quoted text here. Click to load it

There is room for "bad code" in those places. There may even be enough
room for enough code to actually function as a starting point for the
implementation of a rootkit (or other malicious functions). Having
*only* a starting point is not enough to qualify it as a rootkit.

Quoted text here. Click to load it

A rootkit might also cease doing the cloaking if it detects that a
rootkit detector is executing.

[...]

Quoted text here. Click to load it

I'll just accept that as a fact, no need to go there.

Quoted text here. Click to load it

I'll agree that subversive code could hide in there, but that's a long
way from saying a rootkit or virus could launch from there.

[...]



Re: Is MBAM is a 100% safe application?



FromTheRafters wrote:
Quoted text here. Click to load it

Let's deal with this part of your response first.

Quoted text here. Click to load it

I have no personal vendetta against anyone.

The posting persona known as Peter Foldes (or is it Derek Feldman?) is
not honest and truthful. I don't approve of that.

Quoted text here. Click to load it

Isn't Usenet great? :)

If folk choose not to substantiate their standing in the real world then
AFAIC they are simply fantasy figures of the Internet.

Remember this thread, FTR

http://groups.google.com/group/microsoft.public.security.virus/browse_thread/thread/24146319906307ac/d42636edf3d1e14b?hl=en&q=The+newbies+dilema&lnk=ol &

Not much has changed!

--
Dave

Re: Is MBAM is a 100% safe application?




| FromTheRafters wrote:
Quoted text here. Click to load it






| Let's deal with this part of your response first.

Quoted text here. Click to load it

| I have no personal vendetta against anyone.

Person -- Robear Dyer
Place -- aumha.net and its members like Robera and Randy.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Is MBAM is a 100% safe application?



David H. Lipman wrote:
Quoted text here. Click to load it


May I refer you to this post?

http://groups.google.com/group/alt.politics.scorched-earth/msg/ca3b5b6709131018?hl=en

Where I said .......

"My use of Norton AV is what prompted my exclusion from Aumha, which as
you well know, is the *real* 'home' of PA Bear (aka Robear Dyer). I
found that 'interesting', especially as subsequently he lied saying
that I had been banned by an ISP, when this is false) and then he
refuses to communicate further. Such behaviour is irrational!"

That is the truth as far as I am aware. If this is disputed, let us
discuss further. I have *never* been banned by /any/ ISP - *ever*!

BD


Re: Is MBAM is a 100% safe application?




Quoted text here. Click to load it

Wouldn't this be more appropriate in another newsgroup? This one, and the
ones I see you've set as followup don't really apply...


--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior


Re: Is MBAM is a 100% safe application?



Dustin Cook wrote:

Quoted text here. Click to load it

You are probably right, Dustin :)

Which group(s) do you suggest?

BD

Re: Is MBAM is a 100% safe application?




Quoted text here. Click to load it

alt.usenet.kooks -you'll find some real charmers in there.
--
This post was created using Opera@USB: http://www.opera-usb.com
Virus Removal Instructions  
http://sites.google.com/site/keepingwindowsclean/home
Max's Favorite Freeware  
http://sites.google.com/site/keepingwindowsclean/freeware

Re: Is MBAM is a 100% safe application?




Quoted text here. Click to load it

Yes! :oD

Quoted text here. Click to load it
http://groups.google.com/group/microsoft.public.security.virus/browse_thread/thread/24146319906307ac/d42636edf3d1e14b?hl=en&q=The+newbies+dilema&lnk=ol &
Quoted text here. Click to load it

Did you really expect it to?



Re: Is MBAM is a 100% safe application?



FromTheRafters wrote:
Quoted text here. Click to load it

No. I'd hoped that Dustin might re-read the thread if it came to his
attention again and he wasn't too busy! ;-)

Trolli is still monitoring posts being made on Scorched-Earth.

*Why*?

Proof positive?

Yup! (anyone know why MISMATCH appears in the first line of 'Path'?

Path:
border1.nntp.ams.giganews.com!feeder2-2.proxad.net!proxad.net!feeder1-2.proxad.net!74.125.46.134.MISMATCH!postnews.google.com!news2.google.com!npeer01.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!border1.nntp.dca.giganews.com!nntp.giganews.com!local2.nntp.dca.giganews.com!nntp.ohio.net!news.ohio.net.POSTED!not-for-mail
NNTP-Posting-Date: Wed, 28 Apr 2010 20:47:26 -0500
Newsgroups: alt.politics.scorched-earth
Subject: Re: The truth *will* out!  :)
Date: Wed, 28 Apr 2010 21:47:27 -0400
MIME-Version: 1.0
Content-Type: text/plain;
    format=flowed;
    charset="iso-8859-1";
    reply-type=response
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Newsreader: Microsoft Windows Live Mail 14.0.8089.726
X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8089.726
Lines: 47
X-Usenet-Provider: http://www.giganews.com
NNTP-Posting-Host: 66.219.181.60
X-Trace:
sv3-F7mwcZFQWLFFl7DAqiT6He2opE/ChGv6NIJCEXTLC0zoNZCcICDviF0k/d1PfrVgnGvvJ1n7xDuPujJ!FPUVYQJHz86OD/EHktM/RjErK/5/vPRfTPxFZG4HHdbrgH48BGtlfAaUmLz2jvfDfYiZjM63OvNN!3WGaHqjf
X-Complaints-To: abuse@ohio.net
X-DMCA-Complaints-To: abuse@ohio.net
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
complaint properly
X-Postfilter: 1.3.40
Bytes: 3615
Xref: number.nntp.dca.giganews.com alt.politics.scorched-earth:30454


<SIGH>



(OT) Conspiracy discussion Re: Is MBAM is a 100% safe application?




Quoted text here. Click to load it

I started to read the link posted. when I saw the dates and your comments
concerning pcbutts, I stopped. :)

I know that mbam isn't 100% safe anymore so than my hand sanitizer kills
100% of all germs. (it claims 99.?% instead). It's proven math on these.

Not by fault of either product, it's just not a mathematically correct
(nor legally really) thing to say.
 
Quoted text here. Click to load it

BD, it's usenet.. You can even set google to monitor posts and phrases
for you, and email when it sees something. Technology for you. :)

I lurked for a few days myself before I actually posted the first time. I
have read most of the threads I found on the server here (I use the
server provided by my ISP; old habits die hard) but haven't posted to
many of them.
 
Quoted text here. Click to load it

Could be any number of reasons. Not everything is a conspiracy, ya
know...
 



--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior


Site Timeline