Malwarebytes site no longer accepts donations

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
They used to have a PayPal button for donations, but they got rid of
it. I was going to throw a small donation their way.  They do help
people remove viruses on their forum, though nowadays if you backup
religiously, rather than removing viruses you can simply reinstall
your HD from an earlier HD image.

RL

Re: Malwarebytes site no longer accepts donations

1b0208390d06@j10g2000vbb.googlegroups.com:

Quoted text here. Click to load it

ray, malwarebytes doesnt attack or delete viruses

Re: Malwarebytes site no longer accepts donations

Quoted text here. Click to load it

Is this one of those academic debates over what is a virus?  I guess a
computer virus replicates itself repeatedly inside a PC, unlike a worm
or malware, which is a Singleton?

RL

Re: Malwarebytes site no longer accepts donations

RayLopez99 wrote:
Quoted text here. Click to load it

It could be, but I don't think 'sal' was really trying to spark a
debate. I think 'sal' just wanted to point out that MBAM doesn't
properly address the subset of malware known a the "virus". You would
need an antivirus program for that.


Quoted text here. Click to load it
 > inside a PC, unlike a worm or malware, which is a Singleton?

Partially correct. There are many distinctions being made, and not all
of them are really definitive.

Malware is the umbrella term for all malicious software. Contrary to
what most if not all malware experts will tell you, the "virus" is not
necessarily malicious, so viruses are not truly a subset of malware (the
same can be said of spyware and adware).

One good distinction exists between the replicating malware (worm or
virus) and the trojan. Replicating malware can self-distribute itself
where the trojan needs to be distributed by another entity.



Re: Malwarebytes site no longer accepts donations

FromTheRafters wrote:
Quoted text here. Click to load it

As 'trojan' is a vector of distribution, it doesn't need anything.
Maybe if you mung the terminology often enough
some newbie will adopt it as if it had some relevance.
Just look at the (for the most part successful) campaign the distilled spirits
cartel waged to try and separate drugs from alcohol (a drug).

Re: Malwarebytes site no longer accepts donations

ASCII wrote:
Quoted text here. Click to load it

A trojan is not a vector of distribution. Viruses use the same vector
that trojans do, they usually present themselves in exactly the same
way. The difference is that they replicate and place their replicant
where it results in yet another trojanized program. If a trojan
replicates recursively in this manner it is termed a virus or worm
instead. The term trojan remains for non-replicating malware.

Quoted text here. Click to load it

I hear what you're saying, but that's not what's happening here. There
is much misunderstanding around as is demonstrated by your comment. A
vector is a path, a trojan is not a path. Sure, trojans usually are seen
to take a certain path, but that does not make that path a "trojan
vector" exclusively.


Re: Malwarebytes site no longer accepts donations

FromTheRafters wrote:
Quoted text here. Click to load it

To me it seems you're confusing the vessel (trojan)
with the load (malware or other)
Maybe I should have said 'carrier' instead of 'vector'?
Hey, call anything whatever you like,
I'm just too caught up in the past.

Re: Malwarebytes site no longer accepts donations

ASCII wrote:
Quoted text here. Click to load it

That works for me, but a trojan is not a carrier of malware - it is the
malware itself. As an analogy, consider a virus (bacteriophage) and a
mosquito. The virus (code) is injected into the bacterial cell and many
copies escape when the host cell ruptures. This is how it "spreads" to
new cells. It then gets "distributed" to new creatures using the
mosquito vector.

The mosquito is the carrier from host organism to host organism, but the
phage is the (code) carrier from host cell to host cell.

Whether it can replicate or not, it is still presented as a normal cell
to the host organism - which gets more than it bargained for. This 'more
than it bargained for' is the essence of 'trojan' in that a trojan does
something 'other than or in addition to' what is expected, and that
'thing' that it does is or would be unwanted if the host had known about
it beforehand.

Quoted text here. Click to load it

Well, I usually have a reason for calling things what I do. If it flies
in the face of what is generally accepted, I am happy to explain my
reasoning. Anyone can feel free to believe differently if they so
desire; I just took your comment as a query for more information instead
of just a dig at me. :o)



Re: Malwarebytes site no longer accepts donations


Quoted text here. Click to load it
 
ŠIsn't that a more complex way of saying the same thing? :-)



--
   --- A dyslexic man walks into a bra ---

Re: Malwarebytes site no longer accepts donations

FromTheRafters wrote:
Quoted text here. Click to load it

I'd say blatant trickery could be called a vector,
or at least an enabler.

Re: Malwarebytes site no longer accepts donations

ASCII wrote:
Quoted text here. Click to load it

...or a method.

If someone uses a software vulnerability exploit and replaces "ntldr"
with some "ntldr+keylogger+something.else" trojan, it is still a *trojan
even though you never even got the chance to be fooled by it. It *still*
does something 'in addition to or instead of' what is wanted.

I guess it is more about the Greek soldiers inside the horse these days
than it is about the way it is presented as a gift to the city of Troy.

*Unless it replicates, in which case it is either a worm or a virus.

Re: Malwarebytes site no longer accepts donations

Quoted text here. Click to load it



I see.  Since you seem to be knowledgeable in this field, I'd say as
knowledgeable as David H. Lipman but you have not yet killfiled me, as
perhaps he has, I ask you Mr. Rafters:  what if I have MBAM (that's
the acronym for the Malwarebytes offering) installed, the free
version, then it removes one of those scareware trojan/ viruses (the
ones that falsely say you have been infected and look like Microsoft
Security Essentials (MSE)), but then later, when I run a Linux-based
standalone Kaspersky "rescue CD" it finds traces of the scareware
trojan?  Does that mean MBAM has failed? Seems that way to me.  But it
did detect and remove in real-time the threat it seems (or neutralized
it, since it went away, and it had even changed the background color
of my desktop) but then on a complete rescue CD scan (which took the
better part of the day) Kaspersky found traces of Java files that had
the very same scareware.  I'll try again another complete scan
tomorrow to make sure this scareware is not something that somehow
mutates and stays undeletable ("replicating malware" to use your
phrase).  BTW MSE failed to detect the scareware on a complete system
scan: bad for Microsoft.

Also your opinion on this "standalone" rescue CD* offering below,
which for $10 seems fine and it runs Windows Pre-Installation rather
than Linux as the base OS, which seems to me to get "closer to your
machine" if you are running Windows 7 as I am.  I get the same free
from Kaspersky but I like a belt-and-suspenders approach to malware
detection and removal.  BTW if I find that there's still malware
tomorrow, I will just bite the bullet and install a previous HD image
file from last week when I think my system was clean.

Thank you.

RL

*  http://www.pcmag.com/article2/0,2817,2384916,00.asp#fbid=3DmyAt2e7FxiR

Re: Malwarebytes site no longer accepts donations

RayLopez99 wrote:
Quoted text here. Click to load it

I'd say he is more knowledgeable than I am about malware. I don't think
he has killfiled you, he probably just ignores you the old fashioned
way. :o)

  I ask you Mr. Rafters:  what if I have MBAM (that's
Quoted text here. Click to load it

It might be that MBAM is more concerned with stopping the malware from
working than it is to remove all remnants. You would have to ask them
about that. Kaspersky OTOH is concerned with reversing modifications to
files as a result of an infestation or viral infection.

  Seems that way to me.  But it
Quoted text here. Click to load it

Replication should not be confused with persistence although they can be
related.

Quoted text here. Click to load it

It evidently has no problem detecting and dealing with Chrome though. :o)

Quoted text here. Click to load it

Yeah, I noticed that not all rescue CD offerings were Linux based. It
makes me wonder though how Windows PE deals with reserved words and
illegal characters in paths and filenames.

Quoted text here. Click to load it

Good idea, if one doesn't work, perhaps the other will.

[...]

Re: Malwarebytes site no longer accepts donations


Quoted text here. Click to load it
I see you replied you RL.

It all depends upon what those "remnants" are.

If the malicious binaries have been removed but a Registry or Path location
remains, they
may be considered a remnant of the original infection but by themselves, are not
a
problem.

There is also the possibility of a remnant file but the loading methodology has
been
removed such as a HKLM / HKCU Run for a DLL or EXE.  The Registry entry was
removed but
the file wasn't.  Now the file is orphaned and without it loading it is a
remnant and not
part of an active infection.


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



Re: Malwarebytes site no longer accepts donations

David H. Lipman wrote:
Quoted text here. Click to load it

You might get some of those pesky 'file not found'
boxes on startup that you have to click away

Re: Malwarebytes site no longer accepts donations


Quoted text here. Click to load it

If it is a HKLM / HKCU Run for a malicious.DLL using RUNDLL32 and the
malicious.DLL has
been removed, yes.
If the Registry entry was removed but the file wasn't, no.


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



Re: Malwarebytes site no longer accepts donations

David H. Lipman wrote:
Quoted text here. Click to load it

Correct

Whenever I've gotten such an alert,
I had to crawl the registry to remove the dead value.

Re: Malwarebytes site no longer accepts donations

David H. Lipman wrote:
Quoted text here. Click to load it

Yeah, he hasn't irritated me lately. ;o)

Quoted text here. Click to load it

I suspected something along those lines, thanks for responding.


Re: Malwarebytes site no longer accepts donations

wrote:
Quoted text here. Click to load it
=A0> approach to
Quoted text here. Click to load it

I see.  This makes sense.  I do believe that MBAM got rid of the
"active"portions of the malware removed, which, as you seem to imply,
is a registry entry but the library or executable file (.DLL or .EXE)
remained, and this is what Kaspersky reacted to.  Another possibility:
perhaps MBAM 'archived' or "quarantined" or somehow stored the malware
(under the "Quarantine" option), but Kaspersky saw this archive as a
threat (since it's not clear to me how antivirus programs archive
stuff anyway--I would think they would password protect the file so it
cannot be read by another antivirus program, but I could be wrong).

BTW, here was the malware caught by MBAM, and neutralized, and then
Kaspersky totally eradicated (all traces) of it:http://
www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=3DTro=
jan:Win32/Fakeav
(and associated other files)

Thanks for your time.

RL

Re: Malwarebytes site no longer accepts donations

sal minella wrote:
Quoted text here. Click to load it

It does detect *some* viruses.

Site Timeline