Malwarebytes to the Rescue

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


Hi all

Having been hit by 2 viruses in quick succession, I was miffed to find that
the second (a Google re-direct mainly to a site called bediddle!) was
proving very difficult.
I have Mcafee anti virus/anti spy as my resident prog but it had got passed
that one.
Then tried Spybot S&D - didn't see it.
Then tried Adaware - didn't see it.
Finally came to Malwarebytes - I had left this till last as I had seen quite
a bit of bad press about it.
Any old how, it did the trick.

Just wanted to give credit where it's due.

Phil



Re: Malwarebytes to the Rescue




Quoted text here. Click to load it

Hi There. Do you have any urls with bad press I could read?



--
Regards,
Dustin Cook,  Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org
  


Re: Malwarebytes to the Rescue



Dustin Cook wrote:
Quoted text here. Click to load it

There was a positive mention in this month's Windows Secrets:

http://windowssecrets.com/2008/09/18/08-Antivirus-2008-2009-is-the-scum-of-the-earth/?n=patch0

You can't read from the link unless you're a subscriber, but the
relevant line is:

"While a visit to the malware-cleaning site Malwarebytes helped me get
my dad's PC back into shape, the incident points out how difficult it is
to secure a Windows XP workstation when the user runs with full
administrator rights."

--
Rhonda Lea Kirk Fries

"You know you can indict a ham sandwich if you want to."
William J. Martini, Judge, United States District Court



Re: Malwarebytes to the Rescue




Quoted text here. Click to load it

Thanks for the info, Rhonda. Good quote, too.


--
Regards,
Dustin Cook,  Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org
  


Re: Malwarebytes to the Rescue




"Dustin Cook" wrote

Quoted text here. Click to load it
Dustin

I think my use of the term "bad press" was misleading.
IIRC is was a number of threads in this NG that had the negative comments at
the time.

Phil



Re: Malwarebytes to the Rescue




Quoted text here. Click to load it

Ahh. Okay, thanks for the clarification.


--
Regards,
Dustin Cook,  Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org
  


Re: Malwarebytes to the Rescue





| "Dustin Cook" wrote

Quoted text here. Click to load it


| Dustin

| I think my use of the term "bad press" was misleading.
| IIRC is was a number of threads in this NG that had the negative comments at
| the time.

| Phil


Negative comments ?

When ?


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Malwarebytes to the Rescue



You talking about this post I made on 9/9/08. As of yesterday It still has
not been fixed.


Ok you dumbass I will spell it out for you. Go here
http://www.advancedprivacyguard.com/ and click on the download link, your
antivirus should detect it Avast does. For testing purposes disable your
antivirus and download the file. MBAM resident detection does not block it.
Click install. MBAM Resident protection does not block it. Run a scan using
MBAM it detects and removes it. Your boss Bruce said in an interview on
Besttechie a few weeks ago that everything MBAM detects during its scans are
also blocked when using the paid version with real-time protection. Now stop
trying to portray me as a liar and fix your product. Below is the log file
done just a few minutes ago.

Malwarebytes' Anti-Malware 1.27
Database version: 1131
Windows 6.0.6001 Service Pack 1

9/9/2008 10:31:41 AM
mbam-log-2008-09-09 (10-31-41).txt

Scan type: Quick Scan
Objects scanned: 47855
Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 8

Memory Processes Infected:
C:\Users\pcbutts1\Desktop\FreeSetup.exe (Rogue.AdvancedPrivacyGuard) ->
Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\
(Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdvancedPrivacyGuard
(Rogue.AdvancedPrivacyGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AdvancedPrivacyGuard
(Rogue.AdvancedPrivacyGuard) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advancedprivacyguard
(Rogue.AdvancedPrivacyGuard) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad:
("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\AdvancedPrivacyGuard (Rogue.AdvancedPrivacyGuard) ->
Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdvancedPrivacyGuard
(Rogue.AdvancedPrivacyGuard) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\pcbutts1\Desktop\FreeSetup.exe (Rogue.AdvancedPrivacyGuard) ->
Delete on reboot.
C:\Program Files\AdvancedPrivacyGuard\apg.exe
(Rogue.AdvancedPrivacyGuard) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\AdvancedPrivacyGuard\AdvancedPrivacyGuard.lnk
(Rogue.AdvancedPrivacyGuard) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\AdvancedPrivacyGuard\Uninstall AdvancedPrivacyGuard.lnk
(Rogue.AdvancedPrivacyGuard) -> Quarantined and deleted successfully.
C:\Users\Administrator\Desktop\AdvancedPrivacyGuard.lnk
(Rogue.AdvancedPrivacyGuard) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\AdvancedPrivacyGuard.lnk (Rogue.AdvancedPrivacyGuard) -> Quarantined
and deleted successfully.
C:\Users\pcbutts1\Desktop\AdvancedPrivacyGuard.lnk
(Rogue.AdvancedPrivacyGuard) -> Quarantined and deleted successfully.
C:\Users\pcbutts1\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\AdvancedPrivacyGuard.lnk (Rogue.AdvancedPrivacyGuard) -> Quarantined
and deleted successfully.


--
Cyberstalking is a crime. If you had one as bad as I did simply ignoring
them is not an option.




Quoted text here. Click to load it


--
Ignore any posts made by the Stalker Leythos, he's still in love with me.
He started stalking me after I spurned his advances towards me.
He said he would stop Stalking me If I stopped mentioning his name.
As you can see that does not work. He is a sick obsessive STALKER.





Quoted text here. Click to load it


Re: Malwarebytes to the Rescue






I owe you an apology Christopher, for accusing you of bootlegging. In fact,
you are a paid customer. With that in mind, any personal comments you want
to fire off, I won't be able to answer. Oh, it's not because I don't want
too, Christopher, it's because due to my position, I must maintain
professionalism, even with you. :)
 
Quoted text here. Click to load it

Two problems here:

v1.28 is out now, with v1.29 nearing the end of internal beta testing.
The database version as of 8:12pm 09-22-08 EST is 1194.

I am aware of some issues in some cases of our resident protection module
not doing as it should be. v1.29 should correct those incompatability
issues.

As the issue isn't really a database one, but of a low level system driver,
I can't directly help you. I have passed on your concerns to the individual
responsable for that section of code, and I'm told v1.29 should correct any
issues regarding this.



--
Regards,
Dustin Cook,  Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org
  


Re: Malwarebytes to the Rescue







| I owe you an apology Christopher, for accusing you of bootlegging. In fact,
| you are a paid customer. With that in mind, any personal comments you want
| to fire off, I won't be able to answer. Oh, it's not because I don't want
| too, Christopher, it's because due to my position, I must maintain
| professionalism, even with you. :)

Quoted text here. Click to load it

| Two problems here:

| v1.28 is out now, with v1.29 nearing the end of internal beta testing.
| The database version as of 8:12pm 09-22-08 EST is 1194.

| I am aware of some issues in some cases of our resident protection module
| not doing as it should be. v1.29 should correct those incompatability
| issues.

| As the issue isn't really a database one, but of a low level system driver,
| I can't directly help you. I have passed on your concerns to the individual
| responsable for that section of code, and I'm told v1.29 should correct any
| issues regarding this.



Let's face it.

No anti malware is 100% effective and relatively speaking, MBAM is a new kid on
the block.

It is effective.  It is very good and it keeps getting better.

All I can say is...
           Kudos to the team !

Keep it up.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Malwarebytes to the Rescue



Dustin Cook wrote:
Quoted text here. Click to load it

Will v1.29 be released as an upgrade patch of sorts
or will it require a total replacement install?
Currently have v1.28 and db v1194
BTW: what does the fingerprints loaded number refer to?

Re: Malwarebytes to the Rescue




Quoted text here. Click to load it

It will replace the current installation, and it will become available
online and via the internal updater as previous versions have. IE: When
v1.29 goes official, your internal updater will inform you of the new
version, You will be given the choice of updating. If you decline, it'll
ask again later, and you won't get updates until the software update is
allowed.

Quoted text here. Click to load it

The fingerprints loaded is how many unique signatures, or "fingerprints"
we have on file for specific malware. This is not the total amount of
malware known to the program as we have decent hueristics and more of
that coming around the bend, It enables us to catch malware that isn't
directly known by our database, yet anyway. :)

 



--
Regards,
Dustin Cook,  Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org
  


Re: Malwarebytes to the Rescue



Dustin Cook wrote:
Quoted text here. Click to load it

Wasn't one of the earlier heuristic type applications
that Invircible thing from the Jewish guy,
and how does their current version compare to MBAM?

Re: Malwarebytes to the Rescue




| Dustin Cook wrote:
Quoted text here. Click to load it

| Wasn't one of the earlier heuristic type applications
| that Invircible thing from the Jewish guy,
| and how does their current version compare to MBAM?

That "Jewish guy" is Zvi Netiv of Invircible, Israel.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Malwarebytes to the Rescue



David H. Lipman wrote:
Quoted text here. Click to load it

I thought Zvi was with NetZ computing in the Givat Shmuel area of Tel
Aviv, and it's their commercial product that's called Invircible,
in any case that only clarifies a minor point,
but doesn't address the request for a comparison.
Maybe when MBAM tweaks, tunes, and finally releases their latest
heuristic based scan engine someone will do a qualitative comparison
between the two.

Re: Malwarebytes to the Rescue




Quoted text here. Click to load it
isn't

I haven't kept track of Zvi in many years. His program performed rather
poorly then as I recall. Something about a virus and a publication test,
basically the virus wound up owning the pc and invircible too.
Oh the memories.


--
Regards,
Dustin Cook,  Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org
  


Re: Malwarebytes to the Rescue



Dustin Cook wrote:

Quoted text here. Click to load it

Well, there's always the Doren Rosenthal simulator (VirSim),
if you want to give MBAM a real workout. ;-)

Re: Malwarebytes to the Rescue




Quoted text here. Click to load it

You do realize, that MBAM isn't an antiviral application right?


--
Regards,
Dustin Cook,  Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org
  


Re: Malwarebytes to the Rescue



Dustin Cook wrote:
Quoted text here. Click to load it

Yep, for curiosity I ran it through an old collection archive and at
first was a little bit surprised when it said "no hits", not iroc,
krile, babylonia or even happy99, then realized , just as you say, it's
an anti malware (nonviral) application, and a good one at that.

Re: Malwarebytes to the Rescue




Quoted text here. Click to load it

You actually have all of those old programs? WOW! Are you some collector or  
something? heh.

Nah, MBAM nor BugHunter is/are designed for actual viruses. Antivirus
specializes in that. We specialize in the other aspects of malware. A good
antivirus with a decent resident antimalware program such as mbam keep you
much more secure than either does alone.



--
Regards,
Dustin Cook,  Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org
  


Site Timeline