37 replies to this topic

[Bellzemos]

Hello!

Please help me understend two things:

1. Is it a good idea to have Malwarebytes' Anti-Malware AND SUPERAntiSpyware TOGETHER with Avast's Anti-Virus running on one machine (Windows XP)? Will these three interfere/fight or complement one another in protection? Do you use such combinations?

2. I don't really understand... Is Malwarebytes' Anti-Malware a freeware program or a payable... or both? What are the differences between the versions?

Thank you a lot for your help!

[QuizMaster]

I'm not really sure about the first one, but I'll research it.

As for the second one:

Quote

I don't really understand... Is Malwarebytes' Anti-Malware a freeware program or a payable... or both? What are the differences between the versions?

It's both. You can use it for free to scan and remove malware but you need to pay if you want the real-time (live) protection and auto updates/scans, like Ad-Aware.

The free version doesn't have:

1. Real-time protection
2. Auto updates (you need to press the "update" button manually)
3. Auto scans (you need to manually open MBAM everytime you want to run a scan)

[Bellzemos]

Thank you for your help. I hope someone knows about the 1st question... Or even has these 3 installed.

[ky331]

Yes, I have installed, and use all three without any conflicts/problems:

1) avast! antivirus [free version] offers resident (continually-running in real-time) anti-virus protection, and some degree of resident anti-spyware protection.
2) in contrast, malwarebytes anti-malware and superAntiSpyware [free versions] do not offer resident protection, so there is no basis for a conflict here: rather, each is simply an on-demand scanner/remover. each scan may be run with avast resident.
[note that the PAID versions of MBAM and SAS *do* offer resident protection, so using these could indeed result in conflicts]

as for the "need", most people advocate using at least two on-demand anti-malware scanners. while there is no absolute ranking here, based on my own personal experience, and what i have read from trusted sources, i would say that MBAM, SAS, and A-squared (not necessarily in any particular order) are the top candidates [among free programs], and clearly outshine the "competition".

among free anti-virus programs, avira's antivir is also a great choice (alternative to avast)... but only ONE resident anti-virus program should be used.

[ky331]

to clarify a bit further:

the free versions of mbam/sas, being "only" on-demand scanners... do NOT offer up-front "protection"... malware CAN get through. rather, these on-demand scanners can CLEAN UP the problem, after-the-fact.

it is the resident programs that offer PREVENTION/PROTECTION, not allowing bad stuff to get through in the first place.

there is also another class of "protection" programs, such as SpywareBlaster, that offer "protection by immunization"... and have the advantage of not using up any significant system resources. SpywareBlaster can be used in conjuction with all the the aforementioned programs.

[Bellzemos]

Wow, what a nice reply! Thanx for all the information, I agree with everything.

But now I have two more questions...

1. I installed MBAM Free and I wonder about "mbamgui.exe /install /silent" in my startup. Is this a process that will be always present? Is it necessary (since the Free version doesn't have a resident protection)? SAS also has something like that and I don't like it. Can I premanently turn that MBAM process off, and how?

2. About SpywareBlaster... Is this program similar to NoScript? I don't like NoScript. How it works, how it immunizes the system?

Thank you A LOT for your help!

[ky331]

"mbamgui.exe /install /silent" will only RUN ONCE (when you install a new/updated version of MBAM);
after that, subseqent startups will show "mbamgui.exe /starttray", which results in an MBAM icon appearing in your system tray, and an MBAM service running in the background.
these can be disabled by issuing the following command from a DOS/command prompt:
"C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /uninstall
after which, you can continue to run MBAM as an on-demand scanner.

you can also stop SAS from auto-loading at startup: double-click on the sas/bug icon in your system tray, select PREFERENCES, be sure it opens to the GENERAL AND STARTUP tab, and under START-UP OPTIONS, UNcheck the box marked START SUPERAntiSpyware WHEN WINDOWS STARTS, and then close the window.

----

I am not familiar with NoScript. SpywareBlaster sets "kill-bits" that stop known bad ActiveX controls from loading in internet explorer. it places known bad URLs into IE's "restricted zone", which limits what can be done by these sites. it blocks known bad cookies from being accepted by IE, and by Firefox.
In short: download the program, install it. check for updates, and enable all protection. note: spywareblaster (free version) does not automatically check for updates... you should do so manually, every two or three weeks. when a new update is obtained, enable any new protection.

spywareblaster has other features, but i can't get into all of them here. for further information, see the following tutorial:
http://www.bleepingc...tutorial49.html

[AdvancedSetup]

Bellzemos, on Jan 22 2009, 04:49 PM, said:

2. About SpywareBlaster... Is this program similar to NoScript? I don't like NoScript. How it works, how it immunizes the system

SpywareBlaster is nothing like the NoScript Firefox extension {well let me retract a bit of that, in that it is similar in some degree but not as good of protection}

As explained the Killbits do some minimal blocking of KNOWN bad sites and nothing for any NEW site with a new trick. NoScript allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (you train it what to allow and what not to allow, yes it can be a bit annoying at times but VERY safe compared to Internet Explorer) For sites that you know and trust and absolutely know they're safe but don't like how NoScript works in Firefox with them, then use IE for that site. I spend 99% of my browser time in FF but there are a few sites that I use IE, but only for very specific sites.
Then if you add Adblock Plus as well, you'll have a much more enjoyable and safe Web surfing experience.

Part of my process to help users such as yourself is that I have to infect a system on purpose to help see what it does and how best to clean it up. Using Firefox and NoScript makes it almost impossible to do (not 100%, but darn close) I have to use IE on purpose to infect the system.

[Mad Dog Vee]

All the advice you have received is good and valuable.

Add a firewall and a HIPS program or Behaviour Blocker or both if you really want to and you'll be pretty darn secure.

[Bellzemos]

Thank you all! Here's some more things that bother me...

But why is the mbamgui.exe constantly running at all, if it's not a resident protection?
"mbamGUI.exe" probably stands for "graphical user interface"?

"C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /uninstall"
If I run that in DOS (command), will MBAM work as effective as if mbamgui.exe would be set to "on"?

[Bellzemos]

@ AdvancedSetup:

Hm, if SpywareBlaster's Killbits don't do much, I won't install SpywareBlaster. I really don't like NoScript. Well, I don't even wander on weird sites really. The most "dangerous" sites I go to are ************.blogspot.com sites and rapidshare, megaupload, mediafire... sites. But of course you may never know where you can find malware preying on you... I have the bulit-in XP Firewall set "on" too.

Thank you all again for all the help. I think I'm pretty safe with Avast, MBAM, SAS and a bit of common sense, knowledge and - luck.

[QuizMaster]

I have a feeling that running the command will remove mbamgui.exe

I don't know why it's running. I use the free version and mbamgui.exe isn't in Task manager.

[Bellzemos]

Well, now I really don't understand... You think it will really delete the mbamgui.exe file? I think that would cripple the program. And you say it's running and it's not shown in the Task manager?

Confused...

[Bellzemos]

Right now I have just restarted my PC to see what will happen. Nothing happened.

The "mbamgui.exe /install /silent" dissapeared from the startup and "mbamgui.exe /starttray" isn't there either (nor is the system tray icon, of course). And of course "mbamgui.exe" is not running and is not shown in the Task Manager.

My humble guess is that Mr. Mbamgui.exe "saw" that I use the free version of MBAM and decided not to run for free.

But... can someone officialy explain this "mbamgui.exe" thing?

And again - thank you!

[AdvancedSetup]

I didn't say the Killbits wouldn't do anything, just that method is NOT as powerful of a protection method as NoScript. I would still use it.

As for these sites rapidshare, megaupload, mediafire I guarantee you that you'll be back sooner or later looking to get cleaned up because most of the protection tools won't be ready for some of the newly attached Malware to some of those downloads.

But then again downloading from those sites is always an open ticket for good and bad and sometimes you have to pay the piper so to speak.

[Bellzemos]

Hm... "Those sites" sometimes pop up a commercial window, but that's about it. Of course you mustn't click on any content of it. Today I full scanned my system with Avast (throughout scan), SAS (complete scan) and now MBAM (complete scan) and I have 0 infections. And it's like that for half a year now. But then again, I'm not saying that it's all safe...

Do you know anything about the mbamgui.exe thing mentioned up there?

Thank you!

[AdvancedSetup]

No not really - I don't play with the installer or run the program much except to look at the current definitions level so I can alert users that are not up to date.

[exile360]

I saw this asked a few times and no one answered, so to clarify, if you're using the free version of MBAM, there will be NO background processes or services running when you boot your PC, and the MBAMgui.exe install thing is written to the registry as a Runonce key (as mentioned earlier) which means it only runs the first time you reboot after installing. The entire reason it runs to begin with is simply to activate the protection for the pro version, so if you're running the free version, it doesn't even run. SAS on the other hand does run from the tray and loads it's drivers at boot even with the free version, but doesn't offer realtime protection.

[Bellzemos]

exile360, on Jan 23 2009, 07:25 AM, said:

...the MBAMgui.exe install thing is written to the registry as a Runonce key (as mentioned earlier) which means it only runs the first time you reboot after installing. The entire reason it runs to begin with is simply to activate the protection for the pro version, so if you're running the free version, it doesn't even run.

If I use the free version the mbamguti.exe will also run for the first time. But what it does after it's silent installation - I don't know. What it installs if there's nothing new in the startup or in the task manager?

Excuse me for being very curious. Thanx!

[exile360]

Honestly, there's no difference between before it installs and after as it doesn't even run on reboot if you're using the free version. If you wanted, you could actually delete that RunOnce reg key before rebooting and it wouln't hurt anything (I've done it by blocking it with TeaTimer, and deleted it on another occasion using Ccleaner) and MBAM worked just fine after reboot. The RunOnce key is only there to install the protection module if you're running the paid version of the software, so when installing the free version, it doesn't really "do" anything. Hopefully that clears it up for everyone.