20 replies to this topic

[Bobc11]

Just a recommendation maybe you guys should program a version for Linux users.

[swagger]

Bobc,

Linux is inherently more secure and less likely to be affected by viruses even if they exist on the computer. So with that regard, I think MBAM should probably stay on the Windows platform and concentrate on being the best it can be since Windows is the most popularly targeted O/S platform.

[Giving Up]

swagger, on Aug 31 2009, 07:52 AM, said:

Bobc,

Linux is inherently more secure and less likely to be affected by viruses even if they exist on the computer. So with that regard, I think MBAM should probably stay on the Windows platform and concentrate on being the best it can be since Windows is the most popularly targeted O/S platform.

I'd like to put my 2 cents in on this. What you said is absolutely right. However, there's a new breed of trojan/virus/malware that makes the ability launch MBAM from a linux OS in order to scan a Windows partition so important. I am currently experiencing and trying to recover from the worst malware attack I have ever experienced. I don't know exactly how it got in, but I do know that the strain that I have actively compromises all popular virus and spyware scanners that I have thrown at it. Let me give a rundown of what has happened to my system in the past week:

[START OF RANT]
All symptoms that I describe below started IMMEDIATELY following a windows update. (Of course seeing what this thing can do, that was probably a spoofed windows update).

-At first, getting multiple, persistent, fake trojan alerts and nags to buy fake spyware removal programs (Antivirus Pro 2010). Created a spoofed Windows security center to back up its claims

-Random FAKE bluescreen of death. You can tell its fake because you can exit out of it with Alt-TAB. Uses a terminal emulator to look genuine. Bluescreen message has misspellings. Also implores you to "check your antivirus"

-Disables and corrupts ALL malware/spybot/virus scanners. Got into my system with nary a peep from Mcafee antivirus/firewall. In the case of spydoctor it appears to work WITH it to give the system a clean bill of health when there are still obvious signs of infection. The one program that seems suited to remove this malware (according to all forums in months past) is Malware Bytes. Malware Bytes can't open, can't reinstall, and can't uninstall. Manual removal of all files shows that the trojan is occupying one of its DLLs from the moment windows starts up and won't let it go.

- An active session AVAST antivirus (which also seemed to detect at least part of it according to forum posts in the past) became immediately unavailable when the trojan acted up.

-All of this is STILL active in all forms of windows safemode.

-Redirects Explorer, Opera and Firefox (all that I've tried) away from antimalware sites and to random advertising sites. All direct clicks in google results get redirected. URLs can still be typed in manually.

-After manually deleting all dll's, sys, vbs, and other files known to associate w the Antivirus Pro 2010 trojan (and anything else that looked suspicious), I installed a freeware firewall (Commando I think). Although getting many error messages of multiple files trying to call to the dlls that I deleted, the spoofed virus warnings were gone. I figured it was time to rest.

-About 45 minutes after I supposedly blocked the malware (with the intent of figuring out how to get rid of its remains)... MY COMPUTER STARTED PLAYING AUDIO COMMERCIALS!!! The commercials have been for dish detergent, video games and movies... and have been interspersed with periods of about 30 seconds of what sounds like random conversation at a party...
[END OF RANT]


I have come to the conclusion that my only resort at this time is to blank the drive and reinstall Windows. At the moment I am using an old spare 30gig drive on which I have installed PCLinuxOS 2009.2. Now I definitely like Linux, I like the idea behind it... I like its security and its relatively untouched status as far as malware goes (probably subject to change as soon as Linux has a larger user base).

But Windows is what everybody releases stuff for. Windows is what all my electronic gizmos support. I don't want to nuke windows... to quote The Tick "You can't destroy the EARTH... thats where I keep all my STUFF!!!"

I need a Malwarebytes to be released for Linux, so there is a safe place for the program to stand while its trying to save Windows.

[Ashhhhhh]

I work in I.T and I often use Malwarebytes for cleaning infections from clients PC's.

Many times I need to remove their HDD and fit to my own PC via external drive caddy and scan it that way, you can remove very persistent infections this way because they are not "active"

Recently I changed to Linux and now cannot use that method because there is no Linux version of the app.

Short...MAKE A LINUX VERSION!!
Its not to clean PC's that are running Linux but purely for its ability to scan Windows O/S CONNECTED to Linux!

Please please please!

[GT500]

Ashhhhhh said:

I work in I.T and I often use Malwarebytes for cleaning infections from clients PC's.

There was a BartPE plugin in development for users who purchase special technician licenses, but I'm not sure how the development is going.

[noknojon]

Hi Giving Up and Ashhhh -
At least I agree with you on one part of the 'rant' - Spy doctor was so hopeless I took a day to fully remove it - Don't know why it ever got any ratings -
Any other anti malware program is much better - I must admit to not being a Linux user , but do any other similar systems work - Like Superantispyware, Kaspersky or similar anti malware (not including Spybot S & D) -

[yardbird]

@ noknojon

Find out if "Autoruns" will get rid of what you want? Also for your post down in PC Help

[exile360]

I know that Avira has a version for Linux.

[bsw_sr]

There is a big need for a linux version of several different virus, spyware, and malware tools to use to scan windows partitions. One I currently a lot is Puppy Linux installed on a flash drive with Avast AV. That works really well and I can usually clean a windows partition good enough to boot back to windows and use other tools to double check. I am a tech and have to deal with this everyday and have tried several different builds of linux and all of the AV progs available for it and I found this combination to work best for me

[DanielHendrycks]

+1 Linux support

[DealerMan]

I'm all for a Linux port as well. I'm having the same problem as GivingUp, caused by the 'Internet AntiVirus 2010' rogue crapware. I was successful in using an online scanner installed through Wine on a Linux Mint Live CD, but it detected nothing. I'm sure it will take a combination of programs & cleanup procedures, but I'm hopeful I can get it all cleaned up.

[AdvancedSetup]

There are many support forums on the Web to assist users with Malware removal when needed. The creation of any type of Linux tool if created would be a long time off in the future.

Here is a list of approved sites

If you wish to seek help here on our board please follow the directions below.



We don't work on Malware removal in the general forums.
Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.
One of the expert helpers there will give you one-on-one assistance when one becomes available.
After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

[DanielHendrycks]

+1 Pre-dominate the future of OS's.

[smokineasy]

i must agree with every1 that wants malwarebytes to run from linux as well..
i only scan my windows partition from linux using bitdefender as its so much better and quicker than running a av scan in windows

and i have so much respect for malwarebytes but when i was trying to disinfect a pc with a fake AV
trying to run malwarebytes from windows it kept getting disabled

i would also like to say that a lot of virus adware and spyware writers in the future will always try to stop malwarebytes from working on a infected pc, as malwarebytes is so highly respected and it tends to be the 1st program people use when they have malware on there pc!

a linux malwarebytes is a must

[AdvancedSetup]

smokineasy, on Jun 11 2010, 12:12 PM, said:

a linux malwarebytes is a must

AdvancedSetup, on Jan 21 2010, 03:00 PM, said:

There are many support forums on the Web to assist users with Malware removal when needed. The creation of any type of Linux tool if created would be a long time off in the future.

We won't rule it out but if we did it would still be a long time from now.

[malware destroyer]

also a mac version is well is a must a more people are targetting macs nowadays

[DragonMaster Jay]

I just wanted to comment on protection for Linux.

Linux is not bulletproof. But, it is much more secure, of course.

Linux operating systems have a team behind them that continually work to release security and software updates, as Linux is not vulnerability free. A particularly intelligent user will know that security updates for Linux are just as critical as they are for Windows.

The antivirus/antimalware for Linux users, that are currently available (Avira, AVG, avast!, F-Prot, Kaspersky, BitDefender, Trend Micro, McAfee, F-Secure, ESET, Symantec, Panda, Dr. Web, Sophos, etc.) are mainly for business workstations and personal users that need the feeling of being secure. When used in personal situations, it is more for the beginner user that is not aware of security updating.

The need for an antivirus is rather slim for Linux systems.

I could imagine a personal user wanting an antivirus to scan documents, pictures, movies, etc. that came from a Windows machine. Also, if any user has a fad to be into social sites, particularly ones that contain social engineering attacks, they too should have an antivirus for Linux. Linux machines are vulnerable to most social engineering attacks.

[1PW]

+1 for MBAM supporting Linux some day.

<http://www.pcworld.com/businesscenter/article/198686/linux_trojan_raises_malware_concerns.html>

[unoriginal]

If you guys could port the IP Block module, that would be enough for Linux.

[DragonMaster Jay]

Actually, you could install hpHosts for Linux. That might be easier than worrying about the IP block module.