32 replies to this topic

[RubbeR DuckY]

Version 1.20 (July 7th, 2008)

1. (FIXED) Improved overall quality of code.
2. (FIXED) Improved detection of certain malicious components.
3. (FIXED) Minor GUI inconsistencies.
4. (FIXED) Improved error handling.
5. (FIXED) Problem fixing LSP entries.
6. (FIXED) Potential for memory leaks in Protection Module.
7. (ADDED) Support for Russian language.

This should fix a few speed problems with the Protection Module.

The zlib.dll problem will be fixed in the next version.

[eXaByTe]

Goodie! Malware Bytes gets better all the time!



-eXaByTe

[leofelix]

Hello Marcin Hello All,
Just updated via internal updater on two machines of mine.

Only in PC running XP PRO SP 3 (32 bit) I got an error when installing:
MBAM 1.20 couldn't register itself in "Run Once" Key (I'm sorry I do not have a snapshot).
However everything got well.

Nothing to report about my Laptop with XP Home SP 3


Kind regards

[Tarun]

Posted on Lunarsoft and soon to appear on Digg!

[JeanInMontana]

Scan time increased significantly, and after it was complete I hit the exit button and MBAM froze for a while. Finally got Task Manager end program notice and I said yes.

Malwarebytes' Anti-Malware 1.20
Database version: 930
Windows 5.1.2600 Service Pack 2

6:05:22 PM 7/7/2008
mbam-log-7-7-2008 (18-05-21).txt

Scan type: Quick Scan
Objects scanned: 38832
Time elapsed: 6 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Cordialis]

Thanks for the new MBAM!

[John L. Galt]

Strange, Jean - my scan times went *down* instead of up....

Malwarebytes' Anti-Malware 1.20
Database version: 929
Windows 6.0.6001 Service Pack 1

19:55:09 7/6/2008
mbam-log-7-6-2008 (19-55-09).txt

Scan type: Quick Scan
Objects scanned: 32853
Time elapsed: 1 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

and

Malwarebytes' Anti-Malware 1.20
Database version: 929
Windows 6.0.6001 Service Pack 1

20:24:49 7/6/2008
mbam-log-7-6-2008 (20-24-38).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 234500
Time elapsed: 25 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\Downloads\ComicRackSetup0980.exe (Rogue.Installer) -> No action taken.

That last was an FP, and I think only because of the name - codeboxcRackSetup0980.exe - because when I copied to file to an empty drive and manaully scanned it, it found nothing:

Malwarebytes' Anti-Malware 1.20
Database version: 929
Windows 6.0.6001 Service Pack 1

20:33:04 7/6/2008
mbam-log-7-6-2008 (20-33-04).txt

Scan type: Quick Scan
Objects scanned: 9
Time elapsed: 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Plus, a submission to VirusTotal showed 0 hits, and a previous submission, based on the file's hash.

Note: Edited post to use codebox tags instead of quote tags for readability - JG

[sho-dan]

Hello Marcin

9pm schedule auto update/reboot, no problems or errors to report. Scans times are quicker.

Malwarebytes' Anti-Malware 1.20
Database version: 930
Windows 6.0.6001 Service Pack 1

10:18:06 PM 7/7/2008
mbam-log-7-7-2008 (22-18-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 103558
Time elapsed: 13 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
------------------------------------------
Malwarebytes' Anti-Malware 1.20
Database version: 931
Windows 6.0.6001 Service Pack 1

10:20:45 PM 7/7/2008
mbam-log-7-7-2008 (22-20-45).txt

Scan type: Quick Scan
Objects scanned: 36774
Time elapsed: 1 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

[mona7865]

No problems with updating and running a quick scan.
Malwarebytes' Anti-Malware 1.20
Database version: 930
Windows 5.1.2600 Service Pack 3

5:08:59 8/07/2008
mbam-log-7-8-2008 (05-08-59).txt

Scan type: Quick Scan
Objects scanned: 43665
Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Full scan ran without any problems as well.

Malwarebytes' Anti-Malware 1.20
Database version: 930
Windows 5.1.2600 Service Pack 3

6:34:15 8/07/2008
mbam-log-7-8-2008 (06-34-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 133476
Time elapsed: 1 hour(s), 18 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Mona.

[evilfantasy]

Smooooth. Internal update.

Malwarebytes' Anti-Malware 1.20
Database version: 931
Windows 5.1.2600 Service Pack 3

11:28:03 PM 2008-07-07
mbam-log-7-7-2008 (23-28-03).txt

Scan type: Quick Scan
Objects scanned: 74849
Time elapsed: 20 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

[2Ton]

The update went smoothly. mbam says Revouninstaller is a rogue.

alwarebytes' Anti-Malware 1.20
Database version: 931
Windows 5.1.2600 Service Pack 3

6:10:05 AM 7/8/2008
mbam-log-7-8-2008 (06-10-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 100820
Time elapsed: 23 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Downloads\revosetup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

-------------------
Thanks

[RubbeR DuckY]

Can somebody please post this in the false positives forum with a developer log?

[2Ton]

Quote

Can somebody please post this in the false positives forum with a developer log?

Sorry Marcin, I do not know how to produce a developer log. How do you produce it?

[lurkingatu2]

here you go 2Ton

click the Start Menu, Run, and type the following:

mbam.exe /developer there is a space between the e and /

[honda12]

Internal update went fine except after the install MBAM checked for definition updates then immediately closed

My scan time was about 1 minute slower than usual, but I think that may be more of a case of me running programs and not clearing temporary files

Apart from that, Good Job!

Malwarebytes' Anti-Malware 1.20
Database version: 931
Windows 6.0.6001 Service Pack 1

09:04:24 08/07/2008
mbam-log-7-8-2008 (09-04-24).txt

Scan type: Quick Scan
Objects scanned: 36422
Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[2Ton]

Quote

here you go 2Ton

click the Start Menu, Run, and type the following:

mbam.exe /developer there is a space between the e and /

Hi, Marcin

I do not think these logs are any good. I followed your instructions: "Start, Run, "mbam.exe /developer". (no quote marks). That caused mbam to load, but it does not scan automatically. So when mbam loaded I chose the Quick scan and followed it with the Full scan.

I do not see any difference with the previous scans.

1.

Malwarebytes' Anti-Malware 1.20
Database version: 932
Windows 5.1.2600 Service Pack 3

7:45:35 PM 7/8/2008
mbam-log-7-8-2008 (19-45-35).txt

Scan type: Full Scan (C:\|)
Objects scanned: 101332
Time elapsed: 22 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

2.

Malwarebytes' Anti-Malware 1.20
Database version: 932
Windows 5.1.2600 Service Pack 3

7:20:07 PM 7/8/2008
mbam-log-7-8-2008 (19-20-07).txt

Scan type: Quick Scan
Objects scanned: 45233
Time elapsed: 6 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

This of course has been done after the most recent update. (932) Since I had deleted the Revo Uninstaller, I downloaded another copy and mbam has not flagged it as a rogue. I hope this helps.

Thanks

[thanatos]

Hello guys!! Thanx for 1.20!

I noticed Dr.WEB AV no longer detect you as a backdoor trojan. Did you change the code that much, or was there any other solution found?

I see that you also included russian language and now you product isn't detected by a russian AV
j/k

[EliteKiller]

I just loaded MBAM 1.20 on a customer's XP2000+ w/ 512MB DDR running XP Pro and SAV Corp 10.0. Unfortunately MBAM's real-time protection had a very noticeable impact on system performance so I disabled it.

In addition if I right-clicked the MBAM tray icon > disable protection > it would pop up the "are you sure that you want to disable...." > yes. I then opened the MBAM gui and real-time still showed to be enabled, and the mbamservice is still running. You must exit MBAM via the tray icon for real-time to be unloaded. Is this by design?

Attached Images

• 

[RubbeR DuckY]

Quote

You must exit MBAM via the tray icon for real-time to be unloaded. Is this by design?

Yes, for now it is. I am planning on making the same actions available within the scanner. As for the system performance, are there any entries in Event Viewer?

[EliteKiller]

RubbeR DuckY, on Jul 9 2008, 07:08 PM, said:

As for the system performance, are there any entries in Event Viewer?

Only a single notification entry which is much better than 1.19

Quote

The description for Event ID ( 1 ) in Source ( MBAMService ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: MBAMService, Info: MBAM realtime monitor started successfully.