2 replies to this topic

[GT500]

claudiubotezatu, on Jan 8 2009, 06:44 PM, said:

I am wondering if is possible for a virus/malware to do the same...I mean to delete the key and dissable MBAM.

Most likely, and I think there are plans to protect those settings in later editions.

Right now it's not a huge deal. Most malware is more interested in trying to prevent MBAM from running altogether.

[Raid]

claudiubotezatu, on Jan 8 2009, 06:44 PM, said:

... deleting the KEY and/or ID in HKLM-Software-MBAM.

Hi,

Following the discution with Arthur Wilkinson (GT500) I decided to give MBAM another try. I noticed that if I manually delete the KEY or ID in HKLM-Software-MBAM, the real time protection of MBAM is dissabled on the next start-up.

I am wondering if is possible for a virus/malware to do the same...I mean to delete the key and dissable MBAM.

Technically, your reverting MBAM back to unregistered mode. RealTime protection would be disabled in unregistered mode.

We may in the future change the location of user registration information. But so far, malware we've seen seems much more interested in keeping us from running in the first place. Resident or otherwise. If your intent on a targeted attack against XYZ program, there isn't much that's really going to stop you.