Jump to content

Malware Bytes and AVG Resident Shield?


Recommended Posts

Hi.

I am a Malwarebytes Free version user, and I recently was doing a scan with Malwarebytes. I also have a paid AVG 8.5 AntiVirus program that I use too.

While I was doing a scan with Malwarebytes, AVG's resident shield popped up with a warning for a virus. I clicked on the "more about this" link, and the Program listed that it was coming from was Malwarebytes. I thought that this was pretty strange. After I opted to remove it with the Resident Shield, I checked the Virus Vault and looked at the pathname, and Malwarebytes was not seeming to be listed in the pathname.

So, my question is, has this EVER happened to anyone else? Has Malwarebytes ever had a virus come from itself before? Does anyone know anything about this?

I love this program and I have been using it for a few months now and am considering buying the paid version.

However, when this happened today I became concerned that Malwarebytes was possibly infected with a virus.

Any help that anyone can offer would be extremely helpful! Thank you! Also, if you need any more details, please let me know.

Link to post
Share on other sites

Thank you. Do you mean that I need to post the log details of MBAM or of AVG?

AVG doesn't actually have a log, however, I could take a screen shot and show you what came up.

While the resident shield named the program as Malware Bytes, in the Virus Vault Malwarebytes name is nowhere to be seen, so its a little confusing. If the Resident Shield pops up again like this, I will be sure to take a screen shot of it and upload it.

You would need to post the log details so that we can see what was actually reported by AVG

If its one of our system files then it would need to be reported to AVG as a False Positive so they can remove it from their detection files.

Link to post
Share on other sites

Thank you.

I did find the log, however, it just gives a history of what you have done with AVG (updates, scans, etc) and doesn't show anything about what actually was found.

I'll attach a picture of a screen shot of the virus vault. Let me know if you'd like me to upload it to a photobucket though since it could possibly have a virus, but I would hope not.

I mean the AVG log. I don't have the paid version, but if you look around in the settings, somewhere there should be an option with logs.
Link to post
Share on other sites

  • Root Admin

Nothing in that screen shot to indicate anything to do with MBAM.

You may want to follow the directions below though and have someone assist you with checking on your box.

AVG does show that you have/had some Malware activity that may still need cleanup.

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
  • NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.
Link to post
Share on other sites

Thank you very much. I'll try the HiJack this program too.

I am not sure what was going on with Mbam and the Resident Shield. It only happened when I was running an MBAM scan. I am running it again and if it pops up again, I will be sure to post a picture of what it looks like. Essentially it detected a threat,, showed the name of the threat and then I opted to have more details displayed, and the program listed underneath was MBAM and there was a 4-digit number listed underneath that. It was confusing to me whether it thought that the problem came from MBAM (which it doesn't seem likely, do you have any idea about that?) or if it just had it there randomly.

Do you know of anyone else who has had a problem like this? Also, do you know if there is any possibility that a virus has ever come through with the Malwarebytes program?

Link to post
Share on other sites

  • Root Admin

Well if your asking has any Malware or Virus slipped past the paid version of MBAM's Protection Module the answer is yes. In general I think that we're one of the best out there on the market for this type of protection, but no one can 100% protect from everything every day. If something does get past and you're aware of it then let us know and we'll work to capture it and add it to our protection.

If you do run into it again please do capture screen shots and or logs and post them and we'll take a look.

As for anyone else experiencing this - I've not seen anyone post with the same description that you explain.

Link to post
Share on other sites

Thank you so much for your reply.

That definitely helps. My other question was and I am not sure if I worded it correctly, has Malwarebytes ever had a virus itself? What I mean is, has the program itself ever contained or harbored a virus that you are aware of?

Okay, thanks. I was just wondering if this had happened to anyone else. Something similar also happened on my home computer (this particular post that I made happened on a friends laptop - I have downloaded and run this program on my home computer as well as the friends laptop. They also have a paid AVG version. I forgot to say that in my original post because I wasn't sure if it was important to mention or not.) On my home computer, the issue with Malwarebyes and ResidentShield that popped up was a matter of a tracking cookie, which didn't hugely concern me, but the Trojan on the laptop was concerning to me.

If I run into it again I will definitely capture a screen shot. I don't know why I didn't think to do it before. I think its because I panicked about the virus.

Link to post
Share on other sites

Thank you. What do you mean by your own hosted version? Obtaining it off your your website? The only place I know to download the free version of Malwarebytes (which is what I am currently using) is from download.com

I got the link directly off of the wwww.malwarebytes.org website and it took me to download.com I hope that this was safe.

The ResidentShield thing happened again, and I captured a screen shot. I attached it below.

At the bottom, the process says "Malwarebytes". This is really confusing to me. I don't understand if AVG thinks that the virus is coming from Malwarebytes or if Malwarebytes is detecting this virus.

No, not our own hosted version. However there are other sites that do host our installer and some rogue sites that trick you into downloaded what might appear to be our installer but is as you say already infected.
Link to post
Share on other sites

  • Root Admin

It looks like the file KER.EXE is trying to be block by both Malwarebytes and AVG at the same time.

Look for a setting in AVG to place all the Malwarebytes files on a Trusted Applications list or Exclusion List and see if that helps.

You will also need to include these files:

C:\WINDOWS\system32\drivers\mbam.sys

C:\WINDOWS\system32\drivers\mbamswissarmy.sys

Link to post
Share on other sites

Thank you. I will try doing that and post back to you :P This doesn't happen every time though. It's happened three times on my friends laptop and then once on my home computer, where it popped up with ResidentShield but the warning was a cookie so I am not as concerned about that but it still strikes me as odd.

It also definitely seems as though the computer DID have that virus on it. Do you have any ideas about that and why MBAM might have been listed at the bottom of the ResidentShield? I'm concerned that there is a virus in the computer that is not being detected except by ResidentShield and if I change the settings, I am not sure what it will do.

Another thing is, I have installed MalwareBytes on a couple other friends computers that also have AVG, and this has not happened on those computers. (I am okay with computers and some programs and so I offered to help them find a program in addition to their anti-virus program to help detect anything that it may missed. My friends are not as computer savvy). I am at a loss for what may be happening here. I am just really concerned about the virus being found seemingly ONLY when MBAM is being run.

Thank you again for all your help and I look forward to hearing back from you.

Link to post
Share on other sites

Hi! Sorry for the late reply. I decided not to add Malwarebytes to the exclusions list because I was concerned that this was the only way the virus was being detected. The reason I think that this is the case is because this is not happening during every scan, it has only happened once or twice as far as I can remember.

I also have no idea what ker.exe was or is.

Other than this, I have not seen any interaction or blockage concerns between AVG and Malwarebytes.

Thank you again for your help and if I do need to add those files to the Trusted Applications or Exclusions list, I now know what I need to do ;)

It looks like the file KER.EXE is trying to be block by both Malwarebytes and AVG at the same time.

Look for a setting in AVG to place all the Malwarebytes files on a Trusted Applications list or Exclusion List and see if that helps.

You will also need to include these files:

C:\WINDOWS\system32\drivers\mbam.sys

C:\WINDOWS\system32\drivers\mbamswissarmy.sys

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.