Jump to content

DonZ

Honorary Members
  • Posts

    74
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I restored the keys that were originally quarantined since I have now multi-quarantine entries. For what it is worth, this issue with MBAM heuristics stated a couple of days again. Prior to that all was fine. Image_File_Execution_Options_2.txt
  2. Also appears this is not a new issue? https://forums.malwarebytes.org/index.php?/topic/156567-mbam-not-getting-along-with-emet-50/
  3. Here's the reg key. Note that wininit.exe and wuauclt.exe are missing from the root since MBAM quarantined them. They are listed under the C: subkey. Appears EMET uses that C: subkey. Image_File_Execution_Options.txt
  4. Did some research. All those keys that have been quarantined are used for is setting SEHOP. So I am clueless as to why MBAM all of a sudden wants to flag them.
  5. Here's the most recent log. I thought I found the problem. For those registry keys, appears for some reason EMET did not add a DisableExceptionChainValidationKey. I added it and ran another MBAM scan but MBAM still flagged the same keys. So if you guys can't come up with a reason, I might just reinstall EMET 5.1. MBAM_log_02-160-2015.txt
  6. WIN 7 SP1 x64, MBAM ver. 2.0.4.1028 Recently whenever I do a MBAM threat scan, it is detecting what is shown in the below screen shot. MBAM heuristics is detecting these. They occur after I modify applications within EMET 5.1. I am fairly certain these are valid registry entries that MBAM is alerting on.
  7. Ok. Back from a short vacation. Did a cold boot today after PC, WIN 7 x64 SP1, MBAM Pro latest ver., sat for a few days and no strange event log entries after the cold boot. Perhaps a hiccup up with this new ver. of MBAM after initial installation? Really don't know but problem appears to have corrected itself. Full scan with with Norton AV 2012 shows clean. Also clean with the latest version of Emisosft Anti-malware which I use as a stand alone scanner. Since this Anri-malware 7.0 ver. includes the Bitdefender engine, I feel confident I am clean.
  8. There is something definitely strange with this updated version. Today after I did a cold boot after the clean install I did using MBAM_Clean, etc. as noted above, I had over 60 WIN 7 firewall inbound blocks from svchost to/from IPs like 93.184.215.73, 50.17.232.268. Additionally I had an inbound a DNS block from NortonDNS which I use as my DNS server. I have never seen anything like this before. I beleive MBAM uses Ip 93.184.215.73 which is Edgecast. I did a few AV and anti-malware scans including Norton PowerEraser and I am clean as a whistle. Also no strange outbound activity per monitoring with TCPView. What I did notice that MBAM icon appeared immediately after desktop initiialization but it was gray colored for a minute or so. I will be out of town for a few days but will definitely post back if this weird cold boot activity persists. BTW - this doesn't occur on a regular restart.
  9. I had the same issue plus updates were not working right either. WIN 7 x64 SP1. I just uninstalled MBAM. Ran MBAM_Clean. Rebooted and downloaded latest ver. again and installed. Everything working now. My experience with MBAM updates on WIN 7 has no been good. Maybe MBAM should just instruct people to uninstall, clean, download latest ver., and install. Only takes a few minutes to accomplish.
  10. Kapersky is all over the place. Anywhere from 2MB when PC is idle to 100MB when is doing scanning, etc. It's memory management does appear to be fairly efficient in that it does release memory resources when not needed. BTW - There was an issue with my WIN 7 PC I did not mention previously. When I reinstalled MBAM Pro after running MBAM-clean and after KIS 2012 was installed. MBAM Pro was starting up immmediate at PC boot. I did checked mbamservice and it was set at auto delayed as it should be. Recently I reactivated MBAM Pro realtime protection including startup at boot time option. Guess what? MBAM Pro now starts up delayed. Go figure. I decided to use MBAM Pro real time protection again after throughly checking out KIS 2012 Web Virus protection and not being overly impressed. The URL protection is bogus to say the least. I used to think Norton's Safe Search held the record with the number of "good" web sites. KIS 2012 puts Norton's Safe Web far behind! Appears almost every site is OK to KIS 2012 URL protection with a few unknowns thrown in I guess to make it appear it is doing something. KIS Web Virus only scans Windows Script Host scripts and not JAVA scripts that contain most of the malware. I can go on but I think you should get the picture.
  11. Normally I would agree with you. However, I have KIS 2012 Web Site protection cranked up to max settings. Considering it has URL and dangerous web site blocking, hueristicis, phishing, and script protection, I feel I am adequately covered. As to the mbamservice.exe memory issue, I beleive it has a memory leak issue with the current version. Yesterday with realtime protection turned off, it was using 2.5MB. Today with no MBAM configuration changes it is using 4.3MB. Also yesterday when I had the PC on all day, mbamservice.exe memory just kept increasing in size. I beleive you as far as what you stated in regards to CNET . However if I were MBAM, I would order CNET to change it's download icon since It's format indicates that an installer/bundle is present. Whenever I see one of those icons, I look for another web site.
  12. Well, mbamservice went up to 46MB. So I watched it for a while in Task Manager when I was surfing. Most of the time, it used 0% CPU. So I have concluded it is doing nothing but using memory resources. So I have solved this problem. I have disabled real time protection. I do houly updating with a memory flash scan. That only has mbamservice using 2.5MB which is acceptable.
  13. Yesterday uninstalled all my existing security software; PrivateFirewall, Norton AV 2012, and MBAM Pro. Ran respective cleaners for Norton and MBAM. Installed Kapersky 2012 without incident. PC running great. This morning I installed latest version of MBAM. Set all exclusions for Kapershy and MBAM as recommended. Definitely did not download it from spyware monger CNET! Shame on you MBAM for using that outfit and having all your customers install CNET's tracking software. Anyway activated MBAM with my Pro license key. Guess what? Mbanservice.exe is currently using 33MB of memory; same amount allocated as previously. My advice - improve your product's resource allocation methods.
  14. As far as I am concerned, there are no legit keyloggers. Employers install them and spouses to spie on the signifigant other. Most malicious ones I know of would probably evade Kapersky's Safe Mode for on-line banking. Using KIS's virtual keyboard might help but some of these bad guys can trap that. I'll run the AKLT test and see how KIS does with keylogging protection enabled.
  15. Just installed KIS 1012 after uninstalling PrivateFirewall, Norton AV, and MBAM Pro. Ran clean tools for MBAM and Norton. One recommendation I will make is after running these clean tools, go into Device Manager and make sure nothing is hosed. Norton's removal tool hosed my USB card reader registry entries. Figures ... Uninstalled both and did a scan for new hardware and let WIN 7 reinstall them without incident. You really don't want to install something like KIS with hosed hardware. Installed KIS 2012 w/o incident now. Shaking it down presently. One interesting setting they had set off is keylogging protection. Don't now why that was set off. I am debating installing MBAM Pro's realtime and URL protection. KIS is literally monitoring every IE9 TCP connection for the same. From what I have determined from the KIS user manual, KIS realtime protection far exceeds anything in MBAM Pro's realtime connection. Plus after some pondering, I enabled KIS's cloud scanning. Really didn't like their data collection policy but I wanted that additional cloud protection. Finally pleasantly surprised with KIS performance so far. Previously had read all these negative comments about how KIS slowed browsers, etc. So far have seen none of that.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.