sys-eng

Thanks, I have Process Monitor so I will try that. I believe it is as I first suspected - Avast scanning something and Malwarebytes picked up on it.

advancedsetup: I believe you misunderstood my question. Do you have any ideas why Avast would be listed as the process for this block?

I have noticed several times that Malwarebytes IP blocker stopping attempts to access websites that I am not trying to go to. The latest one is in the log as: IP-BLOCK 212.117.183.163 (Type: outgoing, Port: 60501, Process: avastsvc.exe) Any idea why avastsvc.exe would be blamed for this? I am guessing that a link to this IP was in an e-mail message that came into Outlook and was scanned before I could open or delete it but I would not think that Avast was actually trying to go to the site. Any ideas?

I don't use Postini. I am reluctant to give Google that kind of access considering their privacy and security policies. Anyway, I believe that between the mail provider (AT&T), Avast and Malwarebytes, the messages should have been flagged or stopped completely.

I applied for a reseller account on Feb. 9, 2010 and have not heard a word since. I sent private messages as requested too but still nothing. I am setting up a new laptop today and wanted to load Malwarebytes Pro on it - - but still no account. B)

The file is being modified either by program routines or by bad guys so there is currently many variants of it. I recieved several versions this week. Avast detected the first version I received a few days ago but none of the morphed ones. Malwarebytes did not detect any of them. BlueHost, AT&T, and Yahoo e-mail scanners are not detecting it yet. VirusTotal and VirSCAN both indicate over 30% detection of malware. The original version I received 3 days ago received about 60% detection. The file is included as an attachment to an e-mail such as the one below: From: UPS Support Darcy Bates [package@ups.com] Subject: UPS Delivery Problem NR 45688. Hello! Unfortunately we failed to deliver your postal package sent on the 25th of January in time because the recipient

Having Malwarebytes on USB Flash Drive or CD would not help me unless it was bootable. Now a bootable disk would be very helpful but Malwarebytes scanning would be limited to a definition file rather than activity. At least that is my understanding. At least removing the files may allow Malwarebytes to load in Normal Mode and finish the cleaning.

Thanks Samuel. The paragraph above would be a nice addition to the program help file. I have helped people over the telephone remove infections in Safe Mode with Malwarebytes free because that is the only mode that they could run it. I then instructed them to reboot in Normal Mode and run Malwarebytes again. I don't know of another option for these users. When I have the PC, I can boot from CD and scan the disk drive but this type of scan cannot be done remotely - - particularly when the infection has blocked internet connection.

I entered a suggestion for "Safe Mode" operation to be included in the program's help file. Currently, there is no mention of it. Having it on this forum is not so good because infected computers often cannot access the internet and most often should be disconnected from the internet.

jholland1964: I believe your answer is in Post #4. Malwarebytes is designed to run in Normal Mode; however, it will run with some features in Safe Mode. Some types of infections are easier to remove in Safe Mode because they are designed to operate in Normal Mode.

That is good to hear. I applied for a reseller account a couple weeks ago but have not heard back yet. I want to strongly encourage customers to buy the Pro version to prevent these problems. I was extremely disappointed that SystemTools got past Avast!. I have used Avast! for over 5 years but I have lost some confidence in it.

I recently worked on a PC with XP that had Avast! and Malwarebytes (free) running. It was infected with a fake antivirus program calling itself "SystemTools". Neither Avast! or Malwarebytes prevented the infection and neither could remove it because it filled the desktop with pop-ups. I rebooted the system in Safe Mode and successfully removed SystemTools with Malwarebytes. After rebooting to Normal Mode, another scan revealed no infections. So while Malwarebytes operates best while windows is in Normal Mode, it may not be able to remove some infections in Normal Mode. The Help window of Malwarebytes does not find anything when Safe Mode is searched. It would be good to add some instructions there about it. I hope Malwarebytes Pro would have prevented the infection but I don't know for sure.

After the system is left on for 24 hours, mbamservice.exe is using about 45-MB. What seemed strange is that when it is using >70-MB, its CPU usage is not increased. I would assume that it would use more memory when it is working more but I don't see that is Task Manager. I have a wish feature that would be a huge step but I beleive there is another thread for that.

Thanks for the info. I just looked, and it is using 79.4-MB of RAM this morning. This version is using about twice the memory of any previous version (except to the 1.43 with memory leak) so I became suspicious. I suppose that is the new normal for mbamservice.exe.

This version did correct the escalating memory creep I was experiencing with v 1.43. How much memory should mbamservice.exe be using running v 1.44 on Vista 32? When I look at Task Manager, mbamservice.exe is using about 72-MB even before running a scan. It doesn't slowly creep up and sometimes it even drops to about 68-MB. It is the largest user of RAM on my system until I launch Visio or Photoshop. I'm just wondering if that is normal? Thanks.