Jump to content


Photo

wildman424 Beta Test report


  • Please log in to reply
21 replies to this topic

#1 wildman424

wildman424

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 1,684 posts
  • Gender:Male
  • Location:USA

Posted 10 November 2010 - 10:01 PM

ok so far:
I installed the beta over the free 1.46 I already had installed no problem
updated right after installation no problem
first scan detected the Spybot S & D IE tweak that was on the exclusion list in the 1.46 version the exclusion didn't carry over to the newer version
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> No action taken.
[41a4ee258b750af65bb5cf4c3ec7a060]

bought a license and went pro :lol:

tested IP Protection
IP Protection successfully blocked the test page :lol:
20:45:15	wildman424	MESSAGE	Protection started successfully
20:45:24	wildman424	MESSAGE	IP Protection started successfully
21:00:33	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
21:00:36	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
21:00:42	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
21:00:50	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
21:00:53	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
21:00:54	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
21:00:57	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
21:00:59	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
21:01:03	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
21:01:11	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
21:01:14	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
21:01:20	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)

checking for conflicts now
Wildman424
malware fighter

#2 wildman424

wildman424

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 1,684 posts
  • Gender:Male
  • Location:USA

Posted 11 November 2010 - 02:59 AM

compat test

avast - mbamservice.exe is being detected by avast memory scan without & with exclusions

WinPatrol - no issues found

S&D's TeaTimer - no major issues found
Windows Defender - no major issues found

2:30am updated no problem

a couple of flash scans took forever
13 mins
14 mins 7 seconds
5 mins 26 seconds - more like it
4 mins 54 seconds - even better

:lol:
website blocking disabled itself for a while have no clue how or why or how long its been off
Wildman424
malware fighter

#3 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,015 posts
  • Gender:Male

Posted 11 November 2010 - 03:40 AM

website blocking disabled itself for a while have no clue how or why or how long its been off

If you'd just updated the database this is normal. It will temporarily disable itself and then re-enable itself as a new database is loaded. It will also create entries in your protection log:
00:12:18	Exile7x64	MESSAGE	IP Protection stopped
00:12:20	Exile7x64	MESSAGE	Database updated successfully
00:12:20	Exile7x64	MESSAGE	IP Protection started successfully

Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#4 wildman424

wildman424

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 1,684 posts
  • Gender:Male
  • Location:USA

Posted 11 November 2010 - 12:21 PM

If you'd just updated the database this is normal. It will temporarily disable itself and then re-enable itself as a new database is loaded. It will also create entries in your protection log:

00:12:18	Exile7x64	MESSAGE	IP Protection stopped
00:12:20	Exile7x64	MESSAGE	Database updated successfully
00:12:20	Exile7x64	MESSAGE	IP Protection started successfully


thanks Exile that appears to be the case
02:30:32	wildman424	MESSAGE	IP Protection stopped
02:33:20	wildman424	MESSAGE	Database updated successfully
02:33:32	wildman424	MESSAGE	IP Protection started successfully

started a full scan before going top bed it completed successfully in 2 hour(s), 14 minute(s), 43 second(s)
Malwarebytes' Anti-Malware 1.50 Public Beta
www.malwarebytes.org

Database version: 5094

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/11/2010 5:31:57 AM
mbam-log-2010-11-11 (05-31-57).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 281393
Time elapsed: 2 hour(s), 14 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

updated this morning no problems

I got this error late last night not sure if its related to the beta I've never seen it before

[attachment=45303:unknown_error.jpeg]


nothing else to report right now :D
Wildman424
malware fighter

#5 wildman424

wildman424

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 1,684 posts
  • Gender:Male
  • Location:USA

Posted 11 November 2010 - 01:36 PM

I had a hang & crash here's what happened the UI was already running I had it minimized it automatically updated then launched a new user interface to perform a post update flash scan it ran a couple of seconds and crashed

11/11/2010 1:13:22 Application Hang Error None 1001 N/A EMACHINE-7AF6B9 Fault bucket -2114611105.

11/11/2010 1:13:22 Application Hang Error None 1001 N/A EMACHINE-7AF6B9 Fault bucket -2114611105.

11/11/2010 1:07:08 Application Hang Error (101) 1002 N/A EMACHINE-7AF6B9 Hanging application mbam.exe, version 1.46.0.195, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

11/11/2010 1:06:52 Application Hang Error (101) 1002 N/A EMACHINE-7AF6B9 Hanging application mbam.exe, version 1.46.0.195, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

I have the crash dumps there too big to attach even in an archive where should I send them

from dump 1
[attachment=45310:appcompat.txt]
[attachment=45311:manifest.txt]

from dump 2
[attachment=45313:manifest.txt]
[attachment=45312:appcompat.txt]
Wildman424
malware fighter

#6 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Root Admin
  • PipPipPipPipPipPip
  • 4,148 posts
  • Gender:Male

Posted 11 November 2010 - 03:31 PM

Just a note -- certain exclusions will unfortunately not roll over and will need to be re-excluded. We apologize for the inconvenience.
Marcin Kleczynski
Chief Executive Officer



Follow us: Twitter, Become a fan: Facebook

#7 wildman424

wildman424

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 1,684 posts
  • Gender:Male
  • Location:USA

Posted 11 November 2010 - 03:39 PM

Just a note -- certain exclusions will unfortunately not roll over and will need to be re-excluded. We apologize for the inconvenience.


no problem sir :D

what about them crash dumps from this morning ??
Wildman424
malware fighter

#8 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Root Admin
  • PipPipPipPipPipPip
  • 4,148 posts
  • Gender:Male

Posted 11 November 2010 - 03:48 PM

I'm pretty sure we are able to reproduce the issue in-house, however, if you can upload them somewhere and send me a link or private message me the crash dump I will make sure it gets to the right team.

Thanks!
Marcin Kleczynski
Chief Executive Officer



Follow us: Twitter, Become a fan: Facebook

#9 brandon23

brandon23

    New Member

  • Members
  • Pip
  • 22 posts

Posted 11 November 2010 - 04:02 PM

where did you get the test page?

#10 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,015 posts
  • Gender:Male

Posted 11 November 2010 - 04:31 PM

where did you get the test page?

The test page is iptest.malwarebytes.org :D
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11 Guest_Jezza_*

Guest_Jezza_*
  • Guests

Posted 11 November 2010 - 04:39 PM

I'm delighted to report that I installed today 1.50 Beta with no problems whatsoever on PC and Netbook both of which have Windows XP SP3 Home Edition installed.

The browser on both PC and Netbook is Internet Explorer 8. Antivirus Avast Professional Edition

Congratulations to the Malwarebytes team!

Jezza

#12 brandon23

brandon23

    New Member

  • Members
  • Pip
  • 22 posts

Posted 11 November 2010 - 04:48 PM

The test page is iptest.malwarebytes.org :D

thanks

#13 wildman424

wildman424

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 1,684 posts
  • Gender:Male
  • Location:USA

Posted 11 November 2010 - 08:05 PM

not sure if the ip blocking is working correctly it blocks the test page and a few dangerous sites ip's I've tested it against so far ( looks like they had the same ip ) will test some more when I get a chance.When it blocks an ip I don't think I'm getting all the details in the balloon notification or the log I'm only getting the IP and the direction & not the port & the associated process

[attachment=45342:ip_protection.jpeg]

the log is saying its turning on and turning off after only a couple of seconds but its still blocking the ip's looks like its not update related this time :D
18:06:00	wildman424	MESSAGE	IP Protection stopped
18:06:19	wildman424	MESSAGE	IP Protection started successfully
18:06:20	wildman424	MESSAGE	IP Protection stopped
18:06:30	wildman424	MESSAGE	IP Protection started successfully
18:11:49	wildman424	MESSAGE	IP Protection stopped
18:12:00	wildman424	MESSAGE	IP Protection started successfully
18:12:00	wildman424	MESSAGE	IP Protection stopped
18:17:00	wildman424	MESSAGE	Scheduled scan executed successfully
18:18:27	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing) - test page
18:18:30	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
18:18:36	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
18:18:48	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
18:18:51	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
18:18:57	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
18:47:51	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
18:47:54	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
18:48:00	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
18:48:12	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
18:48:15	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
18:48:21	wildman424	IP-BLOCK	216.245.195.237 (Type: outgoing)
18:53:10	wildman424	IP-BLOCK	90.156.178.18 (Type: outgoing)
18:53:13	wildman424	IP-BLOCK	90.156.178.18 (Type: outgoing)
18:53:19	wildman424	IP-BLOCK	90.156.178.18 (Type: outgoing)
18:53:29	wildman424	IP-BLOCK	90.156.178.18 (Type: outgoing)

Wildman424
malware fighter

#14 wildman424

wildman424

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 1,684 posts
  • Gender:Male
  • Location:USA

Posted 11 November 2010 - 10:59 PM

got an issue

see topic Double Trouble http://forums.malwar...showtopic=67388
Wildman424
malware fighter

#15 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,015 posts
  • Gender:Male

Posted 12 November 2010 - 02:13 AM

The additional details about IP blocks are only available on Windows Vista and higher (as stated in the changelog), unfortunately Windows XP and Windows 2000 just don't contain the API's to make it possible.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#16 wildman424

wildman424

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 1,684 posts
  • Gender:Male
  • Location:USA

Posted 12 November 2010 - 05:58 AM

The additional details about IP blocks are only available on Windows Vista and higher (as stated in the changelog), unfortunately Windows XP and Windows 2000 just don't contain the API's to make it possible.

oh nuts :D well time for an upgrade huh my friend :D


flash scans with the system idle

TT = TeaTimer
WP = WinPatrol
WD = Windows Defender
MB = Malwarebytes RealTime Protection

m = minutes
s = seconds

1m 10s with WD off
1m 8s with WP & WD off
1m 9s with TT off WP & WD off
1m 9s with TT off WP & WD off & all temp files cleaned
1m 7s just WP & MB on
1m 18s just MB & WP & TT on
1m 21s nothing but MB on
1m 15s just MB WP & TT on
1m 33s with MB & TT & WP & WD on

notes about early reported flash scan results
13 mins -my fault too many things running
14 mins 7 seconds -my fault too many things running
5 mins 26 seconds - system wasn't completely idle
4 mins 54 seconds - system wasn't completely idle

flash scan after update was disabled but still ran hung at 11 seconds before continuing I was online doing my class work so the system was pretty busy at the time

getting ready to scan the system with Spybot see if I can duplicate that false positive that other fella reported

that's all for now
Wildman424
malware fighter

#17 wildman424

wildman424

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 1,684 posts
  • Gender:Male
  • Location:USA

Posted 13 November 2010 - 04:41 AM

I didn't get anything done today will have a report tomorrow
Wildman424
malware fighter

#18 wildman424

wildman424

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 1,684 posts
  • Gender:Male
  • Location:USA

Posted 13 November 2010 - 02:00 PM

This mornings Quick Scan results
Malwarebytes' Anti-Malware 1.50 Public Beta
www.malwarebytes.org

Database version: 5108

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/13/2010 1:05:51 PM
mbam-log-2010-11-13 (13-05-51).txt

Scan type: Quick scan
Objects scanned: 165881
Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Wildman424
malware fighter

#19 GT500

GT500

    Mostly Cantankerous

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 6,250 posts
  • Gender:Male
  • Location:Fortville, IN

Posted 13 November 2010 - 02:06 PM

flash scans with the system idle

...


Are you rebooting before each scan? The disk caching can effect the scan times if you do not. :)

For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...


#20 Swandog46

Swandog46

    Elite Member

  • Administrators
  • PipPipPipPipPip
  • 958 posts
  • Gender:Male

Posted 15 November 2010 - 05:49 PM

The crash bug will be fixed for the 1.50 release build. Thank you for your feedback! :)
Doug Swanson
Chief Technical Officer

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users