brino

Members
  • Content count

    20
  • Joined

  • Last visited

About brino

  • Rank
    New Member

Profile Information

  • Location
    Canada, Eh!
  1. Hi Aura, Thanks for the quick response. My intention for the thread was merely to alert users to not be too suspicious or surprised if they see the same thing. I looked at the hybrid-analysis page before I posted here for a way to report it as a false positive and did NOT find a way. After reading your response I went back and looked again.....I still did NOT see it. Perhaps I am just missing it (the page is very "busy"). Thanks, -brino
  2. Just a heads-up! The latest MBAM setup file "mbam-setup-2.2.1.1043.exe" is currently being flagged as malicious by Payload Security (hybrid-analysis) as seen here: https://www.hybrid-analysis.com/sample/5a141ea85724385ee7e68c10247e154bbd72ce1a656ebede99bb0fca5bb5974a?environmentId=4 This is then reflecting badly in the "Votes" and "Comments" pages also at Virus Total as seen here: https://www.virustotal.com/en/file/5a141ea85724385ee7e68c10247e154bbd72ce1a656ebede99bb0fca5bb5974a/analysis/1460499044/ I am sure this is a false positive, but apparently other are not. -brino
  3. Hi NipNip, In addition to daledoc's usual fantastic advice and instructions, I too am running the latest MBAM on multiple machines. I can say that I have never seen a problem with MBAM behaving poorly with anti-virus tools. I currently run it on several machines(mostly Win7 one WinXP) with Kaspersky Internet Security, ZoneAlarm Suite, Emsisift Antimalware and Online Armor firewall, or Microsoft Security Essentials. No system has special workarounds or exemptions for the "other" tool. MBAM plays very well with all the others! Stay Safe! brino Note: to be clear I run MBAM on each machine, but only only _ONE_ other tool with it. Since I have several machines I like to test and try the various tools against eachother.
  4. Sorry for the delay in reporting back. I meant to follow-up here with the outcome of my support ticket. After a few weeks of generating logs, cleaning-up files and turning off other programs options(*), we finally got to the heart of the issue. Basically Win7 has some file permission restrictions that do NOT allow MBAM to scan a file on a network drive. I originally noticed this behaviour when I upgraded from MBAM version 1.75 to 2.00.0.1000. Initially, I thought the problem was with the new version of MBAM. After a few weeks going thru a support ticket "Request #427533 right-click on demand scanning a file on NAS does not work" we determined that it was NOT an MBAM v1.75 vs. MBAM v2.00 issue, but instead a difference between WinXP and Win7! On WinXP both MBAM v1.75 and v2.0 can scan a file on a network drive. On Win7 neither MBAM v1.75 or v2.0 can scan a file on a network drive. Therefore I am convinced that it is an OS permissions issue. It is dangerous, because the pop-up _looks_ like it scanned and says all okay, but if you look closely it reports "Objects scanned: 0". It is very easy to miss it because it still takes time to run the "prescan", and the results screen has a green banner reporting "Scan completed successfully! No malicious items were detected!". Good Luck and Stay Safe! -brino (*) many items in the registry that looked really "wrong" to the support person were some rules generated by CryptoPrevent from FoolishIT. See http://www.foolishit.com/vb6-projects/cryptoprevent/. CryptoPrevent is an amazing program that seeks to block execution of a number of infection vectors. It started out as a prevention against the CryptoLocker malware, but really has many more uses. It can block execution of files like "runme.jpg.exe". How could that be useful? Many malware executables are spread as email attachements. Many not only fake their icons to look like a harmless picture, music or pdf files but also are named like photo.jpg.exe, song.mp3.exe, or document.pdf.exe. On computer systems set to "hide extrension of known file types" these bad files cannot be distinguished by icon or file name and may accidentally get executed. CryptoPrevent can also block running programs from "data" driectories, and this may cause hiccups with poorly written software. CryptoPrevent supports whitelist to help get aroud this issue. The way CryptoPrevent works is by injecting software restriction policies directly into the OS. Typically only "professional" versions of Win7 allow this kind of rule creation, leaving us "home" users out of luck. However CryptoPrevent can create the same rules and works with any version of Win7(and others). I am not associated with FoolishIT or CryptoPrevent, just a happy customer and big fan of clever solutions to common problems. See also: http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information
  5. Lazz and KBarry, Sorry for jumping into your conversation "uninvited". I spent a few weeks going back-and-forth on this same issue. I originally noticed this behaviour when I upgraded from MBAM version 1.75 to 2.00.0.1000. It started with this: https://forums.malwarebytes.org/index.php?/topic/145355-on-demand-scan-always-reports-objects-scanned-0/ Initially I thought the problem was with the new version of MBAM. After a few weeks going thru a support ticket "Request #427533 right-click on demand scanning a file on NAS does not work" we determined that it was NOT an MBAM v1.75 vs. MBAM v2.00 issue, but instead a difference between WinXP and Win7! On WinXP both MBAM v1.75 and v2.0 can scan a file on a network drive. On Win7 neither MBAM v1.75 or v2.0 can scan a file on a network drive. Therefore I am convinced that it is an OS permissions issue. It is dangerous, because the pop-up _looks_ like it scanned and says all okay, but if you look closely it reports "Objects scanned: 0". It is very easy to miss it because it still takes time to run the "prescan", and the results screen has a green banner reporting "Sacn completed successfully! No malicious items were detected!". I still believe this issue should be clearly published somewhere. Someone could easily get infected by installing something from a remote drive after they have scanned it and believe it to be clean. (Perhaps not on a mchaine with MBAM installed since as Lazz mentions it would have real-time protection, but perhaps on another machine.) Good Luck and Stay Safe! brino
  6. Thanks Firefox, I have followed your advice (and your link) and sent a request off to the support group. One more data point: My son's laptop has Win7 Home Premium and MBAB 1.75, and finds the Adware.Clicker in the same file on the NAS. So, based on what I have seen it appears that: -MBAM 1.75 properly scans and identifies problems with files on my NAS (on WinXP and Win7) -major: MBAM 2.00 does not properly scan files on my NAS, and therefore misses the problem -major: doing a clean uninstall of MBAM 2.00 and re-installing MBAM 1.75 does not fix the problem I admit all this cannot be 100% verified because I upgraded most machines to MBAM 2.00 before running this test, because I did know about the problem! Thanks again for your help! brino
  7. Hey Zom, I just downloaded those same links and ran them this week to provide info for my own issues, it's all good! Of course I also "Virus Totalled" them just like you did. I have seen them used repeatedly here and at bleepingcomputer, so I trusted them. btw, "paranoid" is good, that's why were all here! brino
  8. Okay, I finally got some time to run these things. All these logs are from "PC1" my main PC. Here are the logs from dds.com: DDS.txt Attach.txt Here is the log from mbam-check.exe: CheckResults.txt Here are the log files from FRST64.exe: FRST.txt Addition.txt My son will be home this weekend with his laptop; another Win7 machine, but it is still on MBAM v1.75, so I will be able to get another data point. Thanks again for the help! brino
  9. Jennifer, it maybe too late to help you, but maybe this can help others (Canuks or not). When I saw that MBAM was going to yearly subscriptions I did some looking around for a couple more lifetime licenses, since going forward they will still be honored. I found this site: http://store.downloadcrew.com/p29874-malwarebytes_anti-malware_pro still offering liftime licenses with a decent discount. I did not know this retailers reputation, however, I did some research and it looked legit. The transaction was thru CleverBridge, just like my first few licenses, and I could use paypal and download almost immediately. The deal is on for another 28 days, and worked fine for me in Canada. I wasn't sure it was okay to post the link to the discount here, but I see another one above, and I do believe the site is legit. (Admins please don't punish me if I'm wrong, but feel free to delete the link....) brino
  10. okay last update for the day....... After doing clean remove and reinstall of MBAM 2.0 on PC1 and PC3 both are acting the same. They both report "The scan completed successfully. No malicious items were detected" and "Objects scanned: 0". That's for a right-click scan of the same file: "X:\Windows_Apps\Unlocker\unlocker1.8.7.exe" that I know contains adware. Further, I tested one more PC. Let's call it PC4, it is WinXP SP3 but this one gets used more often and so was upgraded to MBAM 2.0. It properly detects "Adware.Clicker" in the same file. So basically, the results seem split along OS lines......two Win7 machines do not detect it; while two WinXP machines do detect it. One of those WinXP machines is running MBAM v1.75 and the other has MBAM v2.0. With PC1, even after a clean remove and "downgrade" to v1.75 it did not detect it. How certain are we that the clean removal removes all traces of MBAM v2? I still believe that v1.75 did actually scan files on my NAS. BTW, I doubt it matters, but the NAS is a D-Link ShareCenter, model DNS-320, firmware version 2.00. When I get some more time to play, I will get the logs asked for in post #5 from PC1. Thanks for "listening"....... brino
  11. Hi Guys, Having a few PC's each with it's own full MBAM pro license gave me some ideas. I tried a few things but did NOT get the results I expected. Lets call my main PC that we've been discussing up to this point PC1. Step 1 - On PC1 I did the "MBAM Clean Removal Process" to the letter, including turning off my antivirus and rebooting. Step 2 - On PC1 I reinstalled MBAM 1.75 to answer shadowwar's question in post #8 again with antivirus off and rebooting after, as in the guide. What I see is that MBAM 1.75 shows "The scan completed successfully. No malicious items were detected" and "Objects scanned: 0". This is when I scan the same file "X:\Windows_Apps\Unlocker\unlocker1.8.7.exe" that I know has some adware in it. I am 90% sure that my original MBAM 1.75 install did actually scan files on my NAS. Step 3 - I went to PC2, this one is WinXP SP3, and is seldom used, so I had not upgraded to MBAM 2 yet.... On PC2 MBAM 1.75 absolutely does scan the same exe file on my NAS because it comes back with a "hit" on "Adware.Clicker". It is also using a read-only user account on the NAS. Step 4 - I went to a third machine PC3 that is Win7 and I cannot get MBAM 2 to run. I tried it with right-click menu as "guest", I tried it as "admin". I rebooted and tried again, I turned off the other virus/malware product and tried again. I tried starting MBAM from the Start menu, everytime I get: With PC1 my intent is to run the Clean Removal again, but to install MBAM 2, I had originally installed MBAM2 "over" MBAM 1.75. If that still has problems I will get all the logs asked for in post #5. WIth PC3, I guess I'll do the same, that was also an install of MBAM 2 "over" MBAM 1.75. Hopefully I can get the cleans and reinstalls done tonight, these computers are used by my family, and I am trying to train everyone to scan things before they run them. It will be a setback if the scanning tools aren't working..... The logs(if required) will not be tonight. Thanks for the support!
  12. Hi Firefox, thanks for your attention. Would you rather have me collect all the logs that you asked for in post #5, or do the clean install you suggested in post #2? Either way takes a little effort, but if the debug data is useful to the development/support of MBAM I will certainly provide it. However, if the data collection is of little long-term use I may just do the clean install, which may fix the problem and I'm guessing destroy all the evidence. It's your call! Thanks, brino
  13. @John, Absolutely no hard feelings. In fact the more posts of yours I read the more respect you earn. I understand it can be difficult to read someones meaning when only seeing their typed words. Thanks, brino
  14. just found another little "funny" If I navigate from say the Dashboard to the Settings screen, it opens on the "General Settings" tab, so far so good. However, after I go to the any other tab (say the Automated Scheduling") I cannot get back to the "General Setting" tab. Wait, after playing with it for a while I noticed that the target area for the "General Setting" button just seems smaller than the others. Unlike all the opther buttons, I cannot click directly on the text in the button area, I need to move away from the center. Strange.... brino
  15. Thanks both for providing this great forum and for "listening" to user feedback! One item that confused me on first sight was the "Automated Scheduling" screen. I initially thought that the check-boxes would enable/disable the item in the same line. Now I believe you need to delete an item to disable it. Right? Also, why is it that you need to click a line to select it for "edit", but you have to check the select box to select it for removal? If I have two items in my list, one highlighted and the other checked then I will never remember which one gets deleted if I hit remove. Thanks brino