exile360

Administrators
  • Content count

    16,446
  • Joined

  • Last visited

About exile360

  • Rank
    exile

Contact Methods

  • Website URL
    http://www.malwarebytes.com

Recent Profile Visitors

105,170 profile views
  1. PUP

    No, PUPs generally don't present any real threat and are typically just potentially annoying more than anything else. As long as your scans are coming up clean you should be just fine
  2. In addition to blocking malware, we also block scams (phishing etc.) as well as certain types of websites which host content which presents a risk/potential risk to the user, including some which may or may not be illegal. I suspect (though I do not know for certain as I do not work for the Research team) that the latter is the case here; basically that the content of the page might be illegitimate/illegal (though again, I'm not certain on this point) and/or the site might present a risk/potential risk to the user. I know that we do in fact block many fake pharma websites and it is possible that this one is blocked for similar reasons, though again, I do not know for certain.
  3. If I'm reading this correctly, your example describes a capability that the software doesn't have; i.e. adding custom IPs/domains to the block list. Certainly, if we had such a capability in the software (which in itself is a nifty idea and one we've long been considering to possibly add one day), then I definitely think having a comments section would be useful. As for having a comments section for exclusions, I don't see it as being quite as useful personally, but there's certainly nothing wrong with the suggestion either.
  4. We do generally try to block these when we find them via our Malicious Website Protection feature, however tons of new ones show up every day as this has become an extremely prevalent means of scamming people. If you find such a website and can make a note of the address, it would be most helpful if you reported it in our Newest IP or URL Threats section of the forums located here so that our Research team might add it to our block list. As for dealing with one of these pop-ups when they show up, the best method I've found is to open Task Manager by pressing CTRL+Shift+Esc on your keyboard or right-clicking on the taskbar at the bottom of your screen and selecting Start Task Manager and then locating your web browser's process in the list of running processes then right-clicking on it and choosing End Process. Click Yes when Task Manager asks for confirmation and the browser should close, ridding you of the annoying persistent pop-up/message/audio from the webpage. Just note that it will also most likely close any other pages/tabs you had open.
  5. Yes, as daledoc1 stated above, Malwarebytes Anti-Malware Premium/Trial users can selectively disable one or all protection components should that be necessary in order to perform any of the tasks you describe. All a user needs to do is right-click on the Malwarebytes Anti-Malware tray icon located in the notification area near the system clock on the taskbar and click on the protection component they wish to disable as shown in the below image: Once either or both protection components have been disabled, a notification will be displayed above the tray that looks something like this and MBAM's tray icon will have a red ! next to it: Once the user is done with whatever tasks they needed to perform with protection disabled they may click on the Fix Now button within the notification to turn all protection components on again or, if the user dismissed the notification via the X in the upper right side of the notification, they may right-click on the tray once more and click on each protection component to check/enable it again. The same tasks may also be performed using the settings located in Malwarebytes Anti-Malware's main UI under Settings->Detection and Protection.
  6. Chameleon actually already does this as part of its routine prior to scanning the system for malware. It checks all running processes and terminates any it identifies as malicious. The actual MBAM scan handles detecting and removing the actual files along with their loading points which might exist in one or more of the system's startup locations. The issue with the infection you link to above is that until the user terminates that process which is displaying that message box/warning screen, the user can't get to Malwarebytes Anti-Malware to run it so adding anything to MBAM to allow it to kill processes wouldn't do any good in cases like this because you'd still need to bring up Task Manager to kill the malicious process/block screen in order to access Malwarebytes Anti-Malware and get it running. Of course for Premium users with protection enabled, MBAM should block the threat from installing/launching into memory in the first place so those users wouldn't need any special procedure or instructions to deal with the threat as MBAM would take care of it on its own, removing the file(s) from the system and placing them in quarantine.
  7. Is this not at least partially moot now that individual domains/URLs can be excluded (as well as blocked as of 2.0), not just IP addresses? If possible, I'd highly recommend only excluding domains rather than IPs anyway, since the safe site you wish to exclude might share an IP address with some nastier malicious content (usually the case if you find we're blocking an IP where a domain lives that you know for a fact to be safe). If we're blocking something on an IP level rather than a domain level it's likely because there are many malicious pages hosted on that IP. It's sort of like a heuristics def where we use one big block to stop a whole bunch of malicious content.
  8. Moved to the False Positives section so our Research team can get this corrected.
  9. I suspect this is the reason it's failing to exclude the connections. Please try excluding the actual path where the EXE resides as indicated in the block notifications (the D:\Util\... path). That should hopefully resolve it, but if not, then please proceed with the instructions provided by AdvancedSetup above.
  10. Over at Wilders Security Forums they have an unofficial support thread for Shadow Defender here. Also, they have quite a bit of info on such tools in general in the section of the forums where that thread is found. Wilders is a great resource for doing research on a lot of the security software and tools out there as they have a vast and varied community of users all sharing their experiences with a very wide variety of software and tools.
  11. You're welcome. Apologies, when I split the topic I didn't realize it would cause the forum software not to transfer the follow topic setting. In my opinion that's a bug so I'll check with our forum software provider to see if we can change/fix that. I'm glad that it helped. Hopefully it resolves it as well as the other issues once and for all for you. Please keep us updated on how things go and of course let us know if you need any further assistance with this or any other issues. Thanks
  12. If the search provider you're attempting to use is actually "start-search.com", which is a known PUP (Potentially Unwanted Program) according to some due to being used for displaying advertisements and sponsored search results (rather than listing standard results ranked based on relevance to your search terms/keywords), then it is possible that your antivirus, anti-malware or anti-spyware software is removing it from your browser and resetting your search settings to use Google instead. If this is the case and you actually wish to continue using start-search (which I personally do not recommend, though it is of course your choice), then you will need to determine which program is detecting/blocking/removing it and add it to that program's exclusions or ignore list.
  13. Well, I had hoped that I was onto something but both of those registry locations are identical for each user account. Unfortunately I'm at a loss so here are our options at this point. Let me know what you decide and we'll proceed accordingly: Migrate your personal files, documents and other items such as web browser favorites/saved shortcuts to the new user account where the software functions and then delete the old/original user account (or you may perform the migration and simply not use the original user account any more if you wish, though personally I'd remove it since we do not know just how extensively it might be corrupted and what other problems may arise with other programs should you use it in the future so it's pretty much just wasting space at this point). Await AdvancedSetup who will be returning tomorrow from his time off and continue to work with him to see if he can think of anything that I haven't so far in searching for a solution to make the user account function as it should. Lastly, and this is the most extreme option but based on how the new user account behaves it shouldn't be necessary yet is still worth considering in case you have reason to suspect that whatever has caused this might somehow effect even your new user account in some way (i.e. even though Malwarebytes works, perhaps even the new user account might have issues we haven't discovered yet if the original problem is the result of some damage or corruption which is system-wide); you can backup all of your files and data and reinstall Windows. At this point, that would be the only way to be absolutely certain that whatever has caused the malfunctions will truly be fixed and rendered incapable of causing any future issues. To be honest, I hate coming across an issue like this and not being able to at least determine where the problem lies, especially when it directly affects the functioning of our company's own software because if we could determine what's really causing this, there might be steps we could take to prevent it from affecting Malwarebytes Anti-Malware and Malwarebytes Anti-Rootkit in a future release by making the software capable of working around or possibly even correcting whatever system issue has caused it. But of course, you've already given up a substantial amount of your time and energy to troubleshooting this and I am grateful to you for sticking with us as long as you have, but I'm sure that there are other things you could be doing with your time and computer which would be more productive for your own work and personal purposes. No matter what you decide, I wish you the best of luck and I thank you for choosing our software and for coming to our forums for help. Let us know what you decide and we'll proceed however you wish. Thanks
  14. Yes, I saw that as well and came to the same conclusion. Since restoring the registry backup didn't change/remove any files or folders it forced Windows to change the directory name so that they could both exist. Thanks for the files. I'll take a look.
  15. OK, nothing in the logs is really sticking out to me but I did find another location that we should check. Please do the following: Now, restart your computer and log into the new user account you created where Malwarebytes Anti-Malware does run and please do the following: First, from your original user account where Malwarebytes will not run: Create a Batch File: Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor): @echo off reg export "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" "%userprofile%\desktop\SF1.reg" reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /s>"%userprofile%\desktop\SV1.txt" del /f /q %0 Once you've done that click on File and select Save As... In the Save dialogue box click on the drop down menu next to Save as type and select All Files Name the file Folders.bat(the .bat extension is very important) Save the file to your desktop and double click it to run it. Next, from the new user account you created where Malwarebytes runs: Create a Batch File: Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor): @echo off reg export "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" "%userprofile%\desktop\SF2.reg" reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /s>"%userprofile%\desktop\SV2.txt" del /f /q %0 Once you've done that click on File and select Save As... In the Save dialogue box click on the drop down menu next to Save as type and select All Files Name the file Folders.bat(the .bat extension is very important) Save the file to your desktop and double click it to run it. Attach the 2 .reg files you just exported (SF1.reg and SF2.reg) along with the two text logs you just created (SV1.txt and SV2.txt) to your next reply. Thanks