Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes' Anti-malware


  • Please log in to reply
12 replies to this topic

#1 david28

david28

    Forum Member


  • Banned
  • 1,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 01 April 2008 - 11:42 PM

Hi :flowers:

I have noticed that Malwarebytes' Anti-Malware has been recommended quite a lot in the Am I Infected? What Do I Do? forum. I was wondering if this is a good tool to use as an on-demand scanner. Does anyone use this and if so, what do you think of it?

Replies will be greatly appreciated for this :thumbsup:

Regards,
David.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:28 PM

Posted 02 April 2008 - 12:55 PM

Its a very good program which I have used many times. We also recommend its use in several of our self-help guides for malware removal. You can read more about it at
Malwarebytes' Anti-Malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 02 April 2008 - 01:41 PM

having never ( yet) had cause to need or use it would you class it amongst the 'basic' scans that can be suggested for running as a preliminary 'check up'?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:28 PM

Posted 02 April 2008 - 04:02 PM

I use it and SuperAntispyware as 2 of the best in that area.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:28 PM

Posted 03 April 2008 - 12:03 AM

I use it and SuperAntispyware as 2 of the best in that area.



SAS and MBAM can fix a lot of problems, if you combine safe mode and know when to disconnect from the internet

and never force a safe boot

Edited by DaChew, 03 April 2008 - 12:04 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#6 david28

david28

    Forum Member

  • Topic Starter

  • Banned
  • 1,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 AM

Posted 03 April 2008 - 12:21 AM

Yeah my friend actuall came here for instructions on how to remove FileSecure or some other rogue anti-malware app and MalewareBytes' Anti-malware was recommended to him. Thanks for the replies, I will now use this along with SUPERAntiSpyware as on-demand scanners.

Regards,
David :thumbsup:

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:28 PM

Posted 03 April 2008 - 07:03 AM

MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:28 PM

Posted 03 April 2008 - 08:27 AM

2 questions marcin?

Could MBAM be run from safe mode and then rerun from normal mode for any reason?

Or vice versa?

thank you for a great program


the developer


Yes, either way will work. Removal functions are not as powerful in safe mode.. but then again, malware isn't either .. so it is a trade off.


march 7
Chewy

No. Try not. Do... or do not. There is no try.

#9 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 12 April 2008 - 10:23 AM

http://www.malwarebytes.org/mbam.php

Version: 1.11
File Size: 1.47 MB
Operating Systems: Microsoft Windows 2000, XP, Vista.


please prove me wrong; IS this program conpatible with computers running on older versions of windows such as 98se ?

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,854 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:28 PM

Posted 14 April 2008 - 08:21 PM

I would say not given what it says about supported operating systems.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#11 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:01:28 PM

Posted 15 April 2008 - 11:18 PM

Older Me computer running windows xp home
Fully updated, patched and protected by McAfee Security Suite
Lady's son downloads file from Limewire, computer loses internet and is in virtual lockup between McAfee and Vundo in normal mode, display adapter in troubleshooting mode in device manager

Computer is semi functional in safe mode but will lock up and lose desktop if give long enough

Normal mode is useless

Comcast has lady run McAfee in safe mode debug, it runs for 2 days and does not finish

I load basic tools and mcafee removal tool on a usb drive and transfer to infected computer in safe mode, uninstall Mac and run removal tool

Boot into normal mode and computer acts like it's fixed

Now I decided to test MBAM on this infection

very little of it showed in HJT

but
Malwarebytes' Anti-Malware 1.09
Database version: 532

Scan type: Full Scan (C:\|)
Objects scanned: 55536
Time elapsed: 11 minute(s), 56 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 18
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
C:\Documents and Settings\Owner\lsass.exe (Heuristic.Reserved.Word.Exploit) -> No action taken.

Memory Modules Infected:
C:\WINDOWS\system32\eagsbtjr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xxyvw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yayxyxv.dll (Trojan.Conhook) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07e50f7d-005c-482b-90d7-492ba0f50c10} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07e50f7d-005c-482b-90d7-492ba0f50c10} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{91223de9-f8e6-4ffd-8889-be6784c18696} (Trojan.Conhook) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91223de9-f8e6-4ffd-8889-be6784c18696} (Trojan.Conhook) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayxyxv (Trojan.Conhook) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{91223de9-f8e6-4ffd-8889-be6784c18696} (Trojan.Conhook) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LSA Shellu (Heuristic.Reserved.Word.Exploit) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyvw.dll -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\eagsbtjr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rjtbsgae.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xxyvw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wvyxx.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wvyxx.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yayxyxv.dll (Trojan.Conhook) -> No action taken.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\Fonts\a.zip (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\tuvvspq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nnnlljk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qomnoli.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqpqpq.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Owner\lsass.exe (Heuristic.Reserved.Word.Exploit) -> No action taken.
C:\dllhost.exe (Heuristic.Reserved.Word.Exploit) -> No action taken.

I then ran SAS, got the bad cookies, it found a couple of files, same for vundofix

all thru this the video adapter showed a exclaimation in device manager, removal and reboot solved that

I then ran ATF cleaner and SDFix from safe mode

sdfix found a couple more remnants

Edited by DaChew, 15 April 2008 - 11:21 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#12 Raymond Lee Leggs

Raymond Lee Leggs

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 24 January 2010 - 01:09 PM

McAFEE acts like malware

#13 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:01:28 PM

Posted 24 January 2010 - 03:02 PM

Talk about a blast from the past

Do you have a specific question in mind Raymond Lee?

Edited by garmanma, 24 January 2010 - 03:03 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users