Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is this Malwarebytes Fall from Grace?


  • This topic is locked This topic is locked
18 replies to this topic

#1 smipx013

smipx013

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:53 PM

Posted 26 October 2014 - 12:44 PM

I will not double post.  I logged a question on the MBAM forums and with MBAM support and I am sad to say that MBAM will no longer be recommended nby my repair shop to customers.  This is because it misses one of the most common and annoying pieces of Cr*pware / PUP / Potentially unwanted program's out there - namely My PC Backup and its brothers and sisters.  The worrying thing is that it does not miss it by accident wither.  It seems it is a concious decision of MBAM to allow it to pass.

 

Please see here:  https://forums.malwarebytes.org/index.php?/topic/159227-malwarebytes-pro-did-not-block-my-pc-backup-pup/?hl=%2Bbackup#entry894830 

 

This is obviously only my own view but it is a concern.

 

Thanks

Paul

 

 



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:53 PM

Posted 26 October 2014 - 05:34 PM

I can't speak for the development team about their decision in regards to My PC Backup but I do know they have a good track record in dealing with PUPs when compared to other vendors. In fact, Malwarebytes Anti-Malware revised their policy, taking a more aggressive approach.
* Malwarebytes Adopts Aggressive PUP Policy
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:53 PM

Posted 27 October 2014 - 11:02 AM

This is most definitely a PUP. It is agressively promoted through almost every adware installer I have tested.

#4 smipx013

smipx013
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:53 PM

Posted 27 October 2014 - 12:04 PM

The thing is - I don't really have much clout with MBAM and I was hoping that someone from Bleeping might.  I talked to a support person who shall remain nameless and this is how it went:

 

*** PLEASE READ FROM BOTTOM UP ***
 
Anyway – their mainstream Hitman Pro just removed a test install of My PC Backup as it’s clearly MALWARE so that’s better than MBAM!!  Those in glass houses should not throw stones and all that 
 
 
From: support@malwarebytes.org [mailto:support@malwarebytes.org] 
Sent: 26 October 2014 18:53
To: SMIPX013
Subject: Re: Functionality : MBAM not detecting very common PUP. [updated]
 
## Please type your response at the top of this reply. ## 
Your request has been updated. To add additional comments, reply to this email.
________________________________________
 
<name removed for privacy>., Oct 26 11:52 AM:
If that state that, they're full of BS.
________________________________________
 
SMIPX013, Oct 26 11:39 AM: 
I believe Hitman pro.alert detects the first attempt at encryption like behaviour and then blocks the process. Hense the fiels are never encrypted and you are protected.
________________________________________
 
<name removed for privacy>., Oct 26 11:37 AM:
We can remove it but no program will recover the encrypted files.
Removing it is easy.
No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. Just because one anti-virus or anti-malware scanner detected threats that another missed, does not mean its more effective. The security community is in a constant state of change as new infections appear and it takes time for them to be reported, samples collected, analyzed, and tested by anti-vendors. Every vendor's virus lab and program scanning engine is different. Each has its own strengths and weaknesses and they often use a mix of technologies to detect and remove malware.
________________________________________
 
SMIPX013, Oct 26 11:28 AM: 
J Have you seem Hitman Pro.alert Its free and protects against Cryptoguard and other ransomware programs.
________________________________________
 
SMIPX013, Oct 26 11:26 AM: 
And also- Hitman Pro finds it and removes it as well as Emsisoft. These are both malware removers that compete with Malwarebytes on many levels when it comes to malware and virus removal technicians like myself.
________________________________________
 
<name removed for privacy>., Oct 26 11:26 AM:
Paul,
I don't make the decision's of what is flagged.
I can only guess the installer changed.
That's why exile360 asked you what he did.
I'm sure you know infections such as Ransomware that is encrypting files, the installer / infector gets changed every day and that's why there's no known tool to fix this infection at this time.
It's no different with any PUP or Infection. If we don't get samples, we can't add it.
________________________________________
 
SMIPX013, Oct 26 11:16 AM: 
Hi,
It used to be detected by MBAM but now it’s not. I’m not going to resubmit. Not because I can’t be bothered – clearly I am very bothered about it but only because I know it is known about by MBAM already and I believe that you made a conscious decision to allow it. Please correct me if I am wrong though.
Cheers
Paul
________________________________________
 
<name removed for privacy>., Oct 26 11:05 AM:
Paul,
Detection ratio: 10 / 54
Of the 10 at VirusTotal, what type of program are they?
Anti-Virus
MBAM isn't a anti-Virus program and not meant to repalce a AV.
I see your topic in our public forum and if you follow post # 3 for one of our administrators (exile360) it might get added.
________________________________________
 
SMIPX013, Oct 26 10:54 AM: 
That makes no sense. How come 10 other providers of malware products to detect and remove it
________________________________________
 
<name removed for privacy>., Oct 26 10:45 AM:
Legally if we flag a legit program like My PC Backup, we'd get sued,.
That's why your anti-virus program won't flag it either.
Contact them and ask why it was installed without your knowing.
Also if you remember where you get it, contact their support.
________________________________________
 
SMIPX013, Oct 26 10:14 AM: 
Potentially unwanted would you say? Thought that was the whole point of 
pup detection?
Cheers,
Paul
 
Sent with AquaMail for Android
 
--- Original message ---
From: support@malwarebytes.org
Date: 26 October 2014 13:39:34
Subject: Re: Functionality : MBAM not detecting very common PUP. [updated]
To: SMIPX013 <paul.smith.panda@gmail.com>
________________________________________
 
<name removed for privacy>., Oct 26 06:39 AM:
I read what you posted.
"My PC Backup" is a legit program.
IMO, Crapware, but it's a legit program.
Google it: "My PC Backup"
My guess is when you updated your Java or Adobe Flash Player
Next time you update your Java or Adobe Flash Player make sure you remove the check mark / tick from adding the additional add-on if you don't want it.
Installers Hall of Shame
________________________________________
 
SMIPX013, Oct 26 06:19 AM: 
I don’t need help removing it. I’m a computer repair professional. I need MBAM to detect it in the first place. Please re-read the question.
Many thanks
Paul
________________________________________
 
<name removed for privacy>., Oct 26 06:13 AM:
 
<REMOVAL INSTRUCTIONS REMOVED FOR BREVITY>
________________________________________
 
SMIPX013, Oct 21 01:17 AM: 
Hi,
 
I have my MBAM pro set to treat PUP's as malware. I today tested my Malwarebytes Pro to see if it would block on the infamous "My PC Backup" malware and it simply let it install and run. Most disappointed is putting it very mildly. I tested it because I have a friend who was infected and she also used MBAM. I wanted to see if her MBAM install was bad of if it was consistently being missed.
 
Its the latter and now im wondering why I bothered to pay good money for it?
 
Thanks
SMIPX013


#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:53 PM

Posted 27 October 2014 - 02:42 PM

Wow, this support person is full of contradictions. They claim that antiviruses or MBAM won't detect MyPCBackup because they would get sued, but when shown the virustotal detections they just go on about how MBAM is not an antivirus, and ignore answering it.

Also, HitmanPro Alert and Emsisoft have behaviour blockers which stop ransomware from running and encrypting files. I know Emsisoft has always been able to stop any new ransomware which comes out, and HitmanPro Alert should be able to as well (I haven't heard it not).

 

I think that MBAM should add MyPCBackup as a PUP, it's what most would considered as one.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 Without_A_Monitor

Without_A_Monitor

  • Members
  • 335 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:03:53 PM

Posted 27 October 2014 - 03:31 PM

It does seem awfully dubious as to why MBAM would deliberately allow MyPCBackup. Additionally, to follow up Toffee's post, the MBAM support personnel is evidently engaging in fallacious arguments as Toffee stated. He intentionally ignores main points of other posters' content and changes the subjects from what other posters are focusing on. Fallacies are not reasonable or trustworthy approaches to arguments or business.

#7 smipx013

smipx013
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:53 PM

Posted 27 October 2014 - 04:13 PM

Phew - I'm glad it was not just me that thought that folks.  I am seriously reviewing my patronage of MBAM in favour of Emsisoft and / or Hitman Pro. I know HMP is not real time but who cares - its so good at removing the dross that I will just get my customers to run avast free and then install HMP to run once they get an infection.  I think the HMP at £18 per year represents a better value proposition (MBAM is similar cost) OK MBAM is for 3 machines at that price but still - that's potentially 3 computers that will get infected with PUP's that should not be allowed.

 

there we are - I've said it!


Edited by smipx013, 27 October 2014 - 06:47 PM.


#8 Without_A_Monitor

Without_A_Monitor

  • Members
  • 335 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:03:53 PM

Posted 27 October 2014 - 07:14 PM

Just to let you know, smipx, I have EMSIsoft. In my humble opinion, it is superb. I have that alongside ESET NOD32. The combination is great (or I think so.)

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:53 PM

Posted 27 October 2014 - 09:22 PM

I think that MBAM should add MyPCBackup as a PUP, it's what most would considered as one.

I agree and just don't understand the MBAM Team's reluctance with this one since they generally have such an agressive policy.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 smipx013

smipx013
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:53 PM

Posted 28 October 2014 - 03:46 AM

I reckon they got a threat from them and they bottled it.



#11 ldtate

ldtate

  • Security Colleague
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 PM

Posted 28 October 2014 - 08:01 AM

Smipx013,

 

Hi,  I don't need any expert help on Malware and PUP removal but thanks for the offer.  It's what I do for my job :-)

 

 

If that statement is true, you should know not every program is 100%.

 

Like I told you:

I don't make the decision's of what is flagged.
I can only guess the installer changed.

 

 

 

You were asked but instead of trying to get this crapware added, you refused.

 

It's possible that there's a reason our Research team hasn't classified that software as PUP, however if you have a link to the software and/or the installer for it, you may post them in a new topic here for our Research team to review it and determine whether or not we should be detecting it.

 

https://forums.malwarebytes.org/index.php?/topic/159227-malwarebytes-pro-did-not-block-my-pc-backup-pup/

 

 

Hi,  I don't need any expert help on Malware and PUP removal but thanks for the offer.  It's what I do for my job :-)

 

 

 

 

Do you really know what a PUP is?

 

Potentially Unwanted Programs (PUPs)

Some browser plug-ins are being bundled with free software and most commonly computer users install it without realizing it.

Such shady advertising have caused a bad reputation and many computer users think that these add-ons are a virus or malware which have infiltrated their computers without their consent.

In reality these browser plug-ins are not a **virus** or **Malware**, it's a Potentially Unwanted Program (PUP) application which installs on user's computer together with free software or other browser add-ons. These are legit programs that some users want. We list them as **PUPs** and leave it up to you as to whether or not you want to keep it.

A good example is when you update your Java or Adobe Flash Player

Next time you update your Java  or Adobe Flash Player make sure you remove the check mark / tick from adding the additional add-on if you don't want it. 

Installers Hall of Shame
http://www.calendarofupdates.com/updates/index.php?showtopic=16109

 

 

There are many "legit", PUP programs like MyPCBackup

Ask.com

Conduit

And many others that people really use.

They don't "just get installed".

 

As any security company, you don't "just" flag or remove them "just" because you don't like them.

They are "optional" to use or remove.

 

 

I'm not sure what your motive here is.

Promoting Hitman, maybe?

I'm sure Lawrence is interested that Hitman pro.alert detects the first attempt at encryption like behaviour and then blocks the process.

 

You refused help and refused to help us get the crapware added.

 

 

 


 

 
 
 
 

 

 

 


MVP_Blue.png

Microsoft MVP Consumer Security 2006-2014

 

LDTate


#12 smipx013

smipx013
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:53 PM

Posted 28 October 2014 - 11:02 AM

I have no motive other than to highlight the shortcomings I found and hilight those packages that do detect the PUP and remove it successfully..  

I take exception to any inference otherwise.  

 

I remove malware for customers daily and this piece of software is one I encounter on a regular basis. I have over 25 years of experience in IT as a systems engineer and over 10 years fighting viruses PUP's and malware

on a daily basis. I also worked for an online backup company for 5 years as a systems engineer and technical presaels engineer so I know a little about online backup companies and their offerings.

 

I have no at allegiances all (apart from the fact that I have supported MBAM for many years by getting customers to pay for it and even paying for some licences for myself many moons ago).

 

MBAM staff know about the product so I see no need to resubmit it. If they didn't then they jolly well do now right?

 

I am fully aware what a PUP is thank you - it appears that Malwarebytes don't in my humble opinion.  "My PC Backup" IS A PUP according to myself and most of the received wisdom on malware busting sites like Bleeping Computer and MBAM 

does not detect it or offer the chance to block its installation as far as I can tell in my testing.

 

If you are a representative of Malwarebytes then I'm sorry to offer my opinion that you seem to be contradicting yourself again???

 

Let's call that an end to the matter and malware fighters of the world can draw their own conclusions.  Please know who you are speaking to in future before you start to cast aspersions.

 

 

Thanks

Paul 



#13 ldtate

ldtate

  • Security Colleague
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 PM

Posted 28 October 2014 - 11:52 AM

Please know who you are speaking to in future before you start to cast aspersions.

 

OMG, you are so full of yourself.

 

Gee who could have guessed: An engineer no less.

 

Malware fighters who work in the forums already know the difference between malware and pup's.

 

But you are right, best to let a Admin close the topic.

 

 


MVP_Blue.png

Microsoft MVP Consumer Security 2006-2014

 

LDTate


#14 smipx013

smipx013
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:53 PM

Posted 28 October 2014 - 12:12 PM

I'm sure you're right. I am not here to bicker with you.  



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:53 PM

Posted 28 October 2014 - 12:22 PM

Since all points of view have been expressed and the MBAM Development Team is aware...IMO this topic has run its course and continuation would not serve any more purpose.

If the BC Admin thinks otherwise, they can reopen it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users