But I have to make it.
I think you mean du jour, meaning your favorite anti-malware scanner of the moment.
De jure means the opposite - one mandated by law and not affected by actual current practice.
Sorry....
Discussion on:
View:
Show:
I really appreciate it when I learn something like this. I was torn as to which spelling to use. My problem, I think was that I used the Wiki definition instead of a real source.
Thank you for pointing it out to me.
Thank you for pointing it out to me.
I think MBAM is a great program, but recently it failed to detect a hijacked machine by Antivirus 2009, a rogue program developed by Russians. So after trying with different anti-spyware programs I was surprised and impressed by another freebie: Super AntiSpyware, which it managed to clean out Antivirus 2009 completely off the infected laptop.
It was that "antivirus 2009" that prompted me to find mbam, which was the only thing that cleaned it up for me. (numerous machines)
You might be dealing with one of the variants that looks for mbam-setup" and disallows it's running. I've come across this a few times.
Simply rename the set up file to anything, I usually just delete the dash ("-") and it runs fine. I've also changed the default install folder for good measure, but I'm not aware this part is necessary.
BTW I have also seen where after installing mbam would not update. I asume this is a function of malware also. What I've done is either update manually by downloading the files to a USB drive and installing, or booted safe mode with networking.
In both cases a system that wouldn't update mbam updated fine and found/eliminated the cause.
You might be dealing with one of the variants that looks for mbam-setup" and disallows it's running. I've come across this a few times.
Simply rename the set up file to anything, I usually just delete the dash ("-") and it runs fine. I've also changed the default install folder for good measure, but I'm not aware this part is necessary.
BTW I have also seen where after installing mbam would not update. I asume this is a function of malware also. What I've done is either update manually by downloading the files to a USB drive and installing, or booted safe mode with networking.
In both cases a system that wouldn't update mbam updated fine and found/eliminated the cause.
I had a couple of computers that wouldn't update their different AV products and found one of the Vundu root-kit variants. Used the removal tool I downloaded from Grisoft's site.
Didn't think about renaming the MBAM install file. duh...
Didn't think about renaming the MBAM install file. duh...
Here is a screenshot of dependency walker tracking my attempt to run MBAM. In this case I got an error message. I have also gotten an "all clean" from MBAM, essentially a false negative.
http://img25.imageshack.us/img25/7139/trojanfakesoutmbamyg6.jpg
Please note that the error message is called up from a dll called imageres.dll. In the frame below, note how the image is adjusted to match the screen settings.
Other images of my trojan (?) at work are on this site also. Dependency Walker is the only app that has shown my problem--not how to fix it but at least it confirms the fact that something is happening.
When your client keeps telling you something is wrong with their computer but your tools say the computer is clean, consider running dependency walker to see if you are being exploited by the infection also.
Quirks
http://img25.imageshack.us/img25/7139/trojanfakesoutmbamyg6.jpg
Please note that the error message is called up from a dll called imageres.dll. In the frame below, note how the image is adjusted to match the screen settings.
Other images of my trojan (?) at work are on this site also. Dependency Walker is the only app that has shown my problem--not how to fix it but at least it confirms the fact that something is happening.
When your client keeps telling you something is wrong with their computer but your tools say the computer is clean, consider running dependency walker to see if you are being exploited by the infection also.
Quirks
http://www.greatis.com/vista/DLL/i/imageres.dll.htm
It seems that these can corrupt this file. The file is just a repository of shell icons. If something is calling an icon not in the file...
I love dependency walker.
Of course, any malware scanner can be fooled as long as it is loaded in the targeted operating system. It is best to boot from write-protected removable media to scan a possibley infected OS.
It seems that these can corrupt this file. The file is just a repository of shell icons. If something is calling an icon not in the file...
I love dependency walker.
Of course, any malware scanner can be fooled as long as it is loaded in the targeted operating system. It is best to boot from write-protected removable media to scan a possibley infected OS.
Third party themes/icons? Probably, just not by me. There are so many remote-ing, delayed restore, system control files in the sys32 folder that I cannot keep up, nor can I delete them. I do not own them, nor can I change the ownership.
Yeah dependency walker is wonderful. DW is recommended by computer forensic types but I cannot get any of the mainstream AV types (to whom I paid money) to appreciate what it is saying.
I agree about booting from the other media--I cannot get it to boot off a CD, says it will but does not as the corrupted files are loaded, not those from the CD. I change the BIOS, it changes it back before I can do anything. I have lost track of the clean installs, low level formats, etc. Nothing seems to touch it. I am really at a loss.
Please let me know if you have any ideas.
Thanks for looking at my post.
Yeah dependency walker is wonderful. DW is recommended by computer forensic types but I cannot get any of the mainstream AV types (to whom I paid money) to appreciate what it is saying.
I agree about booting from the other media--I cannot get it to boot off a CD, says it will but does not as the corrupted files are loaded, not those from the CD. I change the BIOS, it changes it back before I can do anything. I have lost track of the clean installs, low level formats, etc. Nothing seems to touch it. I am really at a loss.
Please let me know if you have any ideas.
Thanks for looking at my post.
I knew of dependency walker, but had not heard of any real experiences with it. Thanks to the both of you for subscribing to it. I will definitely add it to my tools.
as these errors can be fixed by uninstalling then reinstalling Malwarebytes.
http://www.malwarebytes.org/forums/index.php?showtopic=10138
http://www.malwarebytes.org/forums/index.php?showtopic=10138
Will MBAM (free version) remove my Win32.Zafi.b worm???
First, I'd like to comment that if anyone knows, Jacky does.
Second, I have been using MBAM since it was in beta and I've yet to have it negatively affect any computer that I've installed it on. That said, I wouldn't be adverse to at least suggest trying it.
Second, I have been using MBAM since it was in beta and I've yet to have it negatively affect any computer that I've installed it on. That said, I wouldn't be adverse to at least suggest trying it.
the only problems that I have faced recently is having to rename MBAM. willcomp calls it morphing and it will get blocked by the Virus, Malware if you don't rename it.
I am just now waiting for my first MBAM scan to complete... in the very recent past I've tried Zonealarm Extreme's scan, Avast's scan and Prevx' scan, and all have come out clean. But a minute into this scan MBAM tells me of five infected objects.
Very interesting. I'll keep you up to date on how it proceeds.
Update:Whew, turned out to be five counts of "broken.opencommand": five registry keys for batfile, comfile, piffile, scrfile and regfile, all of which point to NOTEPAD.EXE %1, instead of what MBAM expected. I assume I'm safe, or?
Very interesting. I'll keep you up to date on how it proceeds.
Update:Whew, turned out to be five counts of "broken.opencommand": five registry keys for batfile, comfile, piffile, scrfile and regfile, all of which point to NOTEPAD.EXE %1, instead of what MBAM expected. I assume I'm safe, or?
It is a zombie thread, but a good one, MBAM has gotten me out of few nasty spots from time to time, nice to remind people, just in case the missed it the first time around.
A fine tool.
A fine tool.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
