Discussion on:
View:
Show:
But I do appreciate the time and effort they put into their products so the rest of us can keep on working.
I've used Malwarebytes numerous times, and it outperforms almost everything else for the tough stuff. Sounds like the company is in the forefront again, with MWAR. I'll be downloading that shortly! I appreciate the pointers here,too, nice to get the down low on Chameleon.
Thank you!
Thank you!
As most always ........ Michael ........ you have given a very informational review of a product that most of us use daily but did not know about this product offering.
.
Bit Defender used to be top dog in my stable ........ but MBAM has surpassed them in ease and effectiveness [ in my opinion ] ........
.
Bit Defender used to be top dog in my stable ........ but MBAM has surpassed them in ease and effectiveness [ in my opinion ] ........
I count myself in that group. Marcin and Marcus did a great job of bringing me up to speed.
Malwarebytes is a great product. I can't even count how many people I have pointed to Malwarebytes. I meant nothing harsh when I said that it is just that rootkits are deep in the OS and when you tend to try to clean up and then fix things there, you could also tend to break things. MWB is taking on a huge project. I wish them luck. I don't envy them because they will be at the backbone of the OS. Once they start tackling rootkits I don't believe many consumers will understand the complexity of how MWB protects their PC.
I was just curious if you had a bad experience, as they want to know about those as much as the good ones. And Marcin and Marcus mentioned time and time again that this hasn't been easy, and why the beta testing is over a year old.
I've used MBAR twice now to remove rootkits from customer systems.
The first system had Vipre Internet Security on it, which the customer removed and replaced with WebRoot; which was disabled when I arrived on site. This system also was 3 months behind on Windows updates and was still running Java 7 update 2. I ran three tools: Windows Offline Defender, MBAM, and MBAR. I only ran MBAR after being unable to install updates from Microsoft (warning that updates could not be installed on a compromised system). MBAR found a rootkitted boot-sector (and backup boot-sector) which it cleaned and repaired.
The second system was similar, with the difference that the customer was disabling his Vipre Internet Security to play Halo 2 with his friends.
The first system had Vipre Internet Security on it, which the customer removed and replaced with WebRoot; which was disabled when I arrived on site. This system also was 3 months behind on Windows updates and was still running Java 7 update 2. I ran three tools: Windows Offline Defender, MBAM, and MBAR. I only ran MBAR after being unable to install updates from Microsoft (warning that updates could not be installed on a compromised system). MBAR found a rootkitted boot-sector (and backup boot-sector) which it cleaned and repaired.
The second system was similar, with the difference that the customer was disabling his Vipre Internet Security to play Halo 2 with his friends.
...talk about being behind the 8-ball!
It'll be nice to have an alternative to Combofix on some systems where it might not be the best idea to run it...
It'll be nice to have an alternative to Combofix on some systems where it might not be the best idea to run it...
Malwarebytes and MBAM handle many rootkit packages as good as other removers. Malwarebytes is now going after those that everyone has been missing.
That those others have been missing those Root Kits for a reason along the lines that they are difficult to remove and hard to keep the unit working.
They are not picking the easy jobs here but the hard ones that others simply don't bother with for a very good reason like It's Too Difficult.
I wish them luck as well because they are going to need it but if their previous offerings are anything to go by they will be very good at it as well.
Col
They are not picking the easy jobs here but the hard ones that others simply don't bother with for a very good reason like It's Too Difficult.
I wish them luck as well because they are going to need it but if their previous offerings are anything to go by they will be very good at it as well.
Col
Both Marcin and Marcus mentioned numerous times they will in no way jeopardize their reputation, so MBAR will be of the same caliber.
I thought I had read that somewhere but was unable to find it (getting old I guess), so I asked Marcus about it. Can you please tell me where you found that?
At the online stores Malwarebytes is about the ONLY one that doesnt give a $50 MIR bringing the total cost to $0.00, They all hope and Pray that most people wont ask for their rebates.
I can think of many definitions of MIR, but none seem to make sens in this case.
were having it on sale for anywhere from $11 to 14+change. I missed that because I never thought they'd go that route; but at least I got it for $19 several weeks later. My clients just don't know how to purchase downloadable software online - so these retail box versions are great!
I simply don't trust a system that has been compromised.
There are many people that do not understand or have the wherewithal to "nuke and restore."
It doesn't pay to take the time to wipe and reinstall if they have little to lose. I always explain this, and assure them, that since they do no online banking and shopping, the risk is minimal. Besides, many of the free solutions I push, work in an infected environment, so there is little worry anyway.
Still I always wonder about if there is just that one time that they do and as you know that's all it takes.
I give them worst case scenarios that fit their situation. After all most refuse to use puppy linux Live CDs, so we have to do something at least.
when you update to the new MBAM. I knew they were up to something when I saw that - and I knew it would be GOOD! 
After so long using the big red logo, it was very noticeable when this happened. Things are changing SO rapidly in the PC protection market, it is hard to keep up with it all!
Avast has upgraded to version 8 now, and has a funky GUI, but I REALLY like the new software updater. NO more fiddling with Secunia or File Hippo to try to get java to update. This is a fantastic addition to a venerable AV, and these two companies make a killer team.
After so long using the big red logo, it was very noticeable when this happened. Things are changing SO rapidly in the PC protection market, it is hard to keep up with it all!Avast has upgraded to version 8 now, and has a funky GUI, but I REALLY like the new software updater. NO more fiddling with Secunia or File Hippo to try to get java to update. This is a fantastic addition to a venerable AV, and these two companies make a killer team.
One of the best free programs out there! I use it all the time. The stealth run options have saved many a doomed computer on my watch!
I hadn't heard of Chameleon or the MBAR Beta, thanks for the heads up.
Love this software, it's great to know more about the guys behind it. It seems no matter how the removal process starts it always ends the same way, run MalwareBytes. Marcin, keep up the good work.
Love this software, it's great to know more about the guys behind it. It seems no matter how the removal process starts it always ends the same way, run MalwareBytes. Marcin, keep up the good work.
I am curious about Chameleon, but I can wait. I have no inclination to jump into a situation where it is needed.
I sincerely recommend MBAM as one of the best anti malware softwares on the market. It offers a lot of useful options and offers deep scans.
Don't forget that it was Sony Music Corp that put a rootkit onto their CDs a few years ago in order to try to prevent them from being copied onto computers and listened to.
I even wrote about it:
http://www.techrepublic.com/blog/10things/10-things-you-should-know-about-rootkits/416
http://www.techrepublic.com/blog/10things/10-things-you-should-know-about-rootkits/416
I can't tell you how many times malwarebytes has just closed on people toward the end of the scan because of an infection. Combofix has outperformed it and everything else. The only downside is that its not as easy for users, as it invovles turning off AntiVirus protection when it runs.
Malwarebytes makes a good product, but I usually go with the one that works everytime.
Malwarebytes makes a good product, but I usually go with the one that works everytime.
Some of the new z_access back-doors easily defeat Combofix. You really ought to try MBAM again. Me personally - I've never had a problem with MBAM, but then I use a lot of blended defenses too, so if one doesn't catch it the other one will.
I've also seen TDDSKiller defeated by new malware - the cleanup utility folks always have their homework cut out for them!
I've also seen TDDSKiller defeated by new malware - the cleanup utility folks always have their homework cut out for them!
I will always use these tools until they become unusable; they are still contenders. One of my favorites is Kaspersky's Rescue Disk 10, followed up with Super-Anti-Spyware. The good thing about SAS is that it does a thorough job even in normal mode.
If I go to someone's home or have their computer in my possession, I always try to run MBAM.
I've found that if they have one type of infection it may allow MBAM to run but will not allow it to clean things up. In other cases it won't run at all.
MY SOLUTION... Run MBAM in the Safe Mode!!! It will detect and remove any problems that it finds while in Safe Mode.
I typically also run the individuals AV after I run MBAM and normally delete everything either program finds. I'll also run Advanced System Care to perform some disk cleanup and tweaking for better performance.
Once I run those programs and delete the findings, I turn off System Restore to delete all previous Restore Points and I reboot the computer to ensure they are not in memory. Once the reboot completes I turn on System Restore and create a new Restore Point and name it accordingly so that they or I know that particular restore point is "clean".
I haven't tried MBAR as yet but am certainly going to based upon this article and readers commentary!
Thanks TR et al' for the good info, and don't forget that wonderful F8 key!!!
I've found that if they have one type of infection it may allow MBAM to run but will not allow it to clean things up. In other cases it won't run at all.
MY SOLUTION... Run MBAM in the Safe Mode!!! It will detect and remove any problems that it finds while in Safe Mode.
I typically also run the individuals AV after I run MBAM and normally delete everything either program finds. I'll also run Advanced System Care to perform some disk cleanup and tweaking for better performance.
Once I run those programs and delete the findings, I turn off System Restore to delete all previous Restore Points and I reboot the computer to ensure they are not in memory. Once the reboot completes I turn on System Restore and create a new Restore Point and name it accordingly so that they or I know that particular restore point is "clean".
I haven't tried MBAR as yet but am certainly going to based upon this article and readers commentary!
Thanks TR et al' for the good info, and don't forget that wonderful F8 key!!!
and I always follow up, or in fact try SAS first. Super-Anti-Spyware will get a lot of things in normal mode that other solutions can only root out in safe mode. Don't let the goofy name fool you; SAS is serious business. I must admit though - I don't recommend the paid version for my indigent clients - the free scanner is good enough. I can't say how it performs trying to install on an infected computer, but then it is time to get out Hiren's boot CD(flash drive) in some of those cases, or use any one of the venerable rescue CDs, like Avast's or Kaspersky's Rescue 10 CD.
Look for the Chameleon folder, it should be a subfolder under the MBAM folder. Start Chameleon and see if MBAM or MBAR runs then. Also there is a separate Chameleon tool on the website that will be as up-to-date as possible.
I've never had to do that yet, but then my clients all run MBAM Pro, and have it installed on the clean PC before they take a hit - so I'm not relating much experience here. Actually MBAM is the only paid solution I recommend buying. For $24 bucks or less(on sale), I just can't see a losing side to that; especially since it is a LIFETIME license. I do recommend folks password protect the console - I don't know if malware have been able to change settings on restricted accounts, but nothing would surprise me there - the new malware have had amazing abilities to manipulate files without setting off the UAC or needing much of any permissions from the system to do a lot of damage.
(edited) I have seen malware change settings on restricted accounts for other security solutions, but some of them have anti-manipulation features, so it depends on the solution how vulnerable they are to this factor. Prevx was one of them I witnessed damaging settings changes on, so I know that it needs a console password.
(edited) I have seen malware change settings on restricted accounts for other security solutions, but some of them have anti-manipulation features, so it depends on the solution how vulnerable they are to this factor. Prevx was one of them I witnessed damaging settings changes on, so I know that it needs a console password.
BTS.scour was a nasty product that hijacked my Google searches, and would periodically redirect my clicks on a search result to one of several content farms. Nowhere on the Internet could I find any instructions for cleanup that I felt I could execute with confidence. I ran the MalwareBytes rootkit beta, and it cleaned it out in one pass. Or so it seems... the redirect has not happened again since that. AVG, my regular free antivirus product, never spotted it in its rootkit scans.
MWB's (non-free; trial version) browser monitor also blocked several attempts by the virus to send information out from my computer, which MWB apparently did by comparing against a blacklist the IP address my computer was trying to communicate with. I was impressed every time I saw the warning pop up.
MWB's (non-free; trial version) browser monitor also blocked several attempts by the virus to send information out from my computer, which MWB apparently did by comparing against a blacklist the IP address my computer was trying to communicate with. I was impressed every time I saw the warning pop up.
I appreciate your taking the time to let us know about a real-world example of where MBAR helped.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
