Malwarebytes?

pigwalk

pigwalk

[H]F Junkie
Joined
Dec 14, 2004
Messages
8,396
Had anyone ever heard of or used MBM before all the AV 07/08/09 infections started going around? It does clean it up, used it once or twice. But I'd never heard of it before that, it doesn't seem to clean anything else up and a co-worker commented that the MBM install is formatted very similarly to the A/V 2009 popup?
 
Used it dozens and dozens of times...it's a very good product.
I also use SuperAntispyware, as well as Spybot Search and Destroy..when cleaning up infected PCs.

On the current wave of ZLob based trojans (vundu/smitfraud, etc)..all those that power these XPAntivirus2008/2009/Defender2008/SearchandDestroy5.20/Antivirus260 etc etc rogue programs, taking a shotgun effect with a bunch of tools is most effective.

Also CCleaner, AntiVir, NOD32, TCP/Winsock repair utility, and SDFix are additional good tools.
 
YeOldeStonecat said:
On the current wave of ZLob based trojans (vundu/smitfraud, etc)..all those that power these XPAntivirus2008/2009/Defender2008/SearchandDestroy5.20/Antivirus260 etc etc rogue programs, taking a shotgun effect with a bunch of tools is most effective.
Click to expand...

I agree, and those programs have been spreading like wildfire lately.
 
Carv said:
I agree, and those programs have been spreading like wildfire lately.
Click to expand...

The latest variant that came out this past week sucks....you can't even get to the login screen in normal mode or safe mode. Gotta slave the hard drive to another PC.
 
My PC uses a-squared free, Malwarebytes, SpyWare Blaster and SuperAntispyware.

Tend to use multiple anti-spyware programs than just one. Also do a full scan with Malwarebytes and SuperAntispyware.
 
I used to use Smit Fraud Fix as well, but that program is doing some funky things lately.

For one, it resets the clock to 24hr time format on any machine it's executed on.

And the virus alerts from SAV on the 404fix.exe file, while possibly bogus, are discomforting.
 
Malwarebytes is a good program, but beware if you have Antivirus 2009 or whatever the variant is. I've read some security bulletins that say the virus leaves behind root kits that MWB doesn't detect. We have been doing fresh installs if we see AV 2008/09.
 
ThatDood said:
Malwarebytes is a good program, but beware if you have Antivirus 2009 or whatever the variant is. I've read some security bulletins that say the virus leaves behind root kits that MWB doesn't detect. We have been doing fresh installs if we see AV 2008/09.
Click to expand...

SAS and AntiVir (bootable CD) do a good job at removing, as well as slaving the drive and scanning with Eset.

We've had good luck cleaning high numbers of them..and with full time clients...we'd hear if the malware resurfaced again..and it isn't if you do a thorough job and do your homework in reading up on removing them.
 
I recently worked on a buddy's PC that was infested with all sorts of viruses, especially the AV 2009.

I cleared the computer entirely out with the normal methods: had to reboot into safe mode, used Housecall flash-based scan to clear up some of the viruses, that way I could install AVG/Avira/etc

Cleaned with Adaware, spybot. I really liked Malwarebytes, it kept catching part of what I think was the main virus infestations (Vundo.trojan) , but I couldn't shake the AV 360 which had somehow replaced the AV2009.

Comodo firewall kept catching the files spawning but I couldn't find the real source. I finally gave up after about a week. I didn't have an XP home disc to reinstall his XP (he didn't have a Dell restore disc) so I had to track down an XP HOME OEM and I just nuked the whole thing, and set up Norton Ghost lightsout restore so he can restore back to this clean state if he gets it again somehow.

Ugh. This was the first virus infestation that was so bad that I couldn't shake it. Malbytesware was doing a pretty decent job though so I've added that to my pool of good spyware tools.
 
YeOldeStonecat said:
The latest variant that came out this past week sucks....you can't even get to the login screen in normal mode or safe mode. Gotta slave the hard drive to another PC.
Click to expand...
I had a user bring their personal notebook the other day. The system would not boot to desktop in either Standard start up, or Safe mode. Unfortunately, I don't have a notebook HDD dock, so I had to wipe the drive.

I also encountered some malware that was blocking the installation of the late October release of Malwarebytes. I had to grab the Dec 3rd release in order to install it and clean off the 2 hijackers.
 
Malwarebytes seems to have a bit of a leg up on SuperAntiSpyware right now, especially with this new stuff that's out.

It is considerably slower in scanning than SAS though.

Malwarebytes site has been down all day. I wonder if it's due to the cable cut.
 
bigdogchris said:
I had a user bring their personal notebook the other day. The system would not boot to desktop in either Standard start up, or Safe mode. Unfortunately, I don't have a notebook HDD dock, so I had to wipe the drive.

I also encountered some malware that was blocking the installation of the late October release of Malwarebytes. I had to grab the Dec 3rd release in order to install it and clean off the 2 hijackers.
Click to expand...

We finally got it clean..took 2x days (part time). Slaved drive to another..which got most of the stuff. This variant def needs an out of Windows scanning.
 
I had a co-worker run into that that also required slaving. MWB was then able to clean it.
 
pigwalk said:
Had anyone ever heard of or used MBM before all the AV 07/08/09 infections started going around? It does clean it up, used it once or twice. But I'd never heard of it before that, it doesn't seem to clean anything else up and a co-worker commented that the MBM install is formatted very similarly to the A/V 2009 popup?
Click to expand...


Maybe it's a huge conspiracy:eek:
 
Thank god for Malwarebytes. It was the one program that removed that crap off my computer. I was trying to update Windows but couldn't get automatic updates to turn on at all and turned out it was this virus thing going around.

All is good now.
 
YeOldeStonecat said:
SAS and AntiVir (bootable CD) do a good job at removing, as well as slaving the drive and scanning with Eset.

We've had good luck cleaning high numbers of them..and with full time clients...we'd hear if the malware resurfaced again..and it isn't if you do a thorough job and do your homework in reading up on removing them.
Click to expand...

I guess it just depends on what you do on your computer. If you check your bank accounts, credit cards, etc... I just say backup the machine and do a fresh install. Our security officer also said to do a fresh install. Better safe than sorry, but to each his own.
 
If we can get MBAM to run (which sometimes is half the problem), it will usually fix most problems. For AV 2009 (and the like) I start with avenger, delete the TDSSsys.dll driver (which seems to do most of the damage) and do the standard MBAM, Spybot, SAS, CleanUp and CCleaner from that point on.
 
I have had MBAM find lots of other stuff besides just the AV08/09 crap.
 
BoogerBomb said:
Thank god for Malwarebytes. It was the one program that removed that crap off my computer. I was trying to update Windows but couldn't get automatic updates to turn on at all and turned out it was this virus thing going around.

All is good now.
Click to expand...

Just cleaned a computer with the same issue, had a DNS trojan that would replace the DNS on any adapter no matter if you change it in the registry or not amongst 100 other things wrong with it. MWB worked for me!
 
jonw757 said:
Just cleaned a computer with the same issue, had a DNS trojan that would replace the DNS on any adapter no matter if you change it in the registry or not amongst 100 other things wrong with it. MWB worked for me!
Click to expand...

thats a really bad one huh. I heard about it. www.paypal.com shows up as www.paypal.com but your giving all your information to a bad guy. Thats a really scary one. Look for the certificate :S
 
Hey guys I don't mean to thread jack but I keep seeing different programs thrown up as being good spyware programs. I've picked out 4 and can't seem to narrow it down. They are SAS, Spybot, Malwarebytes, and a-squared. I was wondering which one/ones should I use alongside my AV (Nod32)?
 
ThR!LL said:
Hey guys I don't mean to thread jack but I keep seeing different programs thrown up as being good spyware programs. I've picked out 4 and can't seem to narrow it down. They are SAS, Spybot, Malwarebytes, and a-squared. I was wondering which one/ones should I use alongside my AV (Nod32)?
Click to expand...

Shouldn't have a problem with any/all of them. If you're cleaning an infected computer...the more good programs you use, the better your chances of a successful cleaning.
 
Johnnyscans said:
If we can get MBAM to run (which sometimes is half the problem), it will usually fix most problems. For AV 2009 (and the like) I start with avenger, delete the TDSSsys.dll driver (which seems to do most of the damage) and do the standard MBAM, Spybot, SAS, CleanUp and CCleaner from that point on.
Click to expand...

exactly what i do.

avenger to delete
safemode - cleanup! then mbam
normal windows - spybot for a ltitle final, ccleaner, all windows updates, final nod scan

or i use ERD and delete TDSS manually.

another thing that works good to, is ERD and a system restore then cleanup.
 
How are people getting these things on their systems? I understand ignorant users, but techies really shouldn't have problems with this right? Unless I am missing something.
 
Sean said:
How are people getting these things on their systems? I understand ignorant users, but techies really shouldn't have problems with this right? Unless I am missing something.
Click to expand...

I don't know how people do it either. It must be their quest for free pron.:D
 
Sean said:
How are people getting these things on their systems? I understand ignorant users, but techies really shouldn't have problems with this right? Unless I am missing something.
Click to expand...

It's not just porn sites, video codecs, and warez/p2p/torrent stuff anymore....it's legitimate websites getting hacked...with the code for drive by installs getting injected into the site.

Just 2x weeks ago I was doing some research for a thread on the auto bailout crises over on our forums...I was on one of the main UAW websites. UAW = United Auto Workers...it's a legit website. I was in one section looking for membership dues...and BLAM....soon as I clicked on one of the hyperlinks to another page within their site....Antivirus 360 started to try to install on my system. The ActiveX request came up.....and soon as I closed that..the graphics for that scanner engine started loading..then NOD32 popped up. So I brought up task manager and killed Firefox. Problem gone...but..just illustrating that it happens to innocent people doing innocent things now-a-days.

A client of mine, an accounting firm, one of their machines caught a partial install before she could back out of it. One website they have to log into on a weekly basis to do transfers to the UK..got hijacked..and she had the partial install of whatever name the Vundu variant went by early last summer...XPAntivirus 2008 or Defender 2008..soemthing like that.
 
ThR!LL said:
Hey guys I don't mean to thread jack but I keep seeing different programs thrown up as being good spyware programs. I've picked out 4 and can't seem to narrow it down. They are SAS, Spybot, Malwarebytes, and a-squared. I was wondering which one/ones should I use alongside my AV (Nod32)?
Click to expand...


You can (and should) use more than one antispyware/malware software. It's Antivirus that you don't want to combo up on.
 
One of my users yesterday reported her infection came when she visited the Cracked Magazine web site.

YeOldeStonecat said:
It's not just porn sites, video codecs, and warez/p2p/torrent stuff anymore....it's legitimate websites getting hacked...with the code for drive by installs getting injected into the site.

Just 2x weeks ago I was doing some research for a thread on the auto bailout crises over on our forums...I was on one of the main UAW websites. UAW = United Auto Workers...it's a legit website. I was in one section looking for membership dues...and BLAM....soon as I clicked on one of the hyperlinks to another page within their site....Antivirus 360 started to try to install on my system. The ActiveX request came up.....and soon as I closed that..the graphics for that scanner engine started loading..then NOD32 popped up. So I brought up task manager and killed Firefox. Problem gone...but..just illustrating that it happens to innocent people doing innocent things now-a-days.

A client of mine, an accounting firm, one of their machines caught a partial install before she could back out of it. One website they have to log into on a weekly basis to do transfers to the UK..got hijacked..and she had the partial install of whatever name the Vundu variant went by early last summer...XPAntivirus 2008 or Defender 2008..soemthing like that.
Click to expand...
 
YeOldeStonecat said:
It's not just porn sites, video codecs, and warez/p2p/torrent stuff anymore....it's legitimate websites getting hacked...with the code for drive by installs getting injected into the site.

Just 2x weeks ago I was doing some research for a thread on the auto bailout crises over on our forums...I was on one of the main UAW websites. UAW = United Auto Workers...it's a legit website. I was in one section looking for membership dues...and BLAM....soon as I clicked on one of the hyperlinks to another page within their site....Antivirus 360 started to try to install on my system. The ActiveX request came up.....and soon as I closed that..the graphics for that scanner engine started loading..then NOD32 popped up. So I brought up task manager and killed Firefox. Problem gone...but..just illustrating that it happens to innocent people doing innocent things now-a-days.

A client of mine, an accounting firm, one of their machines caught a partial install before she could back out of it. One website they have to log into on a weekly basis to do transfers to the UK..got hijacked..and she had the partial install of whatever name the Vundu variant went by early last summer...XPAntivirus 2008 or Defender 2008..soemthing like that.
Click to expand...

No I completely get that. Tech's really should know to use a GOOD AV/Malware program. You know one you pay for. It's been shown over and over that the free ones don't make the cut. I've seen it in the real world, and in testing. I go to questionable sites in my research, and alot of .ru domains. I get hit often by warnings, but never in my life have I had an infected system. It is about the education of the users that makes it. It's always an uphill battle however. Blah.
 
Sean said:
No I completely get that. Tech's really should know to use a GOOD AV/Malware program. You know one you pay for. It's been shown over and over that the free ones don't make the cut. I've seen it in the real world, and in testing. I go to questionable sites in my research, and alot of .ru domains. I get hit often by warnings, but never in my life have I had an infected system. It is about the education of the users that makes it. It's always an uphill battle however. Blah.
Click to expand...

What are the best pay for malware/spyware programs?
 
Sean said:
It is about the education of the users that makes it. It's always an uphill battle however. Blah.
Click to expand...

I agree there. Educating them is an uphill battle. Literally a steep steep hill, impossible to climb that hill.

Also remember, we're on the cutting edge here..we see this stuff with our own eyes all the time, if not at least read about it at tech forums.

End users though, they don't know. "Rogue antivirus programs" like this relatively new XPAntivirus/Defender, etc stuff....it's barely been on the scene for 1 year, and they don't know about it. Plus it looks "legit"..and that's what these malware writers are going for. It looks like authentic Microsoft warnings...designed to "dube" the end user.
 
Im bookmarking this thread..

Got a quick question, what is ERD and MBAM?..

Just collecting infos just in case someday..

Ive been using my PCs for years without Antivirus programs.. Dont like them loading up at startup..
 
Don't know about ERD but MBAM is MalwareBytes AntiMalware. The only AV program I use is AVG Anti-Virus, the free version. It loads pretty darn quick. Quick enough that I don't notice it.
 
ERD = Emergency Repair Disk

I <3 MBAM. Just a few hours ago I was cleaning up my granddad's PC over LogMeIn.com. Since it's hard to do work on an offline computer that is over 300 miles away I had no choice but to open up the task manager and shutdown every task possible. (and was that a battle, everything but CTRL+SHIFT+ESC was defeated by "SpyGuard 2008"). Took a long time, he still uses a Celeron 600 with 384MB of RAM.
nervous542ho2.gif
 
hstuehmeyer2000 said:
Malwarebytes is good but a-squared is better.
http://www.emsisoft.com/en/software/free/
Click to expand...

I used to use A-Squared until I found out it was A-=Squared that was crashing my task bar due to its right click context menu item. Probably fixed now but cost me hours of trouble shooting to find out the cause and of course I was blaming Nvidia driver when all along it was A-Squared causing it. Why do you think it is better than Malwareybytes though? A-Squared never alerted me to any issues so I can't give it a proper appraisal if there was never anything bad on my PC.
 
Sean said:
How are people getting these things on their systems? I understand ignorant users, but techies really shouldn't have problems with this right? Unless I am missing something.
Click to expand...

Unless you run your browser 100% the time with no scripting services at all then it is easy to get malware on your system by simply using google search and clicking on random search links. It is impossible for someone to know 100% of the time which sites are safe and which are not. Has nothing to do with going to porn sites either as malware authors are now targeting top search items in google. I don't get infected because I use noscript in Firefox but most people do not want the hassle of using noscript.
 
You must log in or register to reply here.
Back
Top