Malwarebytes

[Glenn]

If you are unlucky enough to be infectd with Anti-Virus 2008/9 then you will know how difficult it is to remove. Malwarebytes does it with ease, I have used it on several laptops at work with success each time http://www.malwarebytes.org/

[Simon]

Thanks Glenn. 

[Glenn]

It finds more Trojans than Ad-Aware, Spy-Bot, and Superantispyware

[D-Dan]

You may want to check out my review of anti malware at http://www.techsupportalert.com/best-free-adware-spyware-scumware-remover.htm (where MalwareBytes anti malware did rather well)

I hope this won't be seen as free advertising for what is essentially a free web resource.

Steve

[somanyholes]

glad to see you mentioned threatfire in your review. I think it's a great little app.  It's picked up on many things i have been doing that could easily have been malicious.

[D-Dan]

Is it just me - or do you find Threatfire can be a little too aggressive? With me - it prevented installation of ATI catalyst - and it took me weeks to work out it was ThreatFire stopping it.

Steve

[somanyholes]

Steve.I think this blog maybe of interest to you. Worth adding to rss etc.

http://ddanchev.blogspot.com/

[somanyholes]

Is it just me - or do you find Threatfire can be a little too aggressive?

wrong person to be asking really, i like aggressive 

[Simon]

I hope this won't be seen as free advertising for what is essentially a free web resource.

Steve

I see it as good, impartial advice from a trusted member, Steve. 

[Sebby]

wrong person to be asking really, i like aggressive 

Whatever you get up to in your own time is your business.

[Rik]

 

Good stuff guys, I'm going to sticky this.

[Simon]

Stickier than Sticky the stick insect, stuck on a sticky bun?

[Rik]

Indeed, thoroughly blackaddered.

[jane]

I can't believe no-one's noticed the typo yet? 

[Rik]

Which one, Jane - there are so many around here normally.

[jane]

In the header .......... Male-ware-bytes 

[Rik]

Oops! A karma for spotting it. 

[jane]

Oo thanks....the site's down at the moment as well

J.

[Rik]

So's the typo.

[Inactive]

So's the typo.

Spoil sport, I missed it.. 

[Rik]

Actually it was there from the outset, just none of us spotted it.

[Inactive]

I couldn't see it, even after Jane commented about it.

[Rik]

I'd probably removed it by then.

[Simon]

It doesn't usually take you a second to spot mine!   

[Rik]

Some are more spotlit than others. I once typed, of my boss at Adobe, that he was just going to bad as I was getting up. I did, of course, mean bed, due to the 8 hour time difference. I was never allowed to forget it though.

[Sebby]

[Noreen]

New Malwarebytes' Anti-Malware Version 1.32 available.

Just noticed that this has also been posted elsewhere.

[Simon]

Thanks Noreen. 

[Rik]

Better twice than not at all, Noreen. 

[Aaron]

Can give a recommendation to Malwarebytes as well, I use it in combination with SAS once I dumped AdAware and Spybot S&D some months ago.

[Niall]

I haven't used Adaware for well over a year as it missed a hell of a lot of things. I still use Spybot though, which has just had a big update. I like Spybot and it's kept my network (via my mums PC) clean!

I'll have a nose at this malwarebytes though as there's no harm in checking.

[Noreen]

For those using Malwarebytes a new version is now available

New in this version:
1. (FIXED) Minor cosmetic issue during removal process.
2. (FIXED) Minor problem with false positives.
3. (FIXED) Silent update no longer displays message on program update.
4. (ADDED) New heuristics for Vundo infections.

[Ray]

Thanks, Noreen, now updated. 

[quandam]

Downloaded the prog. Found five infections that Spyware Doctor had missed some 30 mins before Thanks.

[Rik]

Sorted. 

[Noreen]

I don't use Malwarebytes at the moment. I did install it a couple of weeks ago but then removed it because it was taking so long to do a complete scan. No doubt people will say that that's because it's being thorough but I stopped it after it was taking over an hour to scan my C drive, it still had E, F and G to go. Is that usual?

[Rik]

I don't know, tbh, Noreen, it stalled completely on my machine.

[sobranie]

Temped to kick Ad aware off now I've Malwarebytes on. Any reasons why not pls?

[Rik]

None at all, I think Ad aware has had its day.

[sobranie]

Cheers Rik. Never that keen on ad-aware.

[Rik]

Me neither, as it happens.

[Sebby]

Ad-Aware has definitely had it's day. It was good maybe 3-4 years ago, but there's better alternatives out there these days.

[Gary]

Malwarebytes does not need to do a complete scan every time, the quick scan finds most things, the full scan does take longer but is more thorough, like any deep analysis it will take time, quick scans with Malwarebytes and superantispyware are all you need really along with a good AV and HIPS system, even spywareblaster has had its day of being useful, these programs were created when the net was a less dark place, people say safe browsing helps, but a malicious iframe can install a virus and spywareblaster will not help you I have seen that on a few friends PC's sadly, you would be better off with a hosts file, but even thats not really very proactive. These day as before a layered approach is a must but with more cunning defences than before, something with a decent HIPS system like Defencewall or Kaspersy internet security 2009 which monitors each program and gives gives it different rights and can sandbag a program thus stopping it in its tracks help, as does not running as an Administrator, even though people complained about UAC in Vista with its popups asking for permission, which are really few and far between I think, but that one simple act has really helped make that OS safer than XP no matter what your views on it are as an OS, running with full admin rights is a disaster with Windows. Turning on DEP system wide can help especially with modern CPU's

  Using virtualization programs like Sandboxie, deep freeze or Returnil really make life safer, I was browsing the other day on a forum, infact a security forum and got an iframe blocked, the threats have moved on and your protection needs to move with it, fast scans may seem great but can miss things, for me a full scan on Malwarebytes takes about 45mins, so I leave it while I watch TV, but prevention is better than mopping up the aftermath of an attack with on demand scanners. Sandboxie is really good so is Returnil, vitalisation does help, but safe browsing is a hard thing now with injected code in banner ads and the sites themselves, its not just being wary about emails, there are things we cannot watch out for.

On final note when people say "my system has been clean for ages using spybot and adaware and my free AV (there are a few good ones) and windows firewall, you could be lucky but be prepared for a few possible surprises very when a scan is done with a more modern product! Prevention is better than cure, or like Sebby buy an overcoat, sorry I meant a Mac

[Sebby]

[D-Dan]

  Using virtualization programs like Sandboxie,

I'll go along with that. Having cleaned my parents PC up for the 5th time in as many weeks this week, I got around to installing sandboxie and instructed them to only start their browser through it. Hopefully, I'll get some time to myself now.

Steve

[vitriol]

I've just tried this program out.

Results

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Woohoo !!!!

[Rik]

Now try it on your own computer, Vit.

[Baz]

yep its good. used it for a while now. recommended from some one here I think  

[vitriol]

lol it's my laptop

Will try it on the desktop later ( although I don't think it'll find anything, as it doesnt get used for much these days)

[Rik]

It's always worth the check, though.

[D-Dan]

For information, I've just posted the results of my latest testing roundup over at TechSupportAlert ( http://www.techsupportalert.com/best-free-adware-spyware-scumware-remover.htm ) and MBAM did less well this time, owing to inadequate built in protection against termination.

I'll be re-testing shortly to see if it improves, but for now, my 2nd place recommendation has changed. Top spot still goes to SAS.

Steve

[Rik]

There's a formatting problem in the last paragraph, Steve (old typographers never give up! ):

And as always, let common sense guide you. Don't run a program from an untrusted source, and don't visit websites <para break here needs removing>
where infection is likely. You should also beware of popups from programs that you haven't installed, some of the fake anti-spyware I managed to pick up in my browsing sessions was surprisingly convincing. Remember, sometimes malware will scream into your face that it is there. It will just not tell you what it really is

Interesting. 

[D-Dan]

I know - I spotted it after putting it up - noted to fix when I start adding screenshots. There's also a full stop missing in the introduction, that you missed

Steve

[Rik]

I was trying not to be too picky.

[D-Dan]

You could have tried harder and not noticed the para break too 

[Rik]

That shouted.

[D-Dan]

OK - both errors fixed

[Rik]

 

[Noreen]

I noticed this post on the American forum to which I belong and thought that it may be of interest, it's talking about the latest version.

Just a "heads-up" about this release...

I've been running NOD32, version 3.0.684 along with MBAM for some time. After the upgrade, the computer would freeze at Windows unless, MBAM's real-time protection was disabled. Starting the real-time protection module after booting was fine and presented no problem but if both NOD32 AND MBAM loaded on startup...freeze. Several other users have experienced the problem as well. The code on the front-end of the new version of MBAM was completely re-written so they don't really know right now where the conflict point is.

The solution for me was simply to upgrade NOD32 to the 4.0 (4.0.437.0) version. Once done, everything back to normal.

[Rik]

Interesting, thanks, Noreen. 

[karvala]

Having been recently infected with the deadly virut infection, which has been king of the virus jungle for over a year now and remains widely regarded as the most dangerous file infector out there, I would like to give a further comment and recommendation here in case anyone else is unfortunate enough to get hit with this.  The security experts I talked to all told me virut was a death sentence, and reformat and reinstall was the only way to go.  That wasn't an option for me, and I had some backup images to play with, so I tested a few things, including Malwarebyes anti-malware (MBAM).  AVG first of all scanned the file that contained the original infection, and passed it as clear ; this is why I executed it in the first place and got the infection.  Thereafter, as the infection quickly started invading and corrupting all of the executables on the system it could find, AVG flagged them up as the infection spread, but simply offered to delete them, which would neither stop the infection in its tracks, nor help the system, since these were essential system files.

I ran MBAM, and I'm sorry to say that it was also completely ineffective against virut, not even identifying the corrupted executables as having a problem (when even a simply CRC check would demonstrate had been infected!).  I've used it before against other types of viruses, and it's been pretty good, but it was completely hopeless in this case.  Avira and Kaspersky were also little better.  Then I came across one tool which had I not seen enough positive references to it in regard to this toughest of infections, I would normally have assumed was fake software based on it's origin (little known Russian developer), it's seemingly limited interface and configurability and it's awful name: DrWeb CureIt!  However, this alone of all programs that I tried not only could detect the infected file before it was executed (with an on-demand scan; no resident protection I'm afraid), but also actually reverses the damage on the infected files (some misinfected files are beyond repair, but even for these the cure removes the offending code and renders the file harmless).  With that (being run from another OS, with the infected drive as a slave), and subsequently the Windows system file protection utility (to repair any files that were misinfected and could not be properly cured), the system could not only be cleaned, but actually made bootable and usable again.  It's actually rather good against other infections too, I should add.  So, if you're ever hit with the nasty virut infection (and it remains prevalent, so it could still happen), try DrWeb CureIt!; you might be pleasantly surprised.  Of course, I hope none of you ever need to.

[Simon]

Thanks for the recommendation.  I've also read good reports of Dr Web on Wilders, but haven't had the need to try it myself, thankfully!

[Rik]

Available here:

http://www.freedrweb.com/

[quandam]

Ran it on my laptop out of interest and using the express search it found a 'Trojan Loader' immediately. Seems pretty good

[Rik]

Thanks, Q. Maybe I should try it...

[quandam]

Worth a try Rik and simple to use which suits me

[Rik]

I like simple too.

[glen]

Ran it on my laptop out of interest and using the express search it found a 'Trojan Loader' immediately. Seems pretty good

As long as it's not a false positive.

[Rik]

I note they do a link checker too, which scans a site before you visit it. For Firefox:

http://www.freedrweb.com/browser/mozilla+firefox/

For IE:

http://www.freedrweb.com/browser/internet+explorer/

For Opera:

http://www.freedrweb.com/browser/opera/

[somanyholes]

have no real need for the app it'sself, but going to try the live cd which could be handy for checking other systems, thanks for the info.
http://www.freedrweb.com/livecd/

[somanyholes]

this might be of interest https://addons.mozilla.org/en-US/firefox/addon/938

[Rik]

It gets the same addon as I've linked to above, So.

[quandam]

Tried the express scan on the desktop and it found another one. I have several AV progs and use them usually twice a week without fail and none of them have found anything. Impressed so far

[Rik]

 

Good to hear, Q.

[Glenn]

All clean here.

[Rik]

Scanning here...

[Rik]

... and clean

[JohnH]

Did you uninstall your regular antivirus before running this, Rik?

[Rik]

No, it runs straight from the downloaded file, John, and seems happy to co-exist.

[JohnH]

Thanks Rik. I'll give it a go. 

[Gary]

You have to redownload it though as it does not actually update?

[Rik]

You do, Gary, an update is literally downloading the new version. As it needs no installation, it's not too onerous though.

Have you seen my request for you to repost your iPhone barcode app in the new sticky in the new board?

[Gary]

You do, Gary, an update is literally downloading the new version. As it needs no installation, it's not too onerous though.

Have you seen my request for you to repost your iPhone barcode app in the new sticky in the new board?

seems a bit onerous to me, tried it and all clean, I'll stick to prevx which is only a 769kb download, and no so I shall go see 

[Rik]

Thanks. 

[JohnH]

You have to redownload it though as it does not actually update?

Did all that and nothing found. Don't think I will stick with it, though. It seemed to slug my machine. During install, a couple of times it took forever to log off and come back up and I had horrible blue screen premonitions. 

[karvala]

The update should be very straightforward; there's an update button on the splash screen which links to the new version which you then download.  It's a bit crude, but nice and simple!  I would concede, though, that the one real weakness of DrWeb is a potential lack of stability; a sizable number of people who use it find it crashes partway through a full scan.  It didn't happen to me, and admittedly most people that are using for the first time are doing so when their machine is in a pretty bad way, so it might not be entirely down to DrWeb, but I think because it does such a deep clean sometimes it can push a system over the edge.  I've not known it actually mess anything up, though, or even give a BSOD; just an application crash.

While we're talking of stability and in, um, Autumn clean mode, I should mention one other tool I've used in the last few days.  Following the infection I wanted to ensure that all malware was gone from the system, and as I'm sure you all know, even the most sensitive of anti-virus and anti-spyware products won't detect rootkits unless they're specifically designed to do so.  There are a few rootkit detectors out there, but stability is a real problem in this area because they're actively interfering with Alternative Data Streams and engaging in direct disk access.  The popular Rootkit Revealer from Symantec, for example, while being quite respectable in terms of detection, has a quite horrendous stability record.  One product I've come across, also quite popular, is called Rootkit Repeal, and I was frankly amazed at how rock solid it seemed to be, even on my rather congested and complicated system.  It has a variety of different types of scans (processes, memory modules, files, stealth objects, hidden processes etc.), each of which can be run separately, or a single report compiled from all or any combination of them.  In that sense, it's also easy to use.  What it won't do, in common with all other rootkit detectors, is actually remove anything (which could be very hazardous in terms of system stability), but it will give you a clear idea of what is going on behind the scenes on your system.  Mouse, keyboard, disk driver hooks, for example, will be apparent, as will malware that won't show up in any file browser (completely hidden from the API).  Not for everyday use, but useful if you suspect you might have a rootkit, or you're just curious about what low-level drivers (such as application protection systems) are intercepting system function calls.

[Simon]

I use F-Secure Internet Security, which has built in rootkit detection, but it's never found one, thankfully.

[J!ll]

I'm giving this a trial http://www.emsisoft.com/en/software/antimalware/

[Rik]

What are you comparing it against, Jill?

[J!ll]

SuperAntiSpyware. This is stopping everything! I've also ditched my virus scanner so trailing NOD   Something is working! fan is quieter  

[Rik]

I would always use two scanners, eg SAS and Malwarebytes, none of them catch everything. What AV have you moved from?

[J!ll]

I think it was AVG 

[J!ll]

I get a little suspicious when one shows 96+ problems (virus/Trojan) and the other 5!

[Rik]

But which one do you get suspicious of?

[Rik]

I think it was AVG 

NOD's a big improvement, imo.

[J!ll]

But which one do you get suspicious of?

That's the problem I have!