I am very satisfied with MBAM. It updates signatures at least daily & does so faster & better (very stable & reliable) than any other security app I have ever used. It scans fast and gives good explanations when it finds something.

I only use MBAM on-demand because I do not feel the need for another security application running in real time. (My real-time security is Avira, Malware Defender, & Sandboxie). Thus, I only need the free version of MBAM. However, MBAM is so good that I would like to be able to donate some $$$ toward their continued success.

Is there any way I can donate? (Preferably by credit card -- I detest using PayPal).

i share your feelings i got my self a copy and i am in love with the file ASSASSIN:thumb:

-{ Quote: "However, MBAM is so good that I would like to be able to donate some $$$ toward their continued success.

Is there any way I can donate? (Preferably by credit card -- I detest using PayPal)." }-
bellgamin, yes, MBAM is very good and perhaps this thread from their forum: Malwarebytes (w/out protection module), Intended usage - clarification request (http://www.malwarebytes.org/forums/index.php?showtopic=10751&hl=donations&st=20) will answer your question. Commendable response, indeed!

-{ Quote: "bellgamin, yes, MBAM is very good and perhaps this thread from their forum: Malwarebytes (w/out protection module), Intended usage - clarification request (http://www.malwarebytes.org/forums/index.php?showtopic=10751&hl=donations&st=20) will answer your question. Commendable response, indeed!" }-

Yes Tzuk said a similar thing about donations, his business/paperwork etc wasn't "equipped" to process donations. So i've bought the pro versions of both Malwarebytes and Sandboxie as a donation and to show support, i don't really need the extra features.

-{ Quote: "I am very satisfied with MBAM. It updates signatures at least daily & does so faster & better (very stable & reliable) than any other security app I have ever used. It scans fast and gives good explanations when it finds something.

I only use MBAM on-demand because I do not feel the need for another security application running in real time. (My real-time security is Avira, Malware Defender, & Sandboxie). Thus, I only need the free version of MBAM. However, MBAM is so good that I would like to be able to donate some $$$ toward their continued success.
" }-

Hi bellgamin,
Out of curiosity, has MBAM ever found anything relevant that Avira missed? Or is it the good reputation that it has at cleaning heavily infected computers?

MBAM was significantly upgraded in the last few months and now is much better than at the time when I have criticized it.

For me, considering that I am not an expert, MBAM is very interesting software. Although it looks like standard signature based antimalware scanner in on-demand scanning MBAM still does not reflect real efficiency and will miss many malware, but in moment of file execution MBAM achive much better results and will detect and eliminate many malware that classic antiviruses could not stop (may be my mistakes but such results are shown by some of my personal tests).

IMHO, MBAM is still best for removing the already installed malware and achieved in this incredibly good results.

It didn't do so well in its detection of conficker.

I had someone let the exploit run to confirm other analyses as to what conficker did, including


copying a dll to %system%


changing the BITS Services value in the Registry


opening a port in the Registry providing bypassing firewalls


This was confirmed by Total Uninstall:


Total Uninstall
2/8/2009

(FOLDER) C:\WINDOWS\system32
(+)(FILE) 024.tmp = 4096 bytes
(+)(FILE) rsgyos.dll = 165025 bytes

(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
(*)(REG VAL) netsvcs

(+)(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xeekqt

(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS
(*)(REG VAL) Start
3 ==> 4

(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters
\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
(+)(REG VAL) 4083:TCP = '4083:TCP:*:Enabled:faraqn'



Malware Bytes AM's log:



mbam-log-2009-02-08

Scan type: Full Scan (C:\|)
Objects scanned: 63401
Time elapsed: 19 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder
\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



It did find one Registry data item change: an undocumented value that blocks hidden files/folders from displaying, over riding all other Windows settings.

In fairness to MBAM many products did not detect some of conficker's tricks early on, especially the obfuscated autorun.inf file.


----
rich

Hi Rich,

Not quite sure what your expecting any anti malware software to detect in the way of tricks used by malware,but usually softwares concentrate on the active malware or system changes that might need reversing.

I did advise you back when you first contacted me about Downadup/Conflickr that we were shortly releasing a new version(1.36) that had built in Heur's specifically aimed at Conflickr and other autorun worms.

Happy to say for our Pro user's since 1.36 then Conflickr and freinds can't work any of their tricks when they are intercepted by MBAM PM as they load into memory:thumb:

Also todate since release of 1.36 we have not needed to add 1 single signature/definition for Conflickr or seen any reports of MBAM QS missing it on infected machines:)

Keep up the great work!

Hello Ade,

I do remember that discussion, and also that upon the release of the newer version, MBAM took care of conficker!

By tricks, I meant the unusual Registry entries conficker uses to set up its connections and block others by DNS redirect..

In another forum in February (before the newer version of MBAM) where this was discussed, the point was made that no detection solution is completely reliable during the early stages of an exploit.

A month previous, this appeared in a reputable AV forum:

-{ Quote: " Jan 14, 2009
____ cannot detect Conficker worm, Help please!
My USB drive keeps being infected this way: Every time I plug it in my pc, an autorun.inf files is copied...

another poster:

Microsoft has recently added detection and cleaning capabilities
You can found Microsoft Windows Malicious Software Removal Tool here

A Moderator:

Please also send the file here: If confirmed as malware it will be added to the _____ very quickly.

A week or so later:

January 26
How to remove Worm/Conficker
Download _________ Rescue System from our website and burn the Rescue-CD:
" }-With respect to MBAM, I asked privately to several users, How could someone knowledgeable enough to know about and use a superior product like MBAM become infected with conficker?

Surely, such a user would have patched MS08-067 back in October, which would prevent the first variant. And such a user surely would have learned from the USB digital frame autorun.inf exploits in past years to take care of that attack vector, which a subsequent conficker variant used.

Surprising to me, one user admitted that he had not installed the MS patch and his local network with file sharing became infected.

By the way, the AV I referenced is used by the OP, so that he would have been let down on two fronts had he encountered conficker back in January.

Again, this is not to single out a particular product, because all similar ones have the same limitation, in that a sample of the malware (or its behavior) must be identified before reliable protection/detection can be assured.

regards,

rich

A bit OT, i just wonder why they don't give a trial for pro version to see it in action in real time.

-{ Quote: "Hi bellgamin,
Out of curiosity, has MBAM ever found anything relevant that Avira missed? Or is it the good reputation that it has at cleaning heavily infected computers?" }-Not so far. However, to-date, MBAM has always detected everything that Avira has detected.

As to MBAM's excellent reputation for cleaning -- I have an even better cleaning method. I call it "RAPI" (Restore A Pre-infection Image.) Shazam!

-{ Quote: "I am very satisfied with MBAM. It updates signatures at least daily & does so faster & better (very stable & reliable) than any other security app I have ever used. It scans fast and gives good explanations when it finds something." }-
I have always been impressed with the number of security clean-up forums that use MBAM in their toolkit... more so than any other anti-malware program. I figure these are the people in the trenches and if they use it, it's certainly good enough for me. :)

-{ Quote: "Not so far. However, to-date, MBAM has always detected everything that Avira has detected.

As to MBAM's excellent reputation for cleaning -- I have an even better cleaning method. I call it "RAPI" (Restore A Pre-infection Image.) Shazam!" }-

I couldn't agree more about your "RAPI", but cleaning somebody else's computer is often done with tools like MBAM. It is odd but it looks like some applications seem to be good at cleaning rather than detecting in the first place and vice versa. I have used recently Avira rescue CD + DrWEB rescue CD + MBAM + SAS in this order to clean a heavily infected computer, quite successfully even though some files have been inevitably damaged (part of the infection was caused by a virut variant).

-{ Quote: "I couldn't agree more about your "RAPI", but cleaning somebody else's computer is often done with tools like MBAM." }-Good point -- I hadn't thought of that.

-{ Quote: "I couldn't agree more about your "RAPI", but cleaning somebody else's computer is often done with tools like MBAM. It is odd but it looks like some applications seem to be good at cleaning rather than detecting in the first place and vice versa. I have used recently Avira rescue CD + DrWEB rescue CD + MBAM + SAS in this order to clean a heavily infected computer, quite successfully even though some files have been inevitably damaged (part of the infection was caused by a virut variant)." }-
My sister's friend asked me to take a look at her machine, and to bring some cleaning tools.
My response was that I don't know any cleaning tools, since I utilize best practices to ensure that I don't get infected in the first place.
She asked me if I could take a look anyway, so I said ok...
:gack:

There were many infections on this box that was supposedly protected by McAfee, mostly trojans.
I referenced "The best security list" thread here, and proceeded to run a-squared, mbam, kaspersky scanner, and super-antispyware.
A-squared came up with 23 risks, MBAM 4, Kaspersky 5, and SAS 190 (185 from SAS were cookies).

The most annoying infection was elminated by MBAM.

Since MBAM got a chance to look at the malware first, it is quite possible that Kaspersky could have nabbed the biggest villain on the box, but the fact remains that MBAM got it, and a-squared let it go.

MBAM is definitely going on my USB stick. :thumb: :thumb:

imho the best compliment/appreciation would be to buy it and use it

-{ Quote: "imho the best compliment/appreciation would be to buy it and use it" }-
haha, I see no reason to pay for a product to perform a task for someone I don't really care about.
MBAM provide free service, a gesture of goodwill; I did one too.
;)

Or one could buy it and give it to a less knowledgeable friend. :)

i think as its so often used as a cleaning tool rather than a preventative, if a week or two trial for pro was offered, the company would benefit from sales increase, because if your a not-so-savvy computer user, you get infected, some more-so-savvy user says use mbam, they use the trial, it cures the problem as per usual and then the trial would begin to run out, so you would be quite inclined to buy it, whereas if it cured the problem with free version people would think its fine to use without the pro, im not sure how much you would benefit when cleaning a machine with the realtime but it would certainly help prevent future infections