ChicaPC-Shield - MBAM for Ladies...

Discussion in 'other anti-malware software' started by majoMo, Dec 10, 2013.

Thread Status:
Not open for further replies.
  1. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    After updating MBAM Pro, it doesn't seem to nag me anymore?
     
  2. Malware Bytes Anti-Malware build-in back-door can be easily misused

    Pirated pop-up inspired me to pirate the ignore list. Most security programs build in their own Achilles weakspot. Some of them forget to defend this build-in exception, back-door or whitelist. Pretty straightforward for a targeted attack to use these user configurable exception/exclusion list. Only hurdle is to find out the record/data layout used by this whitelist (for MBAM exclusion.dat).

    Build and start a small user land/portable program which one and only action is to overwrite the ignore list with this value "D:\Temporary Files\malware.exe". Ignore list is located in ProgramData and is called the exclusion.dat file.

    Needles to say I am a very disappointed, or as the Dutch Queen from Argentina would say: "maybe MBAM is a little dumb" :D
     

    Attached Files:

    Last edited by a moderator: Dec 14, 2013
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Good find :thumb:
     
  4. Jryder54

    Jryder54 Registered Member

    Joined:
    Sep 3, 2013
    Posts:
    214
  5. Well they could be more strict in securing their own rules.ref and exclusion.dat files. I guess in daily practice it is not a big deal otherwise they would have corrected this weakness years ago. MBAM is a second safety/companion solution, so any malware blind fooling MBAM would still have to pass the primary AV.
     
    Last edited by a moderator: Dec 16, 2013
  6. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,854
    Just got a "your version is pirated" message. Guess they didn't like people using the Chica license on it. So what should I do now? Uninstall MBAM and install the free one?
     
  7. AdvancedSetup

    AdvancedSetup Security Expert

    Joined:
    May 8, 2008
    Posts:
    144
    Location:
    USA
    Once an infection is on your computer at that level it already owns the box and there isn't much the infection cannot do. Certainly many other easier and faster things than trying to modify an exclusion. Why would they need an exclusion when they're already on the computer?

    Not saying it cannot be done but seems almost pointless if I was the one trying to code an attack. Maybe if I got in and I wanted others to also get in but again the scenario doesn't typically work that way.
     
  8. AdvancedSetup

    AdvancedSetup Security Expert

    Joined:
    May 8, 2008
    Posts:
    144
    Location:
    USA
    Well the honest thing to do is either pay for your own lifetime license while it's still available or use the free version.
     
  9. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,555
    Location:
    New York City
    If you don't want people to use the keycode in MBAM PRO, just block the offending keycode (which you know) and stop with the pirated message with the discounted price offer. The keycode didn't come from a crack site. It came from giveawayoftheday, a reputable website.
     
    Last edited: Dec 17, 2013
  10. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Actually it's Glarysoft Giveaway, but reputable nonetheless.

    Is it default behaviour to stop nagging you after a while for pirated keycodes? Or was this actually fixed (for me)?
     
  11. boombastik

    boombastik Registered Member

    Joined:
    Oct 7, 2010
    Posts:
    271
    Location:
    Greece
    Yes but for other programme. They give away chicka not malwarebytes.
     
  12. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    Agreed, and since it is a lifetime licence is really is not much pay as you never have to pay for renewal.
     
  13. Dynamic content, e.g. (scripted) contect is how we consume content on the internet, in PDF's in flash so ... "Once an infection is on your computer", e.g. in memory or in user folders, like Temporary Files folder, "at that level" really does not implies "it owns the box".

    When it is on the PC at that level (e.g. in memory or written to a user folder) saying that it owns the box is simply not true. Why would all the AV's provide on-access and on-execution protection. MBAM PRO offers IP-filtering and on-execution filtering (reasons to buy PRO in stead of using FREE).
    First: MBAM does not protects it own exclusion.dat file, which is accessible by Medium Level (Basic User) access rights. Second when the code is executed the Malware Execution Prevention allows this to execute, because it is in the exclusion.dat, hence defeating its purpose.
     
    Last edited by a moderator: Dec 18, 2013
  14. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Lol ChicaPC what a name for a software. :rolleyes:
     
  15. AdvancedSetup

    AdvancedSetup Security Expert

    Joined:
    May 8, 2008
    Posts:
    144
    Location:
    USA
    Perhaps I incorrectly assumed you understood what is meant by that statement. It has nothing to do with dynamic content and how we use computers in that regard.

    Generally speaking a program that can only execute as a limited user cannot modify anything that is not in its own current user environment without exploiting something else on the computer to gain that access. However when you're logged on as an administrator then you do have rights to modify most things on the computer (on XP you do but on Vista/7/8 there are limits that even your admin rights are not enough).

    I don't have time to write a article with further details but suffice to say if you have admin rights then something you execute does too and thus has admin rights as well and can put files anywhere it wants, disable services, etc. It has the same rights you have when it executes. What it does with those rights varies from infection to infection but the idea or statement that it owns the box is because it can now do anything it wants to do if something (security software) does not stop it.

    What you often commonly see is an infection via plugins or similar software that have system rights because then the program has exploited either a known or unknown feature of that software to gain system level admin rights. So, now that it has admin rights why spend the time writing code to modify an exclusion list to allow something in. It already has rights to uninstall or execute a kill command or install a kernel level driver for even more power, ie. it now owns the box.

    Please read my reply above which hopefully provides a basic scenario of how it works. Security software monitors executions to ensure that process x is not an infection.

    Unless you've modified the rights on your computer that is not correct. A limited user cannot modify that file. It requires admin level rights to modify it. Which again means if you can modify that file you already have admin rights which in a nutshell means you own the box.
     
  16. Okay now I understand your reaction also.

    I tested again: I could NOT ACCESS the log files of HitmanPro for instance in C:\ProgramData, but I could access the exclusion.dat file with a medium level process o_O I did not change the access rights of that directory as far as I know.
     
  17. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,854
    I want to uninstall MBAM and just use the free version to be fair to MBAM, but even after uninstalling, deleting all folders, and all registry keys, it still says I have the pro version after reinstalling. How do I get rid of it?
     
  18. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    To be honest this name screams rogueware/scareware. :ninja:
     
  19. fearlessscientist

    fearlessscientist Registered Member

    Joined:
    Sep 6, 2013
    Posts:
    166
    Location:
    USA
    Thats strange. MBAM's key is stored in registry. I dont even uninstall MBAM to go back to on-demand version. Just delete the registry key and delete the services in windows.
     
  20. AdvancedSetup

    AdvancedSetup Security Expert

    Joined:
    May 8, 2008
    Posts:
    144
    Location:
    USA
    Yes removal of the Registry key should cause it to no longer be registered.

    If wanted we have a tool to completely remove the program manually. If you have the ChicaPC version though it may be in a different key location. I've not checked on that.

    MBAM Clean Removal Process
     
  21. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,854
    Lol, I still can't get rid of the PRO verson. I uninstalled MBAM, deleted every folder, every registry key to deal with MBAM, and even checked Device Manager for any drivers, yet after reinstalling, it still gives me the PRO version. Is it tied to my IP address or something?

    Edit: Just noticed I didn't delete the keys in the Wow32node section. I found the license key registry key, deleted it, and my MBAM has reverted to free.
     
  22. Pandora Box

    Pandora Box Registered Member

    Joined:
    Dec 6, 2013
    Posts:
    25
    Location:
    In a doghouse
    Thanks for the information about ChicPC I was
    curious for long that they're copycat or MBAM sisters products.
    So, it's still relate some to MBAM right?

    But I don't think i need more MBAM clones... :p
     
  23. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    It's a rebranded version of MBAM, so it's the same as MBAM with a different name.
     
  24. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,289
    Location:
    Pennsylvania.
    Found out its detect on execution never mind.
     
  25. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Chicalogic is legit.

    I own 6 licenses to Chicalogic, and those licenses are interchangeable with MBAM - lifetime. Same exact thing, same license verification system, same keys. But Chicalogic was only $7.99, which was a steal, which is why I stocked up on licenses. Now they are back to $20 a license.

    Also, security through obscurity. Many trojans look for MBAM labeled executables and services, but not Chica's. Also I prefer the Chicalogic colors and tray icon.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.