Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.
Just got this update, to v22.214.171.124 a little while ago.
But, ReHIPS did tell me it was coming, initially. I allowed it: "Only in This Session".
Then VoodooShield popped up, and I allowed that, too!
Sir, this link has a trojan on it. I just had Eset block it, and it's no false positive. My browser was immediately hijacked, and redirected to a scam page that locked my browser after that. I'm using the latest build of Firefox. The infection may not run for everyone, but believe me, it's there.
Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
12/6/2017 5:12:03 PM;Real-time file system protection;file;C:\Users\achilles\AppData\Local\Mozilla\Firefox\Profiles\zd2s79wq.default\cache2\entries\95845F8BC2CAB5A3158A5A8309D4AC9F0A4FEB69;HTML/FakeAlert.HG trojan;cleaned by deletingESKTOP-HITL62R\achilles;Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe (84B6E75B69D0E459C0D72088BC92786E13114D29).;121B034DD79216985FB1CC869DC838CD1A11F2A6;12/6/2017 5:12:00 PM
Edited 12/6/17 @ 5:29 That page also shows signs of having an exploit on it, but I don't have time to verify if there is one. I have to take a huge Cisco Final in an hour. Basically my browser began to alert me that content from that page was still running in the browser (even though I closed that page about 20 minutes ago), and slowing down the browser. I then attempted to shut down the browser, and run ccleaner, but the browser would not shut down. I ended up having to kill it from the task manager.
~Virus total results removed as per Wilders policy
I can not delete the post.
If a moderator thinks it is necessary to delete it, he has my approval.
My pc (XP) is clean.
(Scan Hitman Pro + Zemana Antimalware portable + log Hijackthis + adwcleaner)
No problem watching the video here.
I'm on Windows 7 pro and using Chrome.
Not wanting to risk going to that site for the video----What exactly is the video showing/telling you about??...Is it proving anything good/bad?
It shows what Sampei wrote in post referenced by post#3679.
The video shows the correct intervention of MBAE ver.24.
With the ver 45 there are all the problems that I have described in the Malwarebytes forum.
Thanks for your post...Someone really dropped the ball on this latest release!!!
some1 dropped the ball for xp already, so why?
if a program like this also supports xp its codebase is outdated, it has to carry ancient routines which are vulnerable in itself.
For Windows XP users:
OSArmor : free Malwarebytes Anti-Exploit alternative
A new experimental build, version 126.96.36.199, has been released...
Announcements and download links:
Malwarebytes Anti-Exploit 1.11 Build 48 released
MBAE 1.11 build 48 - Latest experimental build
It is OK.
Exploit Test Tool (HPA3)
I.E. VB Scripting (Wicar.org)
My hero ===>Sampei
10Q very much!
do these programs phone home with the URL's you visit like AV's do?
No updates in a while -- all is well?
Dec 20, 2017
Strange events on XP-SP3.
Yesterday, during installing 188.8.131.52, as admin, when extracting looked done, Word opened. Totally weird.
I was baffled, stared at it for a while, eventually closed Word and saw MBEA notice to reboot placed over that extracting thing and behind the empty Word window.
After reboot, my firewall (Sunbelt) wasn't there and network was limited. Hmmm.
I shutdown. Booted again, same situation. I could not restart the firewall. Just nothing. As if it didn't exist.
Windows event log had just one related event around the installation time that MBAE didn't start within 30.... miliseconds (I don't recall exact number of zeros).
Uninstalled 184.108.40.206, rebooted, firewall is back, network is fine.
Today XP booted up just fine. I installed 220.127.116.11 and all is well. MBAE, Firewall icons are there. MBAE injects its DLL just fine as it always did.
Any idea what went wrong with the installation in such a strange way? Should I try again or give up?
Runs fine on my XP-3. Could it be a conflict with some specific aspect of your computer's set-up?
Separate names with a comma.