Malwarebytes Anti-Exploit

Discussion in 'other anti-malware software' started by ZeroVulnLabs, Oct 15, 2013.

  1. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    5,484
    https://forums.malwarebytes.com/topic/136424-frequently-asked-questions/?tab=comments#comment-846352
    ----------------------
    How to verify that MBAE is working correctly
    https://forums.malwarebytes.com/topic/139368-how-to-verify-that-mbae-is-working-correctly/
     
    Last edited: Dec 6, 2017
  2. cyberlost24

    cyberlost24 Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    102
    I,m wondering why you posted a link to Hitman Pro about exploits...did you read the last post by Anon,explaining how to test if MBAE is workingo_O
     
  3. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,335
    Location:
    Italy
    Watch the video below:

    http://sendvid.com/iq904y0w
     
  4. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,335
    Location:
    Italy
  5. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,630
    Just got this update, to v1.11.1.45 a little while ago.

    MBAE_updated to v1.11.145_01.JPG
     
  6. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,630
    But, ReHIPS did tell me it was coming, initially. I allowed it: "Only in This Session".

    MBAE_updated to v1.11.145_02.JPG

    Then VoodooShield popped up, and I allowed that, too! :)

    MBAE_updated to v1.11.145_03.JPG

    MBAE_updated to v1.11.145_04.JPG
     
  7. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,472
    Location:
    USA
    Sir, this link has a trojan on it. I just had Eset block it, and it's no false positive. My browser was immediately hijacked, and redirected to a scam page that locked my browser after that. I'm using the latest build of Firefox. The infection may not run for everyone, but believe me, it's there.

    Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
    12/6/2017 5:12:03 PM;Real-time file system protection;file;C:\Users\achilles\AppData\Local\Mozilla\Firefox\Profiles\zd2s79wq.default\cache2\entries\95845F8BC2CAB5A3158A5A8309D4AC9F0A4FEB69;HTML/FakeAlert.HG trojan;cleaned by deleting:DESKTOP-HITL62R\achilles;Event occurred on a new file created by the application: C:\Program Files\Mozilla Firefox\firefox.exe (84B6E75B69D0E459C0D72088BC92786E13114D29).;121B034DD79216985FB1CC869DC838CD1A11F2A6;12/6/2017 5:12:00 PM

    Edited 12/6/17 @ 5:29 That page also shows signs of having an exploit on it, but I don't have time to verify if there is one. I have to take a huge Cisco Final in an hour. Basically my browser began to alert me that content from that page was still running in the browser (even though I closed that page about 20 minutes ago), and slowing down the browser. I then attempted to shut down the browser, and run ccleaner, but the browser would not shut down. I ended up having to kill it from the task manager.
     
    Last edited: Dec 6, 2017
  8. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,335
    Location:
    Italy
    ~Virus total results removed as per Wilders policy

    I can not delete the post.
    If a moderator thinks it is necessary to delete it, he has my approval.:thumb:

    My pc (XP) is clean.
    (Scan Hitman Pro + Zemana Antimalware portable + log Hijackthis + adwcleaner)
     
    Last edited: Dec 7, 2017
  9. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    1,140
    Location:
    Québec, Canada
    No problem watching the video here.
    I'm on Windows 7 pro and using Chrome.
     
  10. cyberlost24

    cyberlost24 Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    102
    Not wanting to risk going to that site for the video----What exactly is the video showing/telling you about??...Is it proving anything good/bad?
     
  11. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    1,140
    Location:
    Québec, Canada
    It shows what Sampei wrote in post referenced by post#3679.
     
  12. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,335
    Location:
    Italy
    The video shows the correct intervention of MBAE ver.24.
    With the ver 45 there are all the problems that I have described in the Malwarebytes forum.
     
    Last edited: Dec 7, 2017
  13. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,335
    Location:
    Italy
  14. cyberlost24

    cyberlost24 Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    102
  15. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,335
    Location:
    Italy
  16. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    2,650
    some1 dropped the ball for xp already, so why? :p

    if a program like this also supports xp its codebase is outdated, it has to carry ancient routines which are vulnerable in itself.
     
  17. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,335
    Location:
    Italy
    Also HPA3..................:rolleyes:
     
  18. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,335
    Location:
    Italy
  19. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    5,484
    For Windows XP users:

    OSArmor
    : free Malwarebytes Anti-Exploit alternative
    https://www.wilderssecurity.com/threads/novirusthanks-osarmor-an-additional-layer-of-defense.398859/
    https://www.neowin.net/news/osarmor--free-malwarebytes-anti-exploit-alternative
     
  20. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,156
    Location:
    North Carolina, USA
  21. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,335
    Location:
    Italy
    It is OK.

    Tested with:

    • Exploit Test Tool (HPA3)
    • I.E. VB Scripting (Wicar.org)
     
  22. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,152
    Location:
    Hawaii
    My hero ===>Sampei
    10Q very much!
     
  23. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,335
    Location:
    Italy
  24. Holysmoke

    Holysmoke Registered Member

    Joined:
    Jun 29, 2014
    Posts:
    128
    do these programs phone home with the URL's you visit like AV's do?
     
  25. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    1,140
    Location:
    Québec, Canada
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.