Malwarebytes

Discussion in 'other anti-malware software' started by BoaterDave, Oct 21, 2012.

Thread Status:
Not open for further replies.
  1. BoaterDave

    BoaterDave Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    62
    Location:
    Devon, England
    Can you point me to an independent review of the result obtained by any independent person/body who/which has examined a brand spanking new computer - upon which *Malwarebytes* has been loaded and then removed from the computer.

    I'm referring to the computer being *forensically examined* to determine if any 'gremlin' has or has not been left behind.

    Does *anyone* reading here know if this has *ever* been undertaken?

    --
     
  2. DBone

    DBone Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    1,041
    Location:
    SoCal USA
    Are you trying to see what MBAM leaves behind after being uninstalled? I can't help you with your request, but I'm just trying to understand your question better.
     
  3. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Who loaded and removed MBAM in the first place?
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    If you run MBAM's cleaning tool, mbam-clean after uninstalling, all traces are removed aside from a few empty directories.

    My pet peeve with MBAM is how their Pro version constantly scans your PC after boot for bootleg software.
     
  5. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA

    Hmmmmmm...... do tell more.

    I've never heard this before.

    Link?


    -ftp



    .
     
  6. DBone

    DBone Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    1,041
    Location:
    SoCal USA
    Are we talking leftovers from MBAM after an install/uninstall, or is the OP talking about malware in quarantine and whether or not MBAM eradicates it when uninstalled? o_O
     
  7. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    Do you mean that we kill pirated keys because yes, we do that.

    Other than that you are going to have to be a bit more specific.
     
  8. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    I am going to make the assumption that you implying that something will be actively in memory after MBAM is uninstalled. The answer to that is no.
     
  9. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    MBAM kills pirated MBAM keys or kills pirated keys of other programs? If of other programs, how does MBAM have info about what is pirated and what is not? I'm assuming there is some pecuniary benefit from this with info exchanged between MBAM and whatever company of the pirated keys in question.
     
  10. BoaterDave

    BoaterDave Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    62
    Location:
    Devon, England
    Yes - right on the nail! ;)

    Has *any* research ever been done to check whether or not any malware has actually been installed by loading Malwarebytes?

    I'm simply asking a question!

    I'm not implying that the software does have an ulterior motive - but has anyone ever checked?

    --
     
  11. BoaterDave

    BoaterDave Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    62
    Location:
    Devon, England
    I am implying nothing - nothing at all! :)

    Can you point me to an independent review of the result obtained by any independent person/body who/which has examined a brand spanking new computer - upon which *Malwarebytes* has been loaded and then removed from the computer?

    Something which will, independently, corroborate that which you have said.

    --
     
  12. DBone

    DBone Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    1,041
    Location:
    SoCal USA
    Wow, that's even different from what I thought you were asking. "Does MBAM silently install malware, or leave any traces behind after uninstalling, that could somehow act in a malicious way?"

    I have installed/uninstalled MBAM on my test rig many times, and scanned after with several other malware scanners like HMP, Emsisoft Emergency Kit, Trend HouseCall, SAS, Panda Cloud Cleaner, ect... and none of them ever found anything suspicious.....Ever. This is a real machine that I do not test actual malware on, but rather how the AVs/scanners act.

    So while I'm far from qualified to do a *forensic* analysis of my machine, I am 99.99999999999% sure that MBAM is clean when installed, and when uninstalled.
     
  13. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    Keys for MBAM, not even sure how we would know if other apps had pirated keys.
     
  14. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    This is like me asking if anyone has direct evidence that you have never been in jail for assaulting a minor and then pretending that nothing was insinuated.

    Sure you did not directly say anything, but no one is going to read your question and not wonder why you are asking. This, you are well aware of and so is everyone else.


    Let me ask a question in return. If there was even the slightest chance of this wouldn't it be a lot more likely that we would charge 70$ a year, charge for removal and install a toolbar? All of these things are totally legit (according to the community as a whole) and would make us a lot of $ yet none of them happen.
     
  15. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    OK, well that makes perfect sense. Thanks.
     
  16. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Your asking such a strange Question Dave. If it's on there and you don't want it just uninstall, but why may I ask? I even have a couple of paid copies that I use for On-Demand to support this great product.

    TH
     
    Last edited: Oct 21, 2012
  17. BoaterDave

    BoaterDave Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    62
    Location:
    Devon, England
    That is really good to hear, DBone, :)

    Thank you!

    Are you aware of anyone else who may have checked and come to the same conclusion?

    --
     
  18. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Surely a wilders troll has a tad more finesse...
    For professional trolling you need to add f.i. legit info, logical argumentation and reasonable assumptions besides the full frontal go-nuts approach.
    Check this troll guide from member Mrkvonic; link, practice and then come back.
     
  19. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    I knew this username sounded familiar:

    lame accusation <- about half way down.

    As shocking as it may be Dave, we are actually the good guys. BTW, do you even know the researchers that work for our company? Making accusations like this insults people like S!Ri, Atribune, Swandog46, Merijn, sUBs and Miekiemoes. Do some research on these usernames before you want to start making ridiculous claims. FYI all of these people were in the good fight LONG before there even was an MBAM.
     
  20. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    I am referring to the constant scan of my HDD by mbamservice.exe after every first boot of the day. It has done this ever since I installed MBAM Pro two years ago. So this is something that has propagated over multiple versions of MBAM.

    This has nothing to do with scheduled scans or the like. I have also asked this on question on the MBAM forum and never did receive a direct answer but an half admission that some type of software integrity scan is performed.

    I do find this activity irritating since it takes up CPU cycles and on lower powered PCs I have installed MBAM Pro on, tends to lock up those PCs until the scan completes.
     
  21. BoaterDave

    BoaterDave Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    62
    Location:
    Devon, England
    I'd had once been monitoring comments on the Kaspersky forums (I was using KAV 7.0 at the time). One particular poster, whose 'hobby' was computer forensics, was concerned about the Malwarebytes product.

    He said this ....

    *

    Be careful, however, with what you let this program remove/quarantine!

    It has the following detection methods:

    1. registry keys (very often empty ones that were not deleted by your resident protection

    2. MD5 checksums of a not so big malware-base

    2. Files by name - yes, you heard that correctly; MalwareBytes also detects files by name. For example when I was playing with it, I planted a dummy txt file into System32 with the name amvo0.dll
    It was immediately detected as

    CODE
    C:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> Quarantined and deleted successfully.

    This, of course, is unacceptable for a program that wants to belong in a certain class!

    KIS/KAV and other security programs of that caliber, able to distinguish between false and genuine threats, will most likely leave this file intact because it presents no real threat. However, in your opinion, MalwareBytes may look cooler and better because it found the dummy file and 'protected' you from a really nasty threat; an empty text file...

    At the same time, detection by name alone may ruin your system as well!

    Paul

    This post has been edited by p2u: 14.09.2008 12:09

    *

    That was post No8 here: http://forum.kaspersky.com/index.php?showtopic=84469&hl=Malwarebytes BoaterDave


    This is another comment p2u made, to me, in the thread:

    "The topic starts off really nicely, but from post #9 on it becomes clear (after having analyzed what MWB really does in the hidden test section of that forum with the help of a special software analyzer/debugger) that the 'protection' the program offers has its drawbacks and misleading elements. I repeat: calling an empty .txt file or a registry key an 'infection' (by name alone) is unacceptable and unprofessional, and misleads the user into thinking that the program is better than many paid-for versions, which don't pay attention to files without payload. I cannot take that remark back, so sorry.

    P.S.: Virusinfo.info is an official ASAP member."

    *

    Please take a look here - a translation from a Russian site:-

    http://translate.google.co.uk/trans...fo.info/showthread.php%3Ft%3D20736&hl=en&sa=G

    or http://goo.gl/0dIle

    It's all about downloading the Malwarebytes software.

    --
    HTH
     
  22. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    I doubt that *anyone* has *ever* *forensically examined* any brand spanking new computer after installation and removal of *Malwarebytes* (or *any other security app*, for that matter). There just isn't any call for it.
    Has anyone ever checked if MBAM installs malware?
    I'd say that millions of people have checked.
    When you consider for even one brief moment the number of people here at Wilders who run layered security apps, who check and double check and sometimes even triple check installers and downloads and running processes, it is beyond comprehension that MBAM could be installing malware and no one knows about it.

    Literally millions of people have this program installed, and if their machines were being infected by it, do you think that that fact would at this moment be widespread knowledge? I think it would be.

    The more I ponder your question, the more preposterous it sounds.
     
  23. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    And yet we have no problems dealing with randomly named polymorphic malware, its almost as if MBAM is far more sophisticated than that.
     
  24. BoaterDave

    BoaterDave Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    62
    Location:
    Devon, England
    Oops! I seem to have touched a nerve! :isay:

    I never made a claim - what I said there was .....

    What a super ruse it would be - to clear a machine of everyone else's 'nasties' but then, perhaps, leave their own package installed on the user's machine. No one would ever suspect, would they?

    Cybercrime has risen exponentially since Malwarebytes was first founded in 2004. See: http://www.malwarebytes.org/about.php

    It's probably just a coincidence, eh?!! ;-)


    --
    The Internet needs 'good guys'! :D
     
  25. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    Correct, I care deeply about my company and my crew.

    If nearly 5 years is not enough to put this to rest for you I hardly think my words are going to matter. I think I will let wilders handle this thread going forward.
     
Loading...
Thread Status:
Not open for further replies.