VERY satisfied with MBAM

Discussion in 'other anti-malware software' started by bellgamin, Jul 4, 2009.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I am very satisfied with MBAM. It updates signatures at least daily & does so faster & better (very stable & reliable) than any other security app I have ever used. It scans fast and gives good explanations when it finds something.

    I only use MBAM on-demand because I do not feel the need for another security application running in real time. (My real-time security is Avira, Malware Defender, & Sandboxie). Thus, I only need the free version of MBAM. However, MBAM is so good that I would like to be able to donate some $$$ toward their continued success.

    Is there any way I can donate? (Preferably by credit card -- I detest using PayPal).
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i share your feelings i got my self a copy and i am in love with the file ASSASSIN:thumb:
     
  3. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,927
    Location:
    U.S.A.
    bellgamin, yes, MBAM is very good and perhaps this thread from their forum: Malwarebytes (w/out protection module), Intended usage - clarification request will answer your question. Commendable response, indeed!
     
  4. 1boss1

    1boss1 Registered Member

    Joined:
    Jun 26, 2009
    Posts:
    401
    Location:
    Australia
    Yes Tzuk said a similar thing about donations, his business/paperwork etc wasn't "equipped" to process donations. So i've bought the pro versions of both Malwarebytes and Sandboxie as a donation and to show support, i don't really need the extra features.
     
  5. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,219
    Hi bellgamin,
    Out of curiosity, has MBAM ever found anything relevant that Avira missed? Or is it the good reputation that it has at cleaning heavily infected computers?
     
  6. Zimzi

    Zimzi Registered Member

    Joined:
    Jul 10, 2005
    Posts:
    289
    MBAM was significantly upgraded in the last few months and now is much better than at the time when I have criticized it.

    For me, considering that I am not an expert, MBAM is very interesting software. Although it looks like standard signature based antimalware scanner in on-demand scanning MBAM still does not reflect real efficiency and will miss many malware, but in moment of file execution MBAM achive much better results and will detect and eliminate many malware that classic antiviruses could not stop (may be my mistakes but such results are shown by some of my personal tests).

    IMHO, MBAM is still best for removing the already installed malware and achieved in this incredibly good results.
     
    Last edited: Jul 5, 2009
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    It didn't do so well in its detection of conficker.

    I had someone let the exploit run to confirm other analyses as to what conficker did, including

    • copying a dll to %system%

    • changing the BITS Services value in the Registry

    • opening a port in the Registry providing bypassing firewalls

    This was confirmed by Total Uninstall:

    Code:
    [U]Total Uninstall[/U]    
    2/8/2009 
    
        (FOLDER) C:\WINDOWS\system32
          (+)(FILE) 024.tmp = 4096 bytes
          (+)(FILE) rsgyos.dll = 165025 bytes
    
        (REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
          (*)(REG VAL) netsvcs
    
        (+)(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xeekqt
    
        (REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS
          (*)(REG VAL) Start
            3 ==> 4
    
        (REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters
    \FirewallPolicy\StandardProfile\GloballyOpenPorts\List
          (+)(REG VAL) 4083:TCP = '4083:TCP:*:Enabled:faraqn'
    
    
    Malware Bytes AM's log:

    Code:
    
    mbam-log-2009-02-08
    
    Scan type: Full Scan (C:\|)
    Objects scanned: 63401
    Time elapsed: 19 minute(s), 33 second(s)
    
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0
    
    Memory Processes Infected:
    (No malicious items detected)
    
    Memory Modules Infected:
    (No malicious items detected)
    
    Registry Keys Infected:
    (No malicious items detected)
    
    Registry Values Infected:
    (No malicious items detected)
    
    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder
    \Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
    
    Folders Infected:
    (No malicious items detected)
    
    Files Infected:
    (No malicious items detected)
    
    
    It did find one Registry data item change: an undocumented value that blocks hidden files/folders from displaying, over riding all other Windows settings.

    In fairness to MBAM many products did not detect some of conficker's tricks early on, especially the obfuscated autorun.inf file.


    ----
    rich
     
  8. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Hi Rich,

    Not quite sure what your expecting any anti malware software to detect in the way of tricks used by malware,but usually softwares concentrate on the active malware or system changes that might need reversing.

    I did advise you back when you first contacted me about Downadup/Conflickr that we were shortly releasing a new version(1.36) that had built in Heur's specifically aimed at Conflickr and other autorun worms.

    Happy to say for our Pro user's since 1.36 then Conflickr and freinds can't work any of their tricks when they are intercepted by MBAM PM as they load into memory:thumb:

    Also todate since release of 1.36 we have not needed to add 1 single signature/definition for Conflickr or seen any reports of MBAM QS missing it on infected machines:)

    Keep up the great work!
     
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hello Ade,

    I do remember that discussion, and also that upon the release of the newer version, MBAM took care of conficker!

    By tricks, I meant the unusual Registry entries conficker uses to set up its connections and block others by DNS redirect..

    In another forum in February (before the newer version of MBAM) where this was discussed, the point was made that no detection solution is completely reliable during the early stages of an exploit.

    A month previous, this appeared in a reputable AV forum:

    With respect to MBAM, I asked privately to several users, How could someone knowledgeable enough to know about and use a superior product like MBAM become infected with conficker?

    Surely, such a user would have patched MS08-067 back in October, which would prevent the first variant. And such a user surely would have learned from the USB digital frame autorun.inf exploits in past years to take care of that attack vector, which a subsequent conficker variant used.

    Surprising to me, one user admitted that he had not installed the MS patch and his local network with file sharing became infected.

    By the way, the AV I referenced is used by the OP, so that he would have been let down on two fronts had he encountered conficker back in January.

    Again, this is not to single out a particular product, because all similar ones have the same limitation, in that a sample of the malware (or its behavior) must be identified before reliable protection/detection can be assured.

    regards,

    rich
     
    Last edited: Jul 5, 2009
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    A bit OT, i just wonder why they don't give a trial for pro version to see it in action in real time.
     
  11. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Not so far. However, to-date, MBAM has always detected everything that Avira has detected.

    As to MBAM's excellent reputation for cleaning -- I have an even better cleaning method. I call it "RAPI" (Restore A Pre-infection Image.) Shazam!
     
    Last edited: Jul 5, 2009
  12. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    I have always been impressed with the number of security clean-up forums that use MBAM in their toolkit... more so than any other anti-malware program. I figure these are the people in the trenches and if they use it, it's certainly good enough for me. :)
     
  13. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,219
    I couldn't agree more about your "RAPI", but cleaning somebody else's computer is often done with tools like MBAM. It is odd but it looks like some applications seem to be good at cleaning rather than detecting in the first place and vice versa. I have used recently Avira rescue CD + DrWEB rescue CD + MBAM + SAS in this order to clean a heavily infected computer, quite successfully even though some files have been inevitably damaged (part of the infection was caused by a virut variant).
     
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Good point -- I hadn't thought of that.
     
  15. Wildest

    Wildest Registered Member

    Joined:
    Apr 28, 2009
    Posts:
    304
    My sister's friend asked me to take a look at her machine, and to bring some cleaning tools.
    My response was that I don't know any cleaning tools, since I utilize best practices to ensure that I don't get infected in the first place.
    She asked me if I could take a look anyway, so I said ok...
    :gack:

    There were many infections on this box that was supposedly protected by McAfee, mostly trojans.
    I referenced "The best security list" thread here, and proceeded to run a-squared, mbam, kaspersky scanner, and super-antispyware.
    A-squared came up with 23 risks, MBAM 4, Kaspersky 5, and SAS 190 (185 from SAS were cookies).

    The most annoying infection was elminated by MBAM.

    Since MBAM got a chance to look at the malware first, it is quite possible that Kaspersky could have nabbed the biggest villain on the box, but the fact remains that MBAM got it, and a-squared let it go.

    MBAM is definitely going on my USB stick. :thumb: :thumb:
     
  16. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    imho the best compliment/appreciation would be to buy it and use it
     
  17. Wildest

    Wildest Registered Member

    Joined:
    Apr 28, 2009
    Posts:
    304
    haha, I see no reason to pay for a product to perform a task for someone I don't really care about.
    MBAM provide free service, a gesture of goodwill; I did one too.
    ;)
     
  18. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Or one could buy it and give it to a less knowledgeable friend. :)
     
  19. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    i think as its so often used as a cleaning tool rather than a preventative, if a week or two trial for pro was offered, the company would benefit from sales increase, because if your a not-so-savvy computer user, you get infected, some more-so-savvy user says use mbam, they use the trial, it cures the problem as per usual and then the trial would begin to run out, so you would be quite inclined to buy it, whereas if it cured the problem with free version people would think its fine to use without the pro, im not sure how much you would benefit when cleaning a machine with the realtime but it would certainly help prevent future infections
     
Loading...
Similar Threads
  1. FanJ
    Replies:
    10
    Views:
    788
  2. NonGeek
    Replies:
    10
    Views:
    1,673
Thread Status:
Not open for further replies.