Malware Bytes Scan
in [Anti-Virus]
|
Prev: "Norton Internet Security 2010" customer reviews
Next: Top 5 Free Single File Online Virus Scan Services
From: FromTheRafters on 4 Dec 2009 18:05 "Leonard Agoado" <agoado(a)msn.com> wrote in message news:pt-dnbbWtKiRHITWnZ2dnUVZ_s2dnZ2d(a)giganews.com... > > "FromTheRafters" <erratic(a)nomail.afraid.org> wrote > > >> For example if both entities stole their defs from >> PCButts - all three would FP on the same files for the same >> malware... > > > FTR, > > Do you imagine, in the scenario described above, either entity > functioning well enough to make it to that point? Of course, virus (or malware) description language is not a programming language. :oD Butt's programs work reasonably well even though the data files describing the malware are stolen from the actual people doing the research to create them (the "engines" consuming that data are probably stolen as well, by this has not been demonstrated as well as the other aspect has). If you recall the "other" thieves (from China?) - they actually gave the same malware name (marker) in the alert, probably because the engine (maybe even the GUI) is stolen as well.
From: FromTheRafters on 4 Dec 2009 18:09 "Dave Cohen" <user(a)example.net> wrote in message news:hfbfr9$mch$1(a)news.eternal-september.org... > Dave Cohen wrote: >> Just updated MalwareByte and scanned system. Getting over 400 >> 'Trojan.Downloader' messages on files that have been on the system >> forever. Avira doesn't find anything. > > All is well. My 12/3 update installed 3287 and the scan indicated > problems I stated. > Today (12/4) I updated and installed 3289, full scan showed zero > problems. > One curious note: I don't recall having to re-start the computer after > yesterday's update. Today I received and responded to that message. > Thanks for all your replies. Often, that is indicative of a program update as opposed to just a definitions update. I'm not sure if Malwarebyte's Anti-Malware shares this nature so familiar with the AV programs.
From: David H. Lipman on 4 Dec 2009 18:34 From: "FromTheRafters" <erratic(a)nomail.afraid.org> | "Leonard Agoado" <agoado(a)msn.com> wrote in message | news:pt-dnbbWtKiRHITWnZ2dnUVZ_s2dnZ2d(a)giganews.com... >> "FromTheRafters" <erratic(a)nomail.afraid.org> wrote >>> For example if both entities stole their defs from >>> PCButts - all three would FP on the same files for the same >>> malware... >> FTR, >> Do you imagine, in the scenario described above, either entity >> functioning well enough to make it to that point? | Of course, virus (or malware) description language is not a programming | language. ::oD | Butt's programs work reasonably well even though the data files | describing the malware are stolen from the actual people doing the | research to create them (the "engines" consuming that data are probably | stolen as well, by this has not been demonstrated as well as the other | aspect has). | If you recall the "other" thieves (from China?) - they actually gave the | same malware name (marker) in the alert, probably because the engine | (maybe even the GUI) is stolen as well. Yes, IObit's theft of the Malwarebytes database is an excellent example. Those who decrypted the IObit database and the Malwarebytes database have *NO DOUBT* of this theft. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Rube Bumpkin on 4 Dec 2009 19:16 FromTheRafters wrote: > "Rube Bumpkin" <Someone(a)somewhere.world> wrote in message > news:uc%Rm.34635$Sw5.17075(a)newsfe16.iad... >> FromTheRafters wrote: >>> "Dave Cohen" <user(a)example.net> wrote in message >>> news:hf98i7$62r$1(a)news.eternal-september.org... >>>> Just updated MalwareByte and scanned system. Getting over 400 >>>> 'Trojan.Downloader' messages on files that have been on the system >>>> forever. Avira doesn't find anything. >>> Submit one of the suspect files to Virustotal or Jotti to help >>> ascertain if it is a false positive. >> I did that. When it came back 'negative', I checked the MBAM forums. > > Even the best programs can and will FP - it is nice to have a > programmatical consensus available online. When online is not possible, > it is nice to have an alternative program available locally for a second > opinion. > > Oh, yeah, I also did that. I ran SAS, Spybot S&D, Ad-Aware, and Norton AV (the corporate version), before I sent a file to VT, and checked the forums. RB
From: FromTheRafters on 4 Dec 2009 20:38
"Rube Bumpkin" <Someone(a)somewhere.world> wrote in message news:ADhSm.59570$%j4.37110(a)newsfe18.iad... > FromTheRafters wrote: >> "Rube Bumpkin" <Someone(a)somewhere.world> wrote in message >> news:uc%Rm.34635$Sw5.17075(a)newsfe16.iad... >>> FromTheRafters wrote: >>>> "Dave Cohen" <user(a)example.net> wrote in message >>>> news:hf98i7$62r$1(a)news.eternal-september.org... >>>>> Just updated MalwareByte and scanned system. Getting over 400 >>>>> 'Trojan.Downloader' messages on files that have been on the system >>>>> forever. Avira doesn't find anything. >>>> Submit one of the suspect files to Virustotal or Jotti to help >>>> ascertain if it is a false positive. >>> I did that. When it came back 'negative', I checked the MBAM forums. >> >> Even the best programs can and will FP - it is nice to have a >> programmatical consensus available online. When online is not >> possible, it is nice to have an alternative program available locally >> for a second opinion. > > Oh, yeah, I also did that. I ran SAS, Spybot S&D, Ad-Aware, and Norton > AV (the corporate version), before I sent a file to VT, and checked > the forums. It sounds like you have things pretty well covered with respect to sorting out FP's. :o) A lot depends (for me) on where a file is found as well. For instance some months ago a had detection of malware in my IBM utilities folder - I suspected FP's and did nothing - subsequent scans did not repeat the issue. Some months later I got a detection in my Java jar's zip files - I quarantined (or deleted) them, because I didn't care about saving FPed malware in Java jars. |