Malwarebytes

[G. Morgan]

Buffalo wrote:

>Why should I shut down my SAS (real time) while using MBAM in on-demand
>mode?

Because you don't want SAS to kick-in when MBAM is doing it's thing. You
should let them handle the files independently.


>Also, why not run two resident anti-malware programs at the same time?
>I've heard of problems of running multiple anti-virus programs at the same
>time, but none with just running multiple anti-malware programs like SAS
>and MBAM at the same time.
>Willing to learn.

I don't like running any malware programs in resident mode. System
performance mostly. I've never run two resident malware proggys
together and introduced malware intentionally, that would be a neat
experiment to see which one locks the file first.

[Dustin]

G. Morgan <usenet_abuse@gawab.com> wrote in
news:h3odu69uc344pmijap3imeaesmmmt04m9m@Osama-is-dead.net:

> I don't like running any malware programs in resident mode. System
> performance mostly. I've never run two resident malware proggys
> together and introduced malware intentionally, that would be a neat
> experiment to see which one locks the file first.

Just depends which one has the lowest OS hooks in place. MBAM's low level
file driver I think! is actually hooking lower than SASs...


--
Why drink the water from my hand?
Contagious as you think I am
Just tilt my sun towards your domain
Your cup runneth over again

[G. Morgan]

Dustin wrote:

>G. Morgan <usenet_abuse@gawab.com> wrote in
>news:h3odu69uc344pmijap3imeaesmmmt04m9m@Osama-is-dead.net:
>
>> I don't like running any malware programs in resident mode. System
>> performance mostly. I've never run two resident malware proggys
>> together and introduced malware intentionally, that would be a neat
>> experiment to see which one locks the file first.
>
>Just depends which one has the lowest OS hooks in place. MBAM's low level
>file driver I think! is actually hooking lower than SASs...


How would one archive such a "hook"? By taking control away from
Windows, to a low-level proprietary file driver? Is that how rootkits
do it too?

[Dustin]

G. Morgan <usenet_abuse@gawab.com> wrote in
news:grbmu6dollnfatslrstacpmoffhscaoobc@Osama-is-dead.net:

> Dustin wrote:
>
>>G. Morgan <usenet_abuse@gawab.com> wrote in
>>news:h3odu69uc344pmijap3imeaesmmmt04m9m@Osama-is-dead.net:
>>
>>> I don't like running any malware programs in resident mode.
>>> System performance mostly. I've never run two resident malware
>>> proggys together and introduced malware intentionally, that would
>>> be a neat experiment to see which one locks the file first.
>>
>>Just depends which one has the lowest OS hooks in place. MBAM's low
>>level file driver I think! is actually hooking lower than SASs...
>
>
> How would one archive such a "hook"? By taking control away from
> Windows, to a low-level proprietary file driver? Is that how
> rootkits do it too?

Yea.. I get into any specifics on how malwarebytes works internally and
I'll be in a courtroom.. sorry man.. but.. er, if you figure it out on
your own, thats on you. I just can't even point you in the right
direction.


--
Why drink the water from my hand?
Contagious as you think I am
Just tilt my sun towards your domain
Your cup runneth over again

[Anonymous]

Dustin wrote:
> G. Morgan<usenet_abuse@gawab.com> wrote in
> news:grbmu6dollnfatslrstacpmoffhscaoobc@Osama-is-dead.net:
>
>> Dustin wrote:
>>
>>> G. Morgan<usenet_abuse@gawab.com> wrote in
>>> news:h3odu69uc344pmijap3imeaesmmmt04m9m@Osama-is-dead.net:
>>>
>>>> I don't like running any malware programs in resident mode.
>>>> System performance mostly. I've never run two resident malware
>>>> proggys together and introduced malware intentionally, that would
>>>> be a neat experiment to see which one locks the file first.
>>>
>>> Just depends which one has the lowest OS hooks in place. MBAM's low
>>> level file driver I think! is actually hooking lower than SASs...
>>
>>
>> How would one archive such a "hook"? By taking control away from
>> Windows, to a low-level proprietary file driver? Is that how
>> rootkits do it too?
>
> Yea.. I get into any specifics on how malwarebytes works internally and
> I'll be in a courtroom.. sorry man.. but.. er, if you figure it out on
> your own, thats on you. I just can't even point you in the right
> direction.

You will be well aware that cybercrime has escalated exponentially over
the past 6/7 years. Co-incidentally I'm sure(!)--> since, in fact,
Malwarebytes was launched.

Are you aware of anyone who has loaded MBAM onto a fresh/clean computer
and then run the programme - the result should of course be that nothing
untoward would have been found. Has that machine then been examined
forensically to determine if MBAM has (just perhaps!) surreptitiously
installed it's very own malware - maybe even a rootkit?

In normal course, no one who might have used MBAM to erradicate malware
would be remotely concerned once their computer appeared to be operating
satisfactorily - would they?!!

[Beauregard T. Shagnasty]

~BD~ nymshifting as "Anonymous" wrote:

> Are you aware of anyone who has loaded MBAM onto a fresh/clean computer
> and then run the programme - the result should of course be that nothing
> untoward would have been found. Has that machine then been examined
> forensically to determine if MBAM has (just perhaps!) surreptitiously
> installed it's very own malware - maybe even a rootkit?

Go play in a canal, Dave...

--
-bts
-In a broadband world, you are just a dialup

[Lewis]

"Beauregard T. Shagnasty" <a.nony.mous@example.invalid> wrote in message
news:isofjv$3u4$1@dont-email.me...
> ~BD~ nymshifting as "Anonymous" wrote:
>
>> Are you aware of anyone who has loaded MBAM onto a fresh/clean
>> computer
>> and then run the programme - the result should of course be that
>> nothing
>> untoward would have been found. Has that machine then been examined
>> forensically to determine if MBAM has (just perhaps!) surreptitiously
>> installed it's very own malware - maybe even a rootkit?
>
> Go play in a canal, Dave...

slmgr.vbs -skms <my kms server>
pause
slmgr.vbs -ipk 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
pause
slmgr.vbs -ato

[Dustin]

Anonymous <Anonymous@someplace.else> wrote in
news:isoadg$gcb$1@news.albasani.net:

> You will be well aware that cybercrime has escalated exponentially
> over the past 6/7 years. Co-incidentally I'm sure(!)--> since, in
> fact, Malwarebytes was launched.

Hello David. I'm aware of the "cybercrime" LOL, threats even today.
Yes.

> Are you aware of anyone who has loaded MBAM onto a fresh/clean
> computer and then run the programme - the result should of course be
> that nothing untoward would have been found. Has that machine then
> been examined forensically to determine if MBAM has (just perhaps!)
> surreptitiously installed it's very own malware - maybe even a
> rootkit?

I require clarification. Are you saying you believe malwarebytes might
be doing something nefarious, David?

> In normal course, no one who might have used MBAM to erradicate
> malware would be remotely concerned once their computer appeared to
> be operating satisfactorily - would they?!!

Again,

I'm having trouble understanding what you mean to say here. Please
clarify.


--
Why drink the water from my hand?
Contagious as you think I am
Just tilt my sun towards your domain
Your cup runneth over again

[G. Morgan]

Dustin wrote:

>> Are you aware of anyone who has loaded MBAM onto a fresh/clean
>> computer and then run the programme - the result should of course be
>> that nothing untoward would have been found. Has that machine then
>> been examined forensically to determine if MBAM has (just perhaps!)
>> surreptitiously installed it's very own malware - maybe even a
>> rootkit?
>
>I require clarification. Are you saying you believe malwarebytes might
>be doing something nefarious, David?

I would like to know the same thing. What mechanism allows the MBAM
program (and others like it) to hook into the file system.

That is not a trade secret I'm sure.