MalwareBytes AntiMalware v1.31

[Kyle T. Jones]

Dustin Cook, my dear, dear friend, there was this time, oh, 12/13/2008
5:23 PM or thereabouts, when you let the following craziness loose on
Usenet:
> "jen" <jen@example.com> wrote in
> news:ypd0l.6576$M01.1142@bignews3.bellsouth.net:
>
>> "Dustin Cook" <bughunter.dustin@gmail.com> wrote in message
>> news:Xns9B6B3D97688D6HHI2948AJD832@69.16.185.247.. .
>>
>> Hey Dustin,
>>
>> Do you have any insight to this posters problem?:
>
> Yep. Our updater is really an Internet Explorer window; so if IE is
> toggled to offline, so is our updater.
>
> Also, if IE is configured to use a proxy and it's not operational for
> some reason, our updater will fail.
>
> I have requested this be changed in a future release so that we are not
> dependant on Internet Explorer for anything... However, that's still a
> ways away.
>
> So, the jest of it is this: If Internet Explorer won't surf, our updater
> won't run.
>
> The other applications mentioned aren't simply asking internet explorer
> to access the net, so they don't care what it's specific settings are.
>
>

Can't for the life of me think of why you'd make your updater dependent
on IE instead of just grabbing the default.

Surely you don't need anything IE-specific to send definition updates?

Cool that you've requested the change, but it should be the smallest of
tweaks to the code (assuming, again, that your updating service isn't
*dependent* on IE for some reason).

By the way, certain variants of the AV2008/AV2009 bug are now blocking
MalwareBytes from being installed on infected machines. Normal
workarounds (changing the name of the installation file, trying to
install in Safe Mode, etc) seem ineffective. I'm sure you're aware of
this already, but thought I'd mention it.

Cheers.

[Dustin Cook]

"Kyle T. Jones" <KBfoMe@realdomain.net> wrote in
news:gi8ijr$tko$1@news.motzarella.org:

> Dustin Cook, my dear, dear friend, there was this time, oh, 12/13/2008
> 5:23 PM or thereabouts, when you let the following craziness loose on
> Usenet:
>> "jen" <jen@example.com> wrote in
>> news:ypd0l.6576$M01.1142@bignews3.bellsouth.net:
>>
>>> "Dustin Cook" <bughunter.dustin@gmail.com> wrote in message
>>> news:Xns9B6B3D97688D6HHI2948AJD832@69.16.185.247.. .
>>>
>>> Hey Dustin,
>>>
>>> Do you have any insight to this posters problem?:
>>
>> Yep. Our updater is really an Internet Explorer window; so if IE is
>> toggled to offline, so is our updater.
>>
>> Also, if IE is configured to use a proxy and it's not operational for
>> some reason, our updater will fail.
>>
>> I have requested this be changed in a future release so that we are
>> not dependant on Internet Explorer for anything... However, that's
>> still a ways away.
>>
>> So, the jest of it is this: If Internet Explorer won't surf, our
>> updater won't run.
>>
>> The other applications mentioned aren't simply asking internet
>> explorer to access the net, so they don't care what it's specific
>> settings are.
>>
>>
>
> Can't for the life of me think of why you'd make your updater
> dependent on IE instead of just grabbing the default.

That's a question I will have to forward along to Marcin. I don't develop
the windows code.

> Surely you don't need anything IE-specific to send definition updates?

Oh, no. A simple http GET works.

> By the way, certain variants of the AV2008/AV2009 bug are now blocking
> MalwareBytes from being installed on infected machines. Normal
> workarounds (changing the name of the installation file, trying to
> install in Safe Mode, etc) seem ineffective. I'm sure you're aware of
> this already, but thought I'd mention it.

We are aware of this. It's actually a TDSS rootkit variant that typically
gets installed along with AV2008/2009 that is blocking us. Once the
driver is disabled however, we own it pretty quick.


--
Regards,
Dustin Cook
Malware Researcher
MalwareBytes - http://www.malwarebytes.org