"Kyle T. Jones" <KBfoMe@realdomain.net> wrote in
news:gi8ijr$tko$1@news.motzarella.org:

> Dustin Cook, my dear, dear friend, there was this time, oh, 12/13/2008
> 5:23 PM or thereabouts, when you let the following craziness loose on
> Usenet:
>> "jen" <jen@example.com> wrote in
>> news:ypd0l.6576$M01.1142@bignews3.bellsouth.net:
>>
>>> "Dustin Cook" <bughunter.dustin@gmail.com> wrote in message
>>> news:Xns9B6B3D97688D6HHI2948AJD832@69.16.185.247.. .
>>>
>>> Hey Dustin,
>>>
>>> Do you have any insight to this posters problem?:
>>
>> Yep. Our updater is really an Internet Explorer window; so if IE is
>> toggled to offline, so is our updater.
>>
>> Also, if IE is configured to use a proxy and it's not operational for
>> some reason, our updater will fail.
>>
>> I have requested this be changed in a future release so that we are
>> not dependant on Internet Explorer for anything... However, that's
>> still a ways away.
>>
>> So, the jest of it is this: If Internet Explorer won't surf, our
>> updater won't run.
>>
>> The other applications mentioned aren't simply asking internet
>> explorer to access the net, so they don't care what it's specific
>> settings are.
>>
>>
>
> Can't for the life of me think of why you'd make your updater
> dependent on IE instead of just grabbing the default.

That's a question I will have to forward along to Marcin. I don't develop
the windows code.

> Surely you don't need anything IE-specific to send definition updates?

Oh, no. A simple http GET works.

> By the way, certain variants of the AV2008/AV2009 bug are now blocking
> MalwareBytes from being installed on infected machines. Normal
> workarounds (changing the name of the installation file, trying to
> install in Safe Mode, etc) seem ineffective. I'm sure you're aware of
> this already, but thought I'd mention it.

We are aware of this. It's actually a TDSS rootkit variant that typically
gets installed along with AV2008/2009 that is blocking us. Once the
driver is disabled however, we own it pretty quick.


--
Regards,
Dustin Cook
Malware Researcher
MalwareBytes - http://www.malwarebytes.org