• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Solved Malwarebytes

Yard Dog

Vista Guru
Gold Member
Messages
2,169
Location
Central Florida in a small town
#1
This post is for information for Security team members dealing with
Malwarebytes' Antimalware ( known simply as mbam ) .

While an anti virus program will not scan the hidden files of the Restore
Files which are shadow copies, i found out from a Staff Member of
Mbam that mbam will scan these files and remove the threat. Now, it should
be noted that as this will make that restore pt useless, he has recommended
that after the files are cleaned up for users to delete all the old restore
points and as files are clean, at this time, make a new restore pt to be
used if needed.

" It is by using the Full Scan option, but honestly, actually removing infections
from System Restore points is pointless as it will generally break those restore points,
rendering them useless. If an infection resides in one or more of your restore points,
the best option once you're system is otherwise clean and running normally, to create a
fresh restore point and then delete all of the older restore points,
thus removing the older restore points that contained the infection(s). "

Samuel E Lindsey
Product Manager

Posted Image ( the posted image is a Malwarebytes Staff Member banner )
 
Last edited:

My Computer

System One

  • Manufacturer/Model
    Emachine ET 1161-05
    CPU
    AMD Athlon 64 LE-1640
    Motherboard
    eMachines MCP61PM-GM (Socket AM2 )
    Memory
    2.00 GB Dual-Channel DDR2 @ 387MHz (6-6-6-18)
    Graphics Card(s)
    Acer E181H (1280x768@60Hz) 128MB GeForce 6150SE nForce 430 (
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    Name Acer E181H on NVIDIA GeForce 6150SE nForce 430
    Screen Resolution
    1280x768 pixels
    Hard Drives
    ST316081 5AS SCSI Disk Device
    PSU
    MCP61PM-GM 9000 NVIDIA Chipset Model MCP61 Chipset Revisio
    Case
    Tower
    Cooling
    Fan Speed 1247 RPM
    Mouse
    PS/2 Compatible Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    http://www.speedtest.net/result/1538974261.png

richc46

Staff member
Vista Guru
Gold Member
Messages
20,105
Location
Fairfield County, CT
#2
Members of this forum, suggest that you dont use restore points that have been affected, . MBAM and any antivirus can not guarantee that a virus has been removed. In many cases, its not that easy. Our head security person suggests in some cases a reformat is the only sure cure.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Mouse
    Dell USB 4 button optical
    Keyboard
    Dell USB
    Other Info
    DSL provided by ATT

Yard Dog

Vista Guru
Gold Member
Messages
2,169
Location
Central Florida in a small town
#3
When i work one on one with an individual, after i have had them remove all threats, the very last thing i have them do is to remove all the old restore pts. and create a new one.
System restore is useful for other reasons, but, if you are infected with a virus/malware, then agreed , that they should not be used .
I have noticed that since i have been at this forum with you great bunch of guys/gals, that it is sometimes recommended for users to check for virus/malware first before proceeding with an issue fix. But, i think the issue of removing the old restore pts is forgotten.
 

My Computer

System One

  • Manufacturer/Model
    Emachine ET 1161-05
    CPU
    AMD Athlon 64 LE-1640
    Motherboard
    eMachines MCP61PM-GM (Socket AM2 )
    Memory
    2.00 GB Dual-Channel DDR2 @ 387MHz (6-6-6-18)
    Graphics Card(s)
    Acer E181H (1280x768@60Hz) 128MB GeForce 6150SE nForce 430 (
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    Name Acer E181H on NVIDIA GeForce 6150SE nForce 430
    Screen Resolution
    1280x768 pixels
    Hard Drives
    ST316081 5AS SCSI Disk Device
    PSU
    MCP61PM-GM 9000 NVIDIA Chipset Model MCP61 Chipset Revisio
    Case
    Tower
    Cooling
    Fan Speed 1247 RPM
    Mouse
    PS/2 Compatible Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    http://www.speedtest.net/result/1538974261.png

MilesAhead

Eclectician
Vista Guru
Gold Member
Messages
2,442
#4
One thing to look for also with Malwarebytes, if the user has set any folders in the Ignore settings, they should remove them before scanning if they think they got it so that the whole disk is scanned.
 

My Computer

System One

  • Manufacturer/Model
    HP Pavilion m9515y
    CPU
    Phenom X4 9850
    Memory
    8 GB
    Graphics Card(s)
    Some Radeon Cheapie with 512 MB Ram
    Monitor(s) Displays
    CRT
    Screen Resolution
    1280x1024
    Hard Drives
    750 GB SATA 3G
    2 SIIG Superspeed docks w/WD Caviar Black Sata II or III

Yard Dog

Vista Guru
Gold Member
Messages
2,169
Location
Central Florida in a small town
#5

My Computer

System One

  • Manufacturer/Model
    Emachine ET 1161-05
    CPU
    AMD Athlon 64 LE-1640
    Motherboard
    eMachines MCP61PM-GM (Socket AM2 )
    Memory
    2.00 GB Dual-Channel DDR2 @ 387MHz (6-6-6-18)
    Graphics Card(s)
    Acer E181H (1280x768@60Hz) 128MB GeForce 6150SE nForce 430 (
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    Name Acer E181H on NVIDIA GeForce 6150SE nForce 430
    Screen Resolution
    1280x768 pixels
    Hard Drives
    ST316081 5AS SCSI Disk Device
    PSU
    MCP61PM-GM 9000 NVIDIA Chipset Model MCP61 Chipset Revisio
    Case
    Tower
    Cooling
    Fan Speed 1247 RPM
    Mouse
    PS/2 Compatible Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    http://www.speedtest.net/result/1538974261.png

MilesAhead

Eclectician
Vista Guru
Gold Member
Messages
2,442
#6
That assumes you don't already have it on your system. I use it every day. I write small utilities that use AutoHotKey and AutoIt3 which will often show false positives. If anyone has excluded folders from the scan, they won't be scanned. That's why I mentioned it. People who use small scripted utilities may have folders where the programs run from excluded same as I.

But for the person who has discovered a problem and is downloading Malwarebytes for that reason, I go along with the procedure.
 

My Computer

System One

  • Manufacturer/Model
    HP Pavilion m9515y
    CPU
    Phenom X4 9850
    Memory
    8 GB
    Graphics Card(s)
    Some Radeon Cheapie with 512 MB Ram
    Monitor(s) Displays
    CRT
    Screen Resolution
    1280x1024
    Hard Drives
    750 GB SATA 3G
    2 SIIG Superspeed docks w/WD Caviar Black Sata II or III

Users Who Are Viewing This Thread (Users: 1, Guests: 0)