So tonight my wife tells me “SpyBot is saying something is trying to insert something in something, what do I do?” So I take her notebook and sure enough, SpyBot is saying something is trying to insert itself into the registry, etc. I click “Deny permission” on both items, and it keep trying to insert anyway.
So I reboot, and now Windows won’t start up, gives a lsass.exe error. OK, goal is to boot into safe mode now and do a restore to allow it to start back up, then run Malwarebytes.
But even safe mode won’t start. Argh! So I get lucky on the restart-F8 mode and “go back to last known working configuration” and it starts. Of course, immediately Spybot once again says something is trying to insert something in the registry, etc.
So - running Malwarebytes on her notebook as we speak, and so far it has found 18 nasty items. I’m assuming I’m going to be wrestling with the vundo nasty again.
Now - we have ESET NOD32 running on our systems in real time, and Spybot also as a second layer of protection. Yet at least twice now my wife’s system has been hit with something nasty, that Spybot and NOD32 let infect her system (in case your wondering, she uses stumbleupon, and she was at a “geek tips” website that Stumble sent her to when this happened.) Obviously Malwarebytes finds things that NOD32 and AVG and Spybot let through.
So my question: is anyone using the paid version of Malwarebytes? Is it as good at stopping infections as it is in detecting them on scans?
I’m only using the freeware version, personally and for what it’s worth, when I briefly read up on the commercial version I seem to recall the reviewer stating that its realtime protection was overrated in some way.
I’ve done little testing with Malwarebytes realtime protection, but I do know that Threatfire tends to catch Vundo in the act 0-day. It also interferes with other things, so I can only recommend it to power users at this point who can learn how to disable it when they need to do something that it won’t let them.
Just as an observation, you’re about the third poster on this very forum that was using NOD32 and was hit with something within the last 3 months or so. This concerns me, despite the fact that I used to use NOD32 myself. Perhaps they aren’t as on top of new virus definitions as they used to be?
I wish I could give an opinion on the Malwarebytes paid version. I’ve only ever used the free one, and even then, only as a cleanup tool.
Yeah, finished the full deep scan by malwarebytes, takes two hours on her older notebook, and it was lousy with vundo files - 26 of them. And NOD32 didn’t catch a thing. I’ve also had a couple of things show up on malwarebytes scans on my machine and NOD32 missed them.
But 26 items, completely missed by NOD32 - why even run it? It updates every day, yet it seems completely oblivious. I moved to NOD32 because it caught and cleaned things that AVG missed.
I think I’ll run the experiment of buying the malwarebytes real time module and see if it catches things any better. In the meantime, I’ll have to finish up my wife’s cleanup in the morning (gotta reboot in safe mode and rescan.)
First of all, if you’ve just run all those scans on your wife’s computer, you should disable and then re-enable System Restore (thus clearing all the restore points and leaving room for new ones). It’s very common for viruses to re-infect a system because they were actually backed up by system restore.
Anyway, no antivirus is perfect, and the always-on stuff is never going to be as effective as a deep scan. What I think would be more effective than just adding more active scans (which will also slow down her computer) is to ask yourself what the vectors might be. First of all, is Windows fully updated on her computer? Because if it isn’t, there are lots of ways for viruses to get in.
What are her firewall settings? Are all the unnecessary ports blocked? And what browser is she using?
All good points. We have automatic updates for Windows turned on on her notebook (she is pretty much a novice in terms of overall knowledge on the PC.) She’s using the latest version of Firefox, and I believe the hardware firewall (our router) is pretty well set up.
Are you advising that, when I start her system up in the morning to continue the cleaning, I should disable system restore, finish the cleaning, then enable Restore when done?
Ah, well that’s all fine then. I mean, it can be advantageous to get a software firewall going along with the hardware firewall to control what programs can access the internet, but that’s really something for AFTER you’ve been infected, and it doesn’t work with half the nastier viruses because they’re going to disable the firewall anyway.
As Quaro said, there is a Java exploit that can let vundo in, though I think disabling Java is a bit extreme.
One less extreme thing you can do is install Adblock Plus on her computer, if she doesn’t already have it. Unless you’re plumbing the murky depths of the internet, most of the crap you’re in danger of getting isn’t coming directly from the sites you visit, but from 3rd-party content such as ads. ABP and, say, EasyList can cut a lot of that down.
And I doubt I have to say this in your case, or your wife’s scase, but I’ll say it anyway: no limewire! That crap is rife with infection.
Are you advising that, when I start her system up in the morning to continue the cleaning, I should disable system restore, finish the cleaning, then enable Restore when done?
Yep! If you’re worried about something happening while it’s disabled, you can always burn the existing backups to disc just in case, but at work (granted I’m only part-time IT guy, but I’ve been at it a few years now) that’s exactly what we do when we clean someone’s computer.
According to Malwarebytes literature, the only difference between the paid version and the free version is the real time protection and the scheduled scans.
I’ve had the same experience you’ve been having, in that MWB picks up a ton of stuff that the others just don’t. Because of that, I bought a few copies for my more vulnerable machines in the office (those where the hardware between the keyboard and the chair is most at fault), and I back it up with Spybot.
You probably should do everything but the last part. System Restore sucks. It’s basically a huge playground for viruses, and it breaks stuff half the time anyway if you actually use it. Just leave it off and do regular backups to an external drive or something instead.
That’s no doubt the correct answer, but I know that my wife will likely not do the backup on a regular basis. The restore is what saved us this time, in terms of being able to even start the computer up.
However - I have a very cool 500 gig external HD, USB powered, that I use for various things, and it was surprisingly cheap. What would be the “best” approach? I assume I’d need to make an emergency boot CD and then get and setup the external HD and just show her what to do in terms of a weekly backup (and best/easiest/fastest software for this?)
I don’t know about Windows backup, but most backup software schedules a backup daily/weekly/monthly. I schedule mine at 3AM weekly and I don’t have to do anything else.
Complete crap. It occasionally removes a 3-month old Vundo variant on accident, but it does not in any way shape or form prevent relatively new variants.
So I took advantage of the recent Malwarebytes discount when they changed models a couple of months back or so, and activated the key they gave me today. Starting this evening, Mbytes has been notifying me left and right about things that it has blocked but it doesn’t tell me what triggered the blocks. My only browser tabs at the time were gmail, qt3 and google.com. How do I identify what triggered the protection actions?
I know there’s another thread on Malwarebytes where the subscription model changes have been discussed, but I couldn’t find it.
