Malwarebytes warning

On Sun, 22 Nov 2015 17:58:12 -0500 "Cy Burnot"
wrote in article

Jason wrote on 11/22/2015 5:53 PM:
On Sun, 22 Nov 2015 16:43:07 -0500 "Stan Brown"
wrote in article MPG.30bc00f2d87d37bd98f296
@news.individual.net

I am a normal home user, I have not had to change any defaults, and I
have not been bugged by Malwarebytes.


There have been many suggestions over the years NOT to touch the
Registry repair in MBAM (or anywhere else). I don't have the OP's
post, but I believe he complained about registry damage. Best to
avoid letting MBAM touch it.


I don't see any option in MBAM about "registry repair".

It's on the Tools menu.

On Sun, 22 Nov 2015 21:41:46 -0700, Ken1943 wrote:

I don't see any option in MBAM about "registry repair".

It's on the Tools menu.

There is no registry repair or tools menu in Malwarebytes.
It doesn't do that stuff.

There's no Tools menu in mine either. I wonder where it came from?

--
Faster, cheaper, quieter than HS2
and built in 5 years;
UKUltraspeed http://www.500kmh.com/

There were a few mentions in this thread about uninstallers leaving behind a
lot of stuff. I use the free version of Revo Uninstaller and it "seems" to
clear leftover traces. Is it doing anything useful or have I simply
installed another unnecessary program?

Kenny Cargill

"Brian Gregory" wrote in message
...

On 22/11/2015 15:47, Mayayana wrote:
I know a lot of people here like Malwarebytes.
I tried it last night for the first time and thought it
worthwhile to issue a warning: Malwarebytes
grossly oversteps its job and can recklessly label
things malware, with potentially disastrous
results.

I ran the latest version and it found 10 "threats".
No explanations. No uncertainty. It just brought up
the final diagnosis and said let's clean 'em up. Among
the list was no malware at all. What MB did want to
remove were the following:

* The disk imaging executable for BootIt. (MB
called it "Backdoor.Bifrose", even though the
description for a bifrose infection shares nothing
in common with the file MB wanted to delete.)

* Software license in the Registry (Probably from
Visual Studio 6 and certainly not a risk, but a big
problem if deleted. I'd have to completely reinstall
VS6.)

* The Registry entries for Windows Media Player
ActiveX control.

* An entry in the Registry for LowRiskFileTypes.
It's a tweak to stop IE and other browsers from
interfering with downloads.

* The Registry entries I use to stop Windows
from nagging me about updates, AV and Windows
firewall.

Any of these items would have caused problems
if removed. Some of them could have caused big
headaches. I was lucky insofar as I was able
to figure out exactly what these "threats" were.
Most people won't be able to figure it out.

I then tried the latest Microsoft Malicious Software
Removal tool. That worked fine. It found no problems.

AV and malware hunters in general have become
overzealous software with limited usability. Like
xenophobic email servers that block any source
they don't know, this kind of software works well
by being overzealous, but it only *really* works well
for people who do very little with their computer
and can't be bothered with security. If your PC
is an email machine then there's probably no harm
in letting AV or MB nuke it. They might even end up
nuking something that should be nuked. But for anyone
else I think it's time to start taking all of these programs
with a grain of salt -- and be very careful about letting
them "clean up malware" without being very sure of
exactly what they're going to clean up.

I would certainly never try MB again. (I also got
stuck cleaning up junk it left behind in all users
app data. Not the first program with a bad uninstaller,
but still inexcusable.)


Too some extent I agree.

But most (not quite all I admit) of the things it regards as unwanted
that could well be wanted are things that only a experienced user would
have. As an experienced user one would be well equipped to spot them and
exclude them from any further detection.

--

Brian Gregory (in the UK).
To email me please remove all the letter vee from my email address.

Ken1943 wrote:
On Mon, 23 Nov 2015 05:58:18 +0000 (GMT), "Rodney Pont"
wrote:

On Sun, 22 Nov 2015 21:41:46 -0700, Ken1943 wrote:

I don't see any option in MBAM about "registry repair".
It's on the Tools menu.
There is no registry repair or tools menu in Malwarebytes.
It doesn't do that stuff.
There's no Tools menu in mine either. I wonder where it came from?

Since Windows 7 took the brunt of upgrades from XP, the newsgroup
jerks have also moved in. Windows 10 group also.


Ken1943

I hope you guys aren't mixing up the MBAM free one-time scanner
interface, with the paid real-time protection version of
MBAM. What if the interfaces were different ?

Paul

On Sun, 22 Nov 2015 17:53:28 -0500, Jason wrote:
On Sun, 22 Nov 2015 16:43:07 -0500 "Stan Brown"
wrote in article MPG.30bc00f2d87d37bd98f296
@news.individual.net

I am a normal home user, I have not had to change any defaults, and I
have not been bugged by Malwarebytes.


There have been many suggestions over the years NOT to touch the
Registry repair in MBAM (or anywhere else). I don't have the OP's
post, but I believe he complained about registry damage. Best to
avoid letting MBAM touch it.

Malwarebytes does not perform a registry repair and doesn't create
"registry damage", so I don't know what you're talking about.

Unless, of course, you're just echoing the usual FUD spread by
Mayayana.



--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://BrownMath.com/
http://OakRoadSystems.com/
Shikata ga nai...

| Malwarebytes does not perform a registry repair and doesn't create
| "registry damage", so I don't know what you're talking about.
|
| Unless, of course, you're just echoing the usual FUD spread by
| Mayayana.
|

FUD? You never seem to speak up except to criticize
others. I explained my post, and I can provide specifics
to anyone who wants them. It seems that MB has an
emotionally loyal audience, but talking about security
software shouldn't be an emotional issue. Shooting the
messenger is not a rational response.

I wonder if people may have misunderstood Jason.
9 out of 10 of the "threats" MB showed me were actually
Registry values that it considered to be anything from
unsafe settings to active ransomware. The Registry
threats were also the most questionable. Mistaking an
EXE for malware is a fairly easy mistake. But mistaking
Windows Media Player COM settings for malware? I'd
say that's a bit of a stretch. (Do you think that's "FUD"?
Do you understand what HKCR COM settings are? If not
then you might want to look it up before accusing me
of spouting nonsense.)

Perhaps it was me who misunderstood Jason, but I
assumed he was saying that it's not advisable to
act on MB "threats" that involve Registry settings
because they're known to be undependable.

| If you can't handle false positives, don't TRY security software you
| don't understand.
|

Ah, so we agree. And you've managed to
boil down my whole, wordy diatribe into a
single sentence. Very nice.

"Mayayana" wrote in message ...

I know a lot of people here like Malwarebytes.
I tried it last night for the first time and thought it
worthwhile to issue a warning: Malwarebytes
grossly oversteps its job and can recklessly label
things malware, with potentially disastrous
results.

I ran the latest version and it found 10 "threats".
No explanations. No uncertainty. It just brought up
the final diagnosis and said let's clean 'em up. Among
the list was no malware at all. What MB did want to
remove were the following:

* The disk imaging executable for BootIt. (MB
called it "Backdoor.Bifrose", even though the
description for a bifrose infection shares nothing
in common with the file MB wanted to delete.)

* Software license in the Registry (Probably from
Visual Studio 6 and certainly not a risk, but a big
problem if deleted. I'd have to completely reinstall
VS6.)

* The Registry entries for Windows Media Player
ActiveX control.

* An entry in the Registry for LowRiskFileTypes.
It's a tweak to stop IE and other browsers from
interfering with downloads.

* The Registry entries I use to stop Windows
from nagging me about updates, AV and Windows
firewall.

Any of these items would have caused problems
if removed. Some of them could have caused big
headaches. I was lucky insofar as I was able
to figure out exactly what these "threats" were.
Most people won't be able to figure it out.

I then tried the latest Microsoft Malicious Software
Removal tool. That worked fine. It found no problems.

AV and malware hunters in general have become
overzealous software with limited usability. Like
xenophobic email servers that block any source
they don't know, this kind of software works well
by being overzealous, but it only *really* works well
for people who do very little with their computer
and can't be bothered with security. If your PC
is an email machine then there's probably no harm
in letting AV or MB nuke it. They might even end up
nuking something that should be nuked. But for anyone
else I think it's time to start taking all of these programs
with a grain of salt -- and be very careful about letting
them "clean up malware" without being very sure of
exactly what they're going to clean up.

I would certainly never try MB again. (I also got
stuck cleaning up junk it left behind in all users
app data. Not the first program with a bad uninstaller,
but still inexcusable.)



I agree that a person should never let any antivirus or anti-malware program
removed everything it finds.
I have had items detected as malware by MBAM, SAS, Avira,AdwCleaner and
others and I am glad I didn't let 'them' fix everything they find.
I have a lot of friends who just let their 'protective' programs do whatever
they want, and those same folks don't make backups, and yet, they seem to be
doing fine. How? It is beyond me!
Can MBAM 'fix' problems and cause some programs to not function at all or
not properly, YES!!!
But, so can almost any other great anti-virus or great anti-malware program.
--
Buffalo

"Ken1943" wrote in message
...



I agree that a person should never let any antivirus or anti-malware
program
removed everything it finds.
I have had items detected as malware by MBAM, SAS, Avira,AdwCleaner and
others and I am glad I didn't let 'them' fix everything they find.
I have a lot of friends who just let their 'protective' programs do
whatever
they want, and those same folks don't make backups, and yet, they seem to
be
doing fine. How? It is beyond me!
Can MBAM 'fix' problems and cause some programs to not function at all or
not properly, YES!!!
But, so can almost any other great anti-virus or great anti-malware
program.

Every so often in the Malwarebytes forum I see Malwarebytes cleaned
my computer and now the thing is broken.

Malwarebytes has a setting Automatically Quarantine Detected Items

I told the powers that be that it should not be checked. "It is there
for users that don't know anything"

I gave up on that idea


Ken1943

I agree with you on that. I make sure I have mine unchecked also, and I
check it (to make sure it is still unchecked) after every engine update.
--
Buffalo

In message , Kenny writes:
There were a few mentions in this thread about uninstallers leaving
behind a lot of stuff. I use the free version of Revo Uninstaller and
it "seems" to clear leftover traces. Is it doing anything useful or
have I simply installed another unnecessary program?
[]
In my experience, Revo free version:

1. Is very good at removing things a prog.'s own installer leaves
behind. As far as I can see, it runs the prog.s own installer, then does
a further pass or two.

2. Needs the prog.'s own uninstaller to be there; otherwise it doesn't
list the prog. in the list of things that it can install. (I think it
monitors the prog.'s own uninstaller to give it some idea of where to
look for remnants.)
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Does God believe in people?

On Sun, 22 Nov 2015 22:17:21 -0500, Jason wrote:

On Sun, 22 Nov 2015 17:58:12 -0500 "Cy Burnot"
wrote in article
I don't see any option in MBAM about "registry repair".

It's on the Tools menu.

I just launched the program, and there's nothing like a Tools menu.

Are you perhaps thinking of some completely different program than
Malwarebytes Anti-Malware?


--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://BrownMath.com/
http://OakRoadSystems.com/
Shikata ga nai...

On Mon, 23 Nov 2015 05:58:18 +0000 (GMT), Rodney Pont wrote:

On Sun, 22 Nov 2015 21:41:46 -0700, Ken1943 wrote:

I don't see any option in MBAM about "registry repair".

It's on the Tools menu.

There is no registry repair or tools menu in Malwarebytes.
It doesn't do that stuff.

There's no Tools menu in mine either. I wonder where it came from?

From Jason's overactive imagination, as far as I can tell.

--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://BrownMath.com/
http://OakRoadSystems.com/
Shikata ga nai...

Alright, I'm jumping in :-)

Mostly because I think Mayayana is right in carefully reviewing what
MalwareBytes calls malware.

On 2015-11-22 10:47, Mayayana wrote:

I know a lot of people here like Malwarebytes.
I tried it last night for the first time and thought it
worthwhile to issue a warning: Malwarebytes
grossly oversteps its job and can recklessly label
things malware, with potentially disastrous
results.

We use it @ work because normal A/V are clueless about crap like
"Conduit" or "Search Protect" etc. It also finds CryptoWall and other
"virus" that our A/V (Trend Micro) is blissfully unawares of. Of course
MWBytes consistently calls a benign registry entry that comes with
Windows a "Threat" but that's it, I haven't had other false positives.
Nevertheless, I always review what it wants to remove, you never know
(and even more important to review with stuff like CCleaner).

* The disk imaging executable for BootIt. (MB
called it "Backdoor.Bifrose", even though the
description for a bifrose infection shares nothing
in common with the file MB wanted to delete.)

Interesting, I will have to watch for this.

[snip]

* An entry in the Registry for LowRiskFileTypes.
It's a tweak to stop IE and other browsers from
interfering with downloads.

Oh yeah? Funny ;-) Try this too: SETX SEE_MASK_NOZONECHECKS 1 /M

[snip]

I then tried the latest Microsoft Malicious Software
Removal tool. That worked fine. It found no problems.

Lol, be serious! You'll never find anything with that!

I would certainly never try MB again. (I also got
stuck cleaning up junk it left behind in all users
app data. Not the first program with a bad uninstaller,
but still inexcusable.)

Just do what you've done, review its findings. It's still the best tool
out there.

Best Regards,

--
! _\|/_ Sylvain /
! (o o) Member-+-David-Suzuki-Fdn/EFF/Red+Cross/Planetary-Society-+-
oO-( )-Oo "Excuse me, but do you have change for a carp?"

| * The disk imaging executable for BootIt. (MB
| called it "Backdoor.Bifrose", even though the
| description for a bifrose infection shares nothing
| in common with the file MB wanted to delete.)
|
| Interesting, I will have to watch for this.
|

That particular file is C:\image.exe

| I then tried the latest Microsoft Malicious Software
| Removal tool. That worked fine. It found no problems.
|
| Lol, be serious! You'll never find anything with that!
|

That seems to be the consensus. I thought I'd
read somewhere that it was pretty good, but didn't
research it.

This all came out of an issue where I
was getting messages about Windows being unable
to access files. I was trying out some malware hunter
options to be on the safe side, though it seems the
problem ended up being another category of software
that tends to overstep its job: My firewall settings
were allowing it to monitor running programs. I had
recently reinstalled the system and hadn't adjusted
those settings.

| Just do what you've done, review its findings.
| It's still the best tool out there.

I would look into the details of any such reports,
anyway. My concern was for others who might have
limited experience combined with undue confidence
in malware hunters.

"J. P. Gilliver (John)"
Sun, 22 Nov 2015 18:42:11
GMT in alt.windows7.general, wrote:

In message
, Diesel
writes: []
You can have MB ignore this in the future. The reason the software
is alerting on it is because it's not the default value and for
normal home users, could present a security risk. You know what
you're doing, so it doesn't apply as a risk to you. Tell MB to
ignore it and it won't bother you about this again.
[]
Hmm. So, a "normal home user" has to not change _any_ default in
order to not be bugged by MB - or if does, has to tell MB for each
such change?

Not any default, just those which concern Windows notifications
having to do with updates, firewall and AV. MBAM has no way of
knowing in advance that you turned these off, OR, something you don't
know about on your machine did and you wouldn't have had you known
they were off.

I can see both sides of this "argument", but must admit I'm closer
to Mayayana on this one (-:!

I'm not. But, I also disclose that I'm not a typical home user, and,
I worked for the company so I have a better understanding of what the
software is doing and why it's doing it.




--
Error: Creative signature file missing