Re: EdSharp has problems with Malwarebytes
- From: Jackie McBride <abletec@xxxxxxxxx>
- To: programmingblind@xxxxxxxxxxxxx
- Date: Fri, 5 Aug 2011 16:01:01 -0700
I think it might be the .net components being flagged, but not
entirely certain of that, so if I'm wrong, I'll gladly stand
corrected, since I'm just taking a WAG. But, as I said, Mwb has, IMO,
of late gotten entirely too trigger-happy. 1 time it flagged
atapi.sys, which, as I'm sure most if not all of u know, is a driver
for ide hard drives. Imagine if some1 had deleted *that* & had ide
drives. Of course, windows might have just reinstalled on reboot.
Nonetheless... Now--there is actually an atapi.sys rootkit out
there--but MWB has got to distinguish the good from the bad, else the
user could be deleting necessary or at least legitimate objects.
Unfortunately, it's getting so the user really needs to do his/her
homework before just letting MWB or any other malware program nuke
stuff.
The problem is, it's not really looking at file behavior but at
certain file strings often found in malicious code, but these can, in
certain cases, belong to legitimate files as well.
To be honest, I've found that SuperantiSpyware of late has actually
detected more stuff than MWB, w/o the false positives, &, to top it
all off, it's accessible! Novel concept, that! It used to have a
problem w/getting corrupted, & Windows couldn't boot, but they've
fixed that now, apparently. I don't think it produces a log, though, &
that is too bad.
On 8/5/11, Katherine Moss <Katherine.Moss@xxxxxxxxxx> wrote:
> How could they be infected though? Jamal knows where he gets his files
> from, and he'd not do that to us. Not on purpose anyway. But remember that
> if you do that, you could be killing off functionality by accident.
>
> -----Original Message-----
> From: programmingblind-bounce@xxxxxxxxxxxxx
> [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of Littlefield,
> Tyler
> Sent: Friday, August 05, 2011 6:32 PM
> To: programmingblind@xxxxxxxxxxxxx
> Subject: Re: EdSharp has problems with Malwarebytes
>
>
> 3 in one package is a bit insane though, and it is more than possible that
> these files are infected. I just deleted them and moved right along. On
> 8/5/2011 3:14 PM, Jackie McBride wrote:
>> Andre, Malwarebytes, although it can be an excellent program, has of
>> late become extraordinarily trigger-happy, IMO. White list EdSharp,
>> report it if u desire, then get on w/your editing or whatever it is u
>> wanna do. All of these antimalware programs make mistakes at 1 time or
>> another.
>>
>> On 8/5/11, Katherine Moss<Katherine.Moss@xxxxxxxxxx> wrote:
>>> You should ignore it first of all, and then via the malwarebytes
>>> command line support, go to run, type "MBAM.exe /developer" (without
>>> the quotes), then submit that log to the MBAM team for analysis via
>>> their forums over at forum.malwarebytes.org. I too am a member there,
>>> and they're very nice.
>>> But ensure that you don't accidentally let the program take the file.
>>> And while you're at it, if you use system access, you'll notice that
>>> MBAM tends to take it's crucial files as well. If you see it in your
>>> logs, please also report that via the method I showed you.
>>>
>>> -----Original Message-----
>>> From: programmingblind-bounce@xxxxxxxxxxxxx
>>> [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of Andre
>>> Williams
>>> Sent: Friday, August 05, 2011 5:06 PM
>>> To: programmingblind@xxxxxxxxxxxxx
>>> Subject: Re: EdSharp has problems with Malwarebytes
>>>
>>> Actually Malwarebytes found 3 infections with EdSharp's webClient
>>> utilities.
>>> I opened the webclient folder within program files and right clicked
>>> to scan this folder using Malwarebytes. Here is the related info:
>>>
>>> Malwarebytes' Anti-Malware (PRO)
>>> Scanner Protection Update Quarantine Logs Ignore
>>> List
>>> Settings More Tools About
>>> Scanner
>>> Below is a list of malicious software found on your system. Close all
>>> unnecessary applications to ensure successful threat removal.
>>> Vendor Category Item Other Action taken graphic 750 File c:\program
>>> files (x86)\EdSharp\webclient\IniForm.exe No action taken.
>>> graphic 750 File c:\program files
>>> (x86)\EdSharp\webclient\SayFile.exe No action taken.
>>> graphic 750 File c:\program files
>>> (x86)\EdSharp\webclient\SayLine.exe No action taken.
>>> Remove Selected Ignore Save Log Main Menu Exit
>>>
>>> What's my next move? I'm posting here because Jamal informed me that
>>> it would be best to post my EdSharp problems here.
>>>
>>> A-W
>>>
>>> ----- Original Message -----
>>> From: "Andre Williams"<andre.williams.1965@xxxxxxxxx>
>>> To:<programmingblind@xxxxxxxxxxxxx>
>>> Sent: Friday, August 05, 2011 1:42 PM
>>> Subject: EdSharp has problems with Malwarebytes
>>>
>>>
>>> Hi. Received this warning from Malwarebytes regarding EdSharp. What
>>> should one do about this problem?
>>>
>>> Malwarebytes' Anti-Malware
>>> Malwarebytes' Anti-Malware has detected a malicious process
>>> attempting to start and has blocked the execution attempt. Please select
>>> an option below.
>>> C:\PROGRAM FILES (X86)\EDSHARP\WEBCLIENT\INIFORM.EXE
>>> (SPYWARE.BANKER)
>>> Disable Protection Ignore Quarantine
>>>
>>> A-W
>>>
>>>
>>> __________
>>> View the list's information and change your settings at
>>> //www.freelists.org/list/programmingblind
>>>
>>> __________
>>> View the list's information and change your settings at
>>> //www.freelists.org/list/programmingblind
>>>
>>>
>>
>
>
> --
>
> Take care,
> Ty
> my website:
> http://tds-solutions.net
> my blog:
> http://tds-solutions.net/blog
> skype: st8amnd127
> My programs don't have bugs; they're randomly added features!
>
> __________
> View the list's information and change your settings at
> //www.freelists.org/list/programmingblind
>
> __________
> View the list's information and change your settings at
> //www.freelists.org/list/programmingblind
>
>
--
Blame the computer--why not? It can't defend itself & occasionally
might even be the culprit
Jackie McBride
Ask Me Computer Questions at: www.pcinquirer.com
Jaws Scripting training materials: www.screenreaderscripting.com
homePage: www.abletec.serverheaven.net
__________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind
Other related posts:
