RE: EdSharp has problems with Malwarebytes
- From: Katherine Moss <Katherine.Moss@xxxxxxxxxx>
- To: "programmingblind@xxxxxxxxxxxxx" <programmingblind@xxxxxxxxxxxxx>
- Date: Fri, 5 Aug 2011 23:16:07 +0000
SAS does produce a log. And you're right. And what you said regarding
Atapi.sys, the rootkit is a variant of the TDSS/TDL3 family, and actually it's
the same legit driver, but when TDSS is on the computer, the driver is infected
with it.
-----Original Message-----
From: programmingblind-bounce@xxxxxxxxxxxxx
[mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of Jackie McBride
Sent: Friday, August 05, 2011 7:01 PM
To: programmingblind@xxxxxxxxxxxxx
Subject: Re: EdSharp has problems with Malwarebytes
I think it might be the .net components being flagged, but not entirely certain
of that, so if I'm wrong, I'll gladly stand corrected, since I'm just taking a
WAG. But, as I said, Mwb has, IMO, of late gotten entirely too trigger-happy. 1
time it flagged atapi.sys, which, as I'm sure most if not all of u know, is a
driver for ide hard drives. Imagine if some1 had deleted *that* & had ide
drives. Of course, windows might have just reinstalled on reboot.
Nonetheless... Now--there is actually an atapi.sys rootkit out there--but MWB
has got to distinguish the good from the bad, else the user could be deleting
necessary or at least legitimate objects.
Unfortunately, it's getting so the user really needs to do his/her homework
before just letting MWB or any other malware program nuke stuff.
The problem is, it's not really looking at file behavior but at certain file
strings often found in malicious code, but these can, in certain cases, belong
to legitimate files as well.
To be honest, I've found that SuperantiSpyware of late has actually detected
more stuff than MWB, w/o the false positives, &, to top it all off, it's
accessible! Novel concept, that! It used to have a problem w/getting corrupted,
& Windows couldn't boot, but they've fixed that now, apparently. I don't think
it produces a log, though, & that is too bad.
On 8/5/11, Katherine Moss <Katherine.Moss@xxxxxxxxxx> wrote:
> How could they be infected though? Jamal knows where he gets his
> files from, and he'd not do that to us. Not on purpose anyway. But
> remember that if you do that, you could be killing off functionality by
> accident.
>
> -----Original Message-----
> From: programmingblind-bounce@xxxxxxxxxxxxx
> [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of
> Littlefield, Tyler
> Sent: Friday, August 05, 2011 6:32 PM
> To: programmingblind@xxxxxxxxxxxxx
> Subject: Re: EdSharp has problems with Malwarebytes
>
>
> 3 in one package is a bit insane though, and it is more than possible
> that these files are infected. I just deleted them and moved right
> along. On
> 8/5/2011 3:14 PM, Jackie McBride wrote:
>> Andre, Malwarebytes, although it can be an excellent program, has of
>> late become extraordinarily trigger-happy, IMO. White list EdSharp,
>> report it if u desire, then get on w/your editing or whatever it is u
>> wanna do. All of these antimalware programs make mistakes at 1 time
>> or another.
>>
>> On 8/5/11, Katherine Moss<Katherine.Moss@xxxxxxxxxx> wrote:
>>> You should ignore it first of all, and then via the malwarebytes
>>> command line support, go to run, type "MBAM.exe /developer" (without
>>> the quotes), then submit that log to the MBAM team for analysis via
>>> their forums over at forum.malwarebytes.org. I too am a member
>>> there, and they're very nice.
>>> But ensure that you don't accidentally let the program take the file.
>>> And while you're at it, if you use system access, you'll notice that
>>> MBAM tends to take it's crucial files as well. If you see it in
>>> your logs, please also report that via the method I showed you.
>>>
>>> -----Original Message-----
>>> From: programmingblind-bounce@xxxxxxxxxxxxx
>>> [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of Andre
>>> Williams
>>> Sent: Friday, August 05, 2011 5:06 PM
>>> To: programmingblind@xxxxxxxxxxxxx
>>> Subject: Re: EdSharp has problems with Malwarebytes
>>>
>>> Actually Malwarebytes found 3 infections with EdSharp's webClient
>>> utilities.
>>> I opened the webclient folder within program files and right clicked
>>> to scan this folder using Malwarebytes. Here is the related info:
>>>
>>> Malwarebytes' Anti-Malware (PRO)
>>> Scanner Protection Update Quarantine Logs Ignore
>>> List
>>> Settings More Tools About
>>> Scanner
>>> Below is a list of malicious software found on your system. Close
>>> all unnecessary applications to ensure successful threat removal.
>>> Vendor Category Item Other Action taken graphic 750 File c:\program
>>> files (x86)\EdSharp\webclient\IniForm.exe No action taken.
>>> graphic 750 File c:\program files
>>> (x86)\EdSharp\webclient\SayFile.exe No action taken.
>>> graphic 750 File c:\program files
>>> (x86)\EdSharp\webclient\SayLine.exe No action taken.
>>> Remove Selected Ignore Save Log Main Menu Exit
>>>
>>> What's my next move? I'm posting here because Jamal informed me that
>>> it would be best to post my EdSharp problems here.
>>>
>>> A-W
>>>
>>> ----- Original Message -----
>>> From: "Andre Williams"<andre.williams.1965@xxxxxxxxx>
>>> To:<programmingblind@xxxxxxxxxxxxx>
>>> Sent: Friday, August 05, 2011 1:42 PM
>>> Subject: EdSharp has problems with Malwarebytes
>>>
>>>
>>> Hi. Received this warning from Malwarebytes regarding EdSharp. What
>>> should one do about this problem?
>>>
>>> Malwarebytes' Anti-Malware
>>> Malwarebytes' Anti-Malware has detected a malicious process
>>> attempting to start and has blocked the execution attempt. Please
>>> select an option below.
>>> C:\PROGRAM FILES (X86)\EDSHARP\WEBCLIENT\INIFORM.EXE
>>> (SPYWARE.BANKER)
>>> Disable Protection Ignore Quarantine
>>>
>>> A-W
>>>
>>>
>>> __________
>>> View the list's information and change your settings at
>>> //www.freelists.org/list/programmingblind
>>>
>>> __________
>>> View the list's information and change your settings at
>>> //www.freelists.org/list/programmingblind
>>>
>>>
>>
>
>
> --
>
> Take care,
> Ty
> my website:
> http://tds-solutions.net
> my blog:
> http://tds-solutions.net/blog
> skype: st8amnd127
> My programs don't have bugs; they're randomly added features!
>
> __________
> View the list's information and change your settings at
> //www.freelists.org/list/programmingblind
>
> __________
> View the list's information and change your settings at
> //www.freelists.org/list/programmingblind
>
>
--
Blame the computer--why not? It can't defend itself & occasionally might even
be the culprit Jackie McBride Ask Me Computer Questions at: www.pcinquirer.com
Jaws Scripting training materials: www.screenreaderscripting.com
homePage: www.abletec.serverheaven.net
__________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind
__________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind
Other related posts:
