micky said:
Was going to post about this anyhow. For all of you who keep track of
every little thing that happens to me, you probably remember that I
seemed to have some problems related to "conduit". At least the browser
in IE changed to Bing, I think it was. I changed it back (and deleted a
couple files) and never use IE anyhow, and I did a full scan with AVG,
and there were no clear problems after that, but the computer did get
slower and slower. Then sometimes it was faster. Then two days ago,
didn't have access to the internet for hours at a time.
I'd already run a scan with AVG, my real time virus checker, always
updated, but this time I scanned with Malwarebytes-Anti-Malware.
It found 4 conduit files it objected to and about 170 other things! (I
don't know how many were PotentiallyUnwantedProgram detectors and
PUModification detectors, which I see now is set by default to be
regarded as malware. Why do they set it that way?)
I don't think many of the 170 things had arrived since the last AVG
scan. Rather they were already there.
Computer is much faster now, for about everything.
Does that mean Malwarebytes is better than AVG?
Well, just installed SiSandra and DirectX. I hope that doesn't slow
things down again.
BTW, the Sandra home page says that all versions of it run on all OSes,
but they should have rewritten that for version 2014. To get the
latest version for 2013, I had to go to oldversion.com .
BTW2 wWhile looking for that, I came to old"something"..com which looked
much like it, had sections for Windows, Mac, etc. but wasnt the same and
had no files for Sandra.
Question: Why is the default for Malwarebytes to not look for rootkits?
Micky
Some bad software on your computer, is obviously bad. In the sense that
the author doesn't want their name known, they would be arrested if caught
and so on. In a court of law, a prosecutor would likely have no problem
proving they were damaging the computer, stealing information, and so on.
Such a software author, would not have the audacity to have a lawyer write
a letter to AVG, telling AVG to remove the definition for their piece of
malware.
The Potentially Unwanted Program authors, on the other hand, pretend they're
"helping" the user, what they provide is a "service". And do it in a way
that makes it difficult for the law to deal with them in an exact manner.
If AVG added a definition for such a program, to their malware list,
the author of the PUP would immediately sue them in court. The outcome
might be unclear, with AVG winning sometimes, and the PUP author winning
other times.
As a consequence, the 50+ AV programs may not be identifying everything
that a "normal person" would consider rubbish. And it's for pseudo-legal
reasons.
*******
So while that's a general observation, the practices of individual
programs can vary, and can vary from time to time.
There is MBAM (the one-shot free malware scanner), MBAR
(their solution for rootkits), and MBAE (exploit protection).
They have separate programs, of which some are more recent
than others. And some have "rough edges" and are effectively
beta releases. Maybe they eventually roll those developments
into the main tool.
I haven't needed to use MBAM here, so can't tell you what
settings are in there, what they're capable of detecting
today and so on. I normally point people to MBAM one-shot,
when it sounds like they have malware. For rootkits, there
are other solutions, but normally people would not even know
they have a rootkit, nor that they needed to tick different
boxes to detect them. I expect the detection techniques
for rootkits are a bit different, because if you were
just a malware scanner, a rootkit can "hide" from a malware
scanner, simply by not allowing the malware scanner to even
"see" certain files.
At the hint of the slightest trouble, if you have
a large number of infections, or are infected by
one of the "scary" ones, I recommend going to one
of the sites that offers guided help. As they know
how to combine the tools, what order to run them in,
and so on. MBAM, for example, is seldom allowed to start
by malware, which is why a lot of times, users can't fix
stuff with it.
*******
http://en.wikipedia.org/wiki/Rootkit
"For Windows, detection tools include
Microsoft Sysinternals RootkitRevealer,[
Avast! Antivirus
Sophos Anti-Rootkit
F-Secure,[65] Radix
GMER
WindowsSCOPE
Any rootkit detectors that prove effective
ultimately contribute to their own ineffectiveness,
as malware authors adapt and test their code to
escape detection by well-used tools.
"
So MBAR isn't even in that list. Neither is Kaspersky
TDSSKiller, which takes care of a particular rootkit
family.
HTH,
Paul
