DONT update malewarebytes

Avast Free Antivirus / Premium Security
1

dont update malewarebytes,if you do you will get
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protect_ie (Backdoor.Celofot)
Avast canot find it and it keeps comming back

2

If you are referring to MBAM (MalwareBytes AntiMalware), they are a highly reputable company, and I find it hard to believe that, if you downloaded or updated their program using their servers, you wound up with an infection.

in any event, i believe this would be better reported in THEIR forum, rather than avast’s.

http://forums.malwarebytes.org/index.php?showforum=41

3

does that mean they cant have FP’s? who are u kidding, ur post is completely idiotic. but its still useful to be posted here so that people are aware of it since it seems to be something experienced by several people.

4

Try and do a favor to those on here that do use malwarebytes and you get knocked down .last time I come on here.

5

It is a False Positive and it is fixed with a new update
http://forums.malwarebytes.org/index.php?showtopic=44113 see reply #14 - #41 - #58

6

Someone in the MBAM Forum is having FP’s today.

I had done an MBAM update about the time of the original poster as well as a complete scan. I also did updates and scans on Avast, SAS and Prevx and came up clean.

Sorry Pondus, I just saw your post. Thanks.

7

It was unclear… at least to me… that the original poster was reporting a false positive.
From his/her wording that “Avast canot find it and it keeps comming back”, I inferred… apparently erroneously… that he/she was asserting that the MBAM update itself contained (and was spreading) malware.
My (mis-)understanding was stated explicitly, as I wrote “I find it hard to believe that… you wound up with an infection”.
It was on that basis… that I thought he/she was saying that MBAM was spreading an infection… that I deemed it prudent to report the allegation to their forum rather than avast’s.

Yes, I am very aware of the concept… and likelihood… of False Positives. I fully realize that any security program, be it free or paid, can be guilty of an occasional f/p… some more so than others. And I concur that spreading the word about f/p’s is indeed useful, especially in the “guilty” party’s forum, but even in other forums as well.

Marc: I apologize for my misunderstanding. I never try to “knock people down”. Hopefully, now that I’ve explained/elaborated on my comments, you will be able to view them in the constructive context that they were intended.

8

Hi marc-dl,

Thanks for reporting the false positive here. I tried in the virus and worms to find it, as it appeared as a definite FP.
Leaving the forums because of a user’s misinterpretation of your message is a bit of a rash decision.
Subtle reading is not everybody;s gift these days.
Reconsider, a lot of people, me included are in favor of these issues being extensively reported. Can anyone say when MBAM, that is used by almost all the evangelists here next to an avast resident av-solution will be updated to patch this annoying FP?
And again marc-dl, we certainly need reports like you gave, keep them coming, man. Thanks again,

polonus

9
Can anyone say when MBAM, that is used by almost all the evangelists here next to an avast resident av-solution will be updated to patch this annoying FP?
See reply Nr #4
10

So, it’s more like “Let’s update Malwarebytes” now?

11

Well remember to update Malwarebytes the most possible to correct False Positive definitions which was updated the previous time and to stay more secure ;D

12

@ ky331

Please read about a false positive that happened with avast! last December that was fixed by the diligent helpers here:
Bad Definition Update
http://blog.avast.com/2009/12/10/bad-definition-update

Go to PROFILE then Modify Profile then Forum Profile Information then just like my signature about your system just like my signature so that the helpers can offer pertinent advice.

In Account Related Settings select Hide email address from public to prevent scammers and spammers harvesting your Yahoo email address.

13

Kenny,

My first reply (reply #1) did not realize that the o/p was reporting a f/p.
My second reply (reply #6) clarified that.

I’m all in favor of spreading the word about f/p’s… in fact, I do so myself (mostly at the Dell virus/spyware forum) as well as at the “originator’s” forum.

And yes, I was aware of the avast f/p “fiasco” last year, and participated in discussions (e.g. at Dell) about it.

14

sounds like it yeah ;D

Malwarebytes' Anti-Malware 1.44 Database version: 3899 Windows 6.1.7600 Internet Explorer 8.0.7600.16385

3/22/2010 3:24:29 PM
mbam-log-2010-03-22 (15-24-29).txt

Scan type: Quick Scan
Objects scanned: 97285
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

15

Slightly off-topic, but I think there’s a similar FP in a recent SAS def update – I’ve got one game that doesn’t use internet access and which I haven’t modified in ages, and out of the blue SAS suddenly “discovered” this weekend that 4 of its files were supposedly trojans. No reaction at all from either avast or MBAM, so I just left the files alone for now.

Since I’ve got the free (non-resident) version of SAS, normally I don’t bother updating except just before doing a scan, typically once a week on weekends. So it’ll interesting to see if they corrected that by next time around.