ALARM! Malwarebyte's Antimalware users: condition red!!!

Skybird · 04-15-13, 07:59 PM

If you use MBAM and have not already noticed, they just have had a serious and very major FP incident that equals a reactor meltdown. I am typing this froma backup laptop currently.

For the time being, immediately shut down MBAM and deactivate the update function until they get there homework done for sure. One update this night started a quarantining frenzy on vital windows system files, and even MBAM itself. They made many people very happy with that. Some companies may even sue them into nirvana over this. I shared the symptom of being locke dout of my system, account not recognised after reboot, and needing some backdoor tricks to get at least into the coinsole mode to return to a restore point - only one was left, luckily from 3 days ago - all others had been deleted. W7 has the nice feature to restore also deleted files, so that losses in my sys32 folder were replaced, it seems. Earlier windows versions do not do this - you then must hope that you can move the many dozens of system files in quarantine back into windows. I am in the process of saving data and files as backup. Maybe I can escape the need to reinstall, I'll see latr in the night.

Follow this thread for hints, updates, advice. Do not run MBAM until they confirm here that it is save. The falty database update is alredy removed, but since they are in hectic stress, I do not trust their results before some more dust has settled.

http://forums.malwarebytes.org/index...owtopic=125129

Cybermat47 · 04-15-13, 08:01 PM

Ok.

Malwarebytes anti-malware.... what's the deal with the name? Sounds somewhat strange to me...

Oberon · 04-15-13, 08:09 PM

Quote:

Originally Posted by Cybermat47

Ok.

Malwarebytes anti-malware.... what's the deal with the name? Sounds somewhat strange to me...

It's a (usually) pretty good anti-malware program, although I must confess I haven't run it in a while. I'll pass this info on though to those who do.

Skybird · 04-15-13, 08:50 PM

false positives happoen sometimes, but this one was pretty serious and will cause them plenty of trouble, I'm sure.

It seems if you are running it and are fine right now, then you have missed the faulty update that was in the wild for just some minutes, apparently. I may have been lucky and managed to get tings running again, but I had to reinstall MBAM and by complete AF/Firewall suite as well. I am still paranoid on my system status right now, but for the time being things seem to work as intended. Latest update for MBAM - I run the Pro version - worked flawless again.

Cybermat, usually the software is pretty good indeed. It does all the work on my rig - almost all of the few intrusion alarms I get, come from either Opera of from MBAM, not from the the AV or Firewall.

For the time being, I run my accounts without passwords. It'S not nice to find yourself being locked out. Only repair CD by Acronis brought me in again and allowed to install the only restore point that was no massacred by tonight'S mess. Costed me four hours now.

Good night.

Rhodes · 04-16-13, 05:20 AM

"My XP machine has survived, but the W7 machine is hosed.
I turned off updating on the XP machine"

Loved this comment!
Well I have the free version of that does not have the real time protection. I just will not run it until this is corrected. I use hitmanpro and like very much of it. It clean the nasty police ransomware that I got.
But it is strange that they did such a mess in the update program files, to have the Malwarebytes quarantine everything. Almost like a auto-immune disease.

Edit: been reading the forum, I think they already removed the bad update and post steps to correct it.

Skybird · 04-16-13, 06:00 AM

System seems to run fine again, MBAM running as usual, too.

I think its back to condition green.

But many company administrators will have a nice working day today. Many systems did not get off the hook so "easily" as I did.

Consequences for myself: database updates only once per day now, not once per hour (inbetween settings not possible, unfortunately). Icreases the chance to miss a mess like this.

04-15-13, 07:59 PM	#1
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 42,620 Downloads: 10 Uploads: 0	ALARM! Malwarebyte's Antimalware users: condition red!!! If you use MBAM and have not already noticed, they just have had a serious and very major FP incident that equals a reactor meltdown. I am typing this froma backup laptop currently. For the time being, immediately shut down MBAM and deactivate the update function until they get there homework done for sure. One update this night started a quarantining frenzy on vital windows system files, and even MBAM itself. They made many people very happy with that. Some companies may even sue them into nirvana over this. I shared the symptom of being locke dout of my system, account not recognised after reboot, and needing some backdoor tricks to get at least into the coinsole mode to return to a restore point - only one was left, luckily from 3 days ago - all others had been deleted. W7 has the nice feature to restore also deleted files, so that losses in my sys32 folder were replaced, it seems. Earlier windows versions do not do this - you then must hope that you can move the many dozens of system files in quarantine back into windows. I am in the process of saving data and files as backup. Maybe I can escape the need to reinstall, I'll see latr in the night. Follow this thread for hints, updates, advice. Do not run MBAM until they confirm here that it is save. The falty database update is alredy removed, but since they are in hectic stress, I do not trust their results before some more dust has settled. http://forums.malwarebytes.org/index...owtopic=125129 __________________ If you feel nuts, consult an expert.

04-15-13, 08:01 PM	#2
Cybermat47 Willing Webfooted Beast Join Date: Aug 2012 Location: Australia Posts: 5,408 Downloads: 300 Uploads: 23	Ok. Malwarebytes anti-malware.... what's the deal with the name? Sounds somewhat strange to me... __________________ Historical TWoS Gameplay Guide: http://www.subsim.com/radioroom/showthread.php?p=2572620 Historical FotRSU Gameplay Guide: https://www.subsim.com/radioroom/sho....php?p=2713394

04-15-13, 08:50 PM	#4
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 42,620 Downloads: 10 Uploads: 0	false positives happoen sometimes, but this one was pretty serious and will cause them plenty of trouble, I'm sure. It seems if you are running it and are fine right now, then you have missed the faulty update that was in the wild for just some minutes, apparently. I may have been lucky and managed to get tings running again, but I had to reinstall MBAM and by complete AF/Firewall suite as well. I am still paranoid on my system status right now, but for the time being things seem to work as intended. Latest update for MBAM - I run the Pro version - worked flawless again. Cybermat, usually the software is pretty good indeed. It does all the work on my rig - almost all of the few intrusion alarms I get, come from either Opera of from MBAM, not from the the AV or Firewall. For the time being, I run my accounts without passwords. It'S not nice to find yourself being locked out. Only repair CD by Acronis brought me in again and allowed to install the only restore point that was no massacred by tonight'S mess. Costed me four hours now. Good night. __________________ If you feel nuts, consult an expert.

04-16-13, 05:20 AM	#5
Rhodes Silent Hunter Join Date: Aug 2005 Location: Figueira da Foz, Portugal Posts: 4,516 Downloads: 110 Uploads: 0	"My XP machine has survived, but the W7 machine is hosed. I turned off updating on the XP machine" Loved this comment! Well I have the free version of that does not have the real time protection. I just will not run it until this is corrected. I use hitmanpro and like very much of it. It clean the nasty police ransomware that I got. But it is strange that they did such a mess in the update program files, to have the Malwarebytes quarantine everything. Almost like a auto-immune disease. Edit: been reading the forum, I think they already removed the bad update and post steps to correct it. __________________ http://www.flickr.com/photos/16416646@N05/

04-16-13, 06:00 AM	#6
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 42,620 Downloads: 10 Uploads: 0	System seems to run fine again, MBAM running as usual, too. I think its back to condition green. But many company administrators will have a nice working day today. Many systems did not get off the hook so "easily" as I did. Consequences for myself: database updates only once per day now, not once per hour (inbetween settings not possible, unfortunately). Icreases the chance to miss a mess like this. __________________ If you feel nuts, consult an expert.