Viruses (true file infectors) like Sality, Virut, XPAJ, xpiro, murofet, Mabezat and a few other true viruses are still quite common which Malwarebytes cannot deal with. Mabezat usually hauls in a variant of zbot/zues which is after banking/CC info... Malwarebytes might see the zbot files from mabezat but never fully remove it because the virus infected files put it back. Malwarebytes may see the infected hosts file & temp files associated with virut or the rootkit driver associated with sality and/or some of sality's registry corruptions but it cannot disinfect files.
Something like Bamital which attacks a select few files (and infects them) Malwarebytes cannot deal with either. It may see the Trojan dll involved & try to pull it. If successful and since it cannot disinfect the infected explorer, winlogon, wininit, kernel32.dll, ntdll32.dll the machine ends up in a constant BSOD loop because wininit/winlogon is missing the dll it has been coded to depend on. And -- yes I have seen cases where things on a network are locked down quite well but a vendor come in to update some specialized software or re-install from his thumb drive & infect the network with virut and other nasties...... Tammy -----Original Message----- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Sunday, October 09, 2011 1:27 PM To: NT System Admin Issues Subject: Re: AV and malware protection? On Sun, Oct 9, 2011 at 12:23 PM, Alex Eckelberry <alex.eckelbe...@gfi.com> wrote: > Its worth noting that MalwareBytes is not an antivirus product. It is, > however, an excellent protecter/cleaner against modern Trojans and rogue > antivirus products. And the difference between these two things is...? Viruses are largely obsolete anyway. Between ubiquitous network connectivity and autorun, nobody needs to bother. Today's injection vectors are exploitable vulnerabilities in networked software and social engineering. An attacker crafting malware to piggy-back on benign executables exchanged via sneakernet is like worrying about how to attach a team of horses to your car. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
