I didnt claim they are the end-all anything, and I certainly dont say so about Vipre - but Malwarebytes outshines ComboFix. ComboFix is faster, but I have not found it to be more reliable in any provable sense. In fact, my logs show the opposite.
I also didnt claim anyone should have a static toolbag, or that ComboFix didnt fix the problem as described. I was raising the issue that there were and perhaps still are other problems on that system that are preventing Malwarebytes from operating properly; which is something I often find on systems that are not running the registered (real-time) version of Malwarebytes. -- ME2 On Wed, Dec 15, 2010 at 11:09 AM, VIPCS <vi...@stny.rr.com> wrote: > As Jeffrey recalls, he had to rename the MB executable just to allow it > to run. In any case, even if MB was blocked from operating optimally, you > still cannot argue that combofix actually fixed the problem. > > > > Jeffrey raised this issue with Vipre support and they said they said the > same thing – Vipre and MB are not the be-all and end-all for all malware, > and sometimes specialized tools (such as combofix) are essential for some > malware removal. > > > > Sincerely, > > > > Jeffrey and Mary Jane Harris > > VIPCS > > > ------------------------------ > > *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] > *Sent:* Wednesday, December 15, 2010 2:02 PM > > *To:* NT System Admin Issues > *Subject:* Re: System Tool 2011 malware > > > > Malwarebytes no, but ComboFix yes? I'm not buying it. Something else was > happening that broke or blocked Mb from updating. > > -- > ME2 > > > > > > > > On Wed, Dec 15, 2010 at 8:51 AM, VIPCS <vi...@stny.rr.com> wrote: > > Jeffrey had to fix malware on a user's system that infected the keyboard > drivers, and prevent any keyboard from being used. Combofix was the only > tool that detected and fixed the issue (Jeffrey tried Vipre, Vipre Rescue, > MalwareBytes, and the Microsoft Malicious Software Removal Tool). > > That Vipre never even detected the malware concerned Jeffrey more than > anything else, even though Jeffrey knew it was malware because of numerous > reports on the Internet of other users with the same issue. > > > Sincerely, > > Jeffrey and Mary Jane Harris > VIPCS > > > -----Original Message----- > > From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] > Sent: Wednesday, December 15, 2010 11:07 AM > To: NT System Admin Issues > Subject: Re: System Tool 2011 malware > > Don't forget combofix - taken care of some things that can't be cleaned > otherwise. > > ---- > Jack Kramer > Computer Systems Specialist > University Relations, Michigan State University > w: 517-884-1231 / c: 248-635-4955 > > > > > On 12/15/10 10:37 AM, "John Aldrich" <jaldr...@blueridgecarpet.com> wrote: > > >Thanks for the info, guys... I downloaded it and will start using it as > >part > >of my regular troubleshooting/cleaning toolkit. :-) > > > > > > > >From: Scott Weber [mailto:swe...@thanksal.com] > >Sent: Wednesday, December 15, 2010 10:24 AM > >To: NT System Admin Issues > >Subject: RE: System Tool 2011 malware > > > >James, > >Recently (this past weekend) found out about secunia PSI and I like it. > > > >+1 > > > >Scott > > > > > >From: James Rankin [mailto:kz2...@googlemail.com] > >Sent: Wednesday, December 15, 2010 7:53 AM > >To: NT System Admin Issues > >Subject: Re: System Tool 2011 malware > > > >Secunia PSI FTW....I've got that down as part of the "standard" toolset I > >put on home users' PCs now. It's also not too hard to use, which is a big > >plus for these kind of jobs > >On 15 December 2010 13:50, Erik Goldoff <egold...@gmail.com> wrote: > >I wonder the status of patching on his system, not just Microsoft but > >Adobe > >and other applications. I've seen a bit of these fake av type malware > >gems > >arrive via suspected 'drive by' website visits, possibly from hitting > >flash/shockwave vulnerabilities on linked animated advertisements. > > > > > >Erik Goldoff > >IT Consultant > >Systems, Networks, & Security > > > >' Security is an ongoing process, not a one time event ! ' > > > > > > > >-----Original Message----- > >From: James Kerr [mailto:cluster...@gmail.com] > >Sent: Wednesday, December 15, 2010 8:42 AM > >To: NT System Admin Issues > >Subject: Re: System Tool 2011 malware > >I had a user get that crap on his PC on Tuesday and it disabled Vipre > >Enterprise also. The user swears he didn't click on anything and was on > >MSNBCs site. He was about to get a new PC anyway so I'm not bothering to > >clean. Its not the first time that user got one of those fake AVs, or the > >second for that matter. > > > >James > > > >----- Original Message ----- > >From: "John Aldrich" <jaldr...@blueridgecarpet.com> > >To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> > >Sent: Wednesday, December 15, 2010 5:21 AM > >Subject: Re: System Tool 2011 malware > >> On Tue December 14 2010, you wrote: > >>> Hi John, > >>> > >>> User know where they were surfing when it hit? > >>> > >>> Samples can be submitted here: > >>> > >>> http://www.sunbeltsecurity.com/threat > >>> > >>> If you want assistance with removal check the box that says "I need > >>>help > >>> ....." Someone will be happy to help. > >>> > >>> We're releasing defs something like 13x/day now so shouldn't be too > >>>long > >>> to get updates for that critter. > >>> > >> Thanks, Tammy. I was more concerned that neither Vipre Rescue nor Vipre > >> Home caught it...what's more, it disabled Vipre Home. I'll see if I can > >> get > >> access to the zipped sample so I can resubmit. > >> > >> Thanks! > >> > >> -- > >> Thanks, > >> John Aldrich > >> Blueridge Industries > >> IT Manager > >> > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >> > >> --- > >> To manage subscriptions click here: > >> http://lyris.sunbelt-software.com/read/my_forums/ > >> or send an email to listmana...@lyris.sunbeltsoftware.com > >> with the body: unsubscribe ntsysadmin > >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > >--- > >To manage subscriptions click here: > >http://lyris.sunbelt-software.com/read/my_forums/ > >or send an email to listmana...@lyris.sunbeltsoftware.com > >with the body: unsubscribe ntsysadmin > > > > > >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > >--- > >To manage subscriptions click here: > >http://lyris.sunbelt-software.com/read/my_forums/ > >or send an email to listmana...@lyris.sunbeltsoftware.com > >with the body: unsubscribe ntsysadmin > > > > > > > >-- > >"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into > >the machine wrong figures, will the right answers come out?' I am not able > >rightly to apprehend the kind of confusion of ideas that could provoke > >such > >a question." > >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > >--- > >To manage subscriptions click here: > >http://lyris.sunbelt-software.com/read/my_forums/ > >or send an email to listmana...@lyris.sunbeltsoftware.com > >with the body: unsubscribe ntsysadmin > >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > >--- > >To manage subscriptions click here: > >http://lyris.sunbelt-software.com/read/my_forums/ > >or send an email to listmana...@lyris.sunbeltsoftware.com > >with the body: unsubscribe ntsysadmin > > > > > >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > >--- > >To manage subscriptions click here: > >http://lyris.sunbelt-software.com/read/my_forums/ > >or send an email to listmana...@lyris.sunbeltsoftware.com > >with the body: unsubscribe ntsysadmin > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin