Malwarebytes anti malware Archives

Malwarebytes anti malware Archives

malwarebytes anti malware Archives

malwarebytes anti malware Archives

Talk:Malwarebytes Anti-Malware/Archive 1

This page is an archive of past discussions. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page.

about my recent edit

I don't see how the current version of the article could be considered an advert in any way, so that tag is removed. I also eliminate the information about them signing a contract with someone to help distribute their software, since I fail to see how that has anything to do with the software itself. Wonderful program by the way, I using it to eliminate the DNS changer trojan, when nod32 failed. DreamFocus 03:45, 1 June 2009 (UTC)

The official website links to the CNET download site to give out the free version, and mentions the Editor's Choice award

The official website links to the CNET download site to give out the free version, and mentions the Editor's Choice award. So that information is quite relevant, and should be in the article. I also mentioned how many millions of people have downloaded it so far, that demonstrating just how successful and well received the product is. DreamFocus 03:55, 1 June 2009 (UTC)


"Reception" section doesn't seem balanced and only focuses on positive reviews. Laurent (talk) 18:15, 27 June 2009 (UTC)

Can you find any negative ones? Its free, and it does what all others can not. Fixed my system good. DreamFocus 22:31, 27 June 2009 (UTC)

One big AD

This reads like an AD posted by either the author of MalwareBytes or someone they paid. On the contrary, MalwareBytes has lots of bad reviews (A simple Google for MalwareBytes Sucks draws out a few), thus is not received well by everyone as this post suggests. It also does not work as well as this page suggests (Just test it). The entire page is one big advertisement. I vote for permanent removal as this topic is not suiting for a wiki of this caliber and the author is in denial of blatant NPOV. D2SP (talk) 10:37, 29 July 2009 (UTC)

Thanks for your input. We've already discussed both of those points (the tone of the article and the notability of the subject) and both have been addressed to the satisfaction of the wider community. Chris Cunningham (not at work) - talk 10:45, 29 July 2009 (UTC)
How is this not an AD: The freeware version includes on-demand malware detection and disinfection, while the paid-for version monitors for threats continuously. -- That is an AD. Why would I need to know that? —Preceding unsigned comment added by D2SP (talk • contribs) 10:51, 29 July 2009 (UTC)
Furthermore, the entire "Reception" section should be changed from "Reception" to "Shameless Plug". Again, why would I need to know any of this and also how does any of this describe its reception? Really, the whole thing is an advertisement. I still vote for permanent removal.D2SP (talk) 11:05, 29 July 2009 (UTC)
You seem to regard a description of the product's features as advertising. This raises the question of what you expect an article about a software program to contain. As for the Reception section, if you feel that it gives undue weight to positive reviews then by all means please suggest reliable bodies who have given negative reviews to the product. In the past, editors who argued for such material were unable to provide any more reliable sources for their comments than anonymous forum or blog posts. Chris Cunningham (not at work) - talk 13:15, 29 July 2009 (UTC)
... Actually, upon inspection, it appears that significant material has been deleted from the article in the last few months. I've restored the version which was present at the beginning of March. Chris Cunningham (not at work) - talk 13:19, 29 July 2009 (UTC)
Many people contributed to this article. I don't see any post by the author of it, to which you are replying. Listing the different versions and what they do, is normal, for every software article the wikipedia has, and a reception section is found throughout wikipedia on many different types of articles. If you find reviews from anywhere that meets the notability standards, then add them. DreamFocus 13:23, 29 July 2009 (UTC)
Regardless of how many people contributed to this article, it reads like a press release. Every sentence written in this article is from Malwarebytes' POV. It clearly has no balance whatsoever. Cernansky (talk) 17:55, 22 September 2014 (UTC)

Why is how long he retained a lease for a website domain name mentioned?

As of March 2009, Klyecynski has retained the lease for the web-site through October 4, 2010.

Is there a reason that's there? I don't understand how that is relevant. I've never seen any other articles mention something like that. When it comes up for renew in 2010, he'd surely renew it then. DreamFocus 13:34, 29 July 2009 (UTC)

More importantly, it isn't sourced. I see you've junked it, which was the right call. Chris Cunningham (not at work) - talk 13:52, 29 July 2009 (UTC)
I would suggest that another look be taken at the Company section. I believe everything past "Malwarebytes was founded in 2004 by CEO Marcin Klyecynski." is simply not needed in this section and constitutes advertisement. How hard is it to just put factual information without any added marketing fluff? BTW: I am the same guy as before, I forgot my password. C2SP (talk) 02:35, 2 August 2009 (UTC)
Most of the verbiage in the Intro is unnecessary. I suggest it be changed to: Malwarebytes' Anti-Malware (MBAM) is a computer application designed by Malwarebytes Corporation. --The rest of the verbiage is like an AD and even is REPEATED in the Company section!! My final verdict is that most of the inside information such as when the company was started and in what city/state they reside is not quoted, thus the MalwareBytes Marketing Team must be the true authors of this entry. Because of that, I think this entry should be heavily scrutinized. And, if I am wrong, then the author or at least its current and lone editor is posting a lot of hearsay (as in things in need of citation). C2SP (talk) 02:35, 2 August 2009 (UTC)

Heavy editing gone too far

The current version [1] is ridiculous. You don't need a citation that there is a freeware and a paid version of it. You look at their website to confirm that information. And a lot of valid information was removed along with the rest. Why is it put in the category Malware, which is for viruses, while the categories for Antivirus software and spyware removal were removed? If those categories exist, and something fits them, they should be put in them. Why eliminate mentions of the Washington Post, and the link to that article? Its like someone working for their competition came through and tried to destroy them. There is not a single legitimate news source out there which said anything negative about it that I am aware of. If you find any, then post it. But don't go erasing all the good reviews from major sources like the Washington Post. DreamFocus 10:28, 2 August 2009 (UTC)

I went ahead and restored it, minus the pointless company information, and the redundant information in the lead. I looked around at other antivirus software in that category, to see how those pages were done, and they are far more commercial than this one is in any form. DreamFocus 10:36, 2 August 2009 (UTC)
I highly suggest you stop posting "fluff". Post just the facts. If you post something you deem to be a fact, make sure that you cite a non-affiliated party. For example, a quote from the author of this software is not creditable when the claim is about what the software can do. He or she could say anything they like about the effectiveness or ability of their software without any real factual evidence. It's called Advertising. C2SP (talk) 21:06, 6 August 2009 (UTC)
What fluff? I don't see any quote from the author, just quotes from notable third party media coverage. DreamFocus 10:44, 15 August 2009 (UTC)

Expand article

Found lots of sources using google news. See here. TechOutsider(talk • contribs) 16:02, 9 August 2009 (UTC)

All of the noteworthy references listed there have been covered. The other listings are to forum posts and blog entries, which are not considered creditable sources due to the lack of citation or verifiable expertise of those who participate in the discussions. Furthermore, forum posts and blog posts typically share a POV (and from what I saw, that was the general theme), thus the 80 or so other links are merely hearsay and in no way creditable nor factual on any level and should not be used as a reference. "Encyclopedic content must be verifiable." C2SP (talk) 10:16, 15 August 2009 (UTC)

freeware and paid version differences should be listed

If there are two versions of the software the article is about, then you need to list the differences. That isn't an AD. Stop removing that. Look at other software articles. DreamFocus 10:45, 15 August 2009 (UTC)

Bias misquote of what reviewer said

The quote from the article is:

The culprit was something identified by Anti-Malware as Trojan.Agent, but here's the odd thing -- I can't find a good description of what this thing actually does. Malwarebytes doesn't provide any useful details, and other companies seem to disagree on what the Trojan does and how it works. Of course, there's no guarantee that these various antimalware vendors are referring to the same piece of code as there is no identification method or naming scheme that all antimalware vendors agree on.

And then the article reads:

*Mark Gibbs also stated that Malwarebytes' Anti-Malware used generic naming schemes to identify malicious software and that it lacked an explanation of what it had found.
  • Rather misleading isn't it? He pointed out there is no agreed upon standard on what everything is named. The different software companies thus choose what to call it themselves. Does the other software of this type list what each virus does? Windows defender doesn't, and I don't know of anyone else that does either. No reason to have this misleading bit in the article. DreamFocus 11:17, 15 August 2009 (UTC)
No it wasn't misleading to place that quote. What is misleading is the fact that you want to delete all parts negative, yet you still linked to that ref as if it would go unchecked. I reverted the entry back to its original and most relevant and NON-AD like state. Now I hope that this will be your absolute last time trying to re-create this ridiculous Advertisement. C2SP (talk) 20:15, 17 August 2009 (UTC)
Furthermore, you CANNOT ref the source of a topic when the claim is about what the topic can do or should do, whatever. Developers of software can say anything they like about their products and that does not mean that what they said is fact. You think that because they say it can do all these things, then it must be true, but the fact of the matter is, at most that's wishful thinking and in no way FACT. C2SP (talk) 20:23, 17 August 2009 (UTC)
There is no reason to place information about the products ability to update or even where it updates from or how they build their update database. Why you insist on placing that verbiage is beyond me. It doesn't make sense and it doesn't belong anywhere in this entry. If you were using it as filler, then don't bother. C2SP (talk) 20:23, 17 August 2009 (UTC)
Lastly to say that *many* believe this or believe that is hearsay no mater where the ref comes from. I don't find this software useful, no one I know has even heard of it, thus not everyone found it useful and certainly not many. Thus, hearsay equals deleted. C2SP (talk) 20:26, 17 August 2009 (UTC)
First, your personal opinion of the software is irrelevant. Next: you just added "He also stated that MalwareBytes used generic naming schemes to identify malware and had also failed to provide detailed information about what it had found." to the article. On what quote in the article is that based? What you have written is wholly biased. Despite Gibbs giving the software 4/5, with "only the lack of a detailed explanation" taking off a point, your statement above mischaracterizes his review. So I'm going to remove it until you can justify what you wrote. — HelloAnnyong(say whaaat?!) 20:30, 17 August 2009 (UTC)
Mark Gibbs = "It does the job and only the lack of a detailed explanation of what it has found stops it from getting 5 out of 5.", "The full scan took 4 hours, 8 minutes, 16 seconds", "The culprit was something identified by Anti-Malware as Trojan.Agent" (generic naming scheme). Now, please put back the quote, it is relevant to its reception. C2SP (talk) 20:38, 17 August 2009 (UTC)
Now that is what was said and here is what I said: "*Mark Gibbs from NetworkWorld stated that MalwareBytes took more than 4 hours to complete a full disk scan. Mark also stated that MalwareBytes used generic naming schemes to identify malware and had also failed to provide detailed information about what it had found.[1]" I don't think what I said was misquoted or biased, etc. C2SP (talk) 20:43, 17 August 2009 (UTC)
OK, I put it back until someone proves I was misquoting the article I guess. C2SP (talk) 20:47, 17 August 2009 (UTC)
(edit conflict) Give people some time to respond on these talk pages; not everyone is sitting around constantly reloading their watchlist.
Anyway, it's your WP:OR that it's a generic naming scheme. Per WP:V, we can only state what is in the article. And if nothing else, we should state what score he gives the software; after all, it's only fair. How about this as a proposed rewording:

Mark Gibbs from Network World gave MalwareBytes 4 out of 5, saying that the software does its job well, but that it does not provide good explanations of its results. He also reported that the program took more than four hours to scan his computer.

Since that actually _does_ state what's in the article, I'm going to change to that. — HelloAnnyong(say whaaat?!) 20:51, 17 August 2009 (UTC)
Can't find a reason to edit that. Sounds good to me. Add it. C2SP (talk) 20:56, 17 August 2009 (UTC)
I took a real hard look at this again, due to its recent history of using bunk refs. I discovered that the opeing description is not cited. It may have a ref, but that ref did not even talk about the verbiage in question. It states that they are planning to move to a United States location, yet it does not specify if they are now currently in the United States. Furthermore, the ref did not even describe the ability of the program (as in what it does), plus it does not mention whether or not this topic is indeed the *flagship* product. I made edits until these claims can be cited. C2SP (talk) 23:47, 17 August 2009 (UTC)
I noticed yet ANOTHER misquoted ref!! Your claim that BleepingComputer stated that this product was preferred is POV, as it was not mentioned to be preferred anywhere in the ref. Are we supposed to assume they preferred it just because they used it? Unless he said, "I prefer this over everything else" or something along those lines (which he did NOT), then that is gone too until proven otherwise. C2SP (talk) 23:54, 17 August 2009 (UTC)
Finally, I would like to suggest a change of words regarding this line: "News organizations have also picked up on Malwarebytes' Anti-Malware, having mostly positive things to say about program's detection abilities.[3][4]", If you check the refs, neither are a *News Organization*. Maybe Technical Blogs, or Technical Sites, etc would be more appropriate? C2SP (talk) 00:16, 18 August 2009 (UTC)
You removed a source that is titled "MalwareBytes Corporation" and lists Anti-Malware as a product. I'm going to add that back into the header, as it actually says what the article says it does. I made no claims about BleepingComputer, but I'm going to add that ref back and clean it up. AS to the last one, that's fine, whatever. — HelloAnnyong(say whaaat?!) 00:41, 18 August 2009 (UTC)
  • Why would you mention how long it took him to run the scan? That is misleading to people. It takes the same amount of time as any such scan. [citation needed] And how many other programs like this, if any, give you any detailed information about what they are removing? DreamFocus 04:46, 18 August 2009 (UTC)

The paid and free version, citation needed nonsense

I had replaced the citation needed with a link to their website, confirming they had a free and paid version, but this was replaced with the citation needed tag again. Do you doubt the primary source for this information? Is it not obvious that there is a paid and a free version? Why do you have a citation needed tag next to that one sentence? DreamFocus 04:53, 18 August 2009 (UTC)

A link to the about page does not confirm your claims. And, I see you have now reverted to digging up years old reviews. Are you looking for positive reviews only? Do you need me to help you find some negative ones? C2SP (talk) 08:21, 18 August 2009 (UTC)
If you find a negative one, as you are so determined to do, then add it. Just make sure it is a legitimate media source, not just a forum or blog. DreamFocus 14:58, 18 August 2009 (UTC)
I become more determined to find negative reviews (to balance out this travesty you call a wiki entry) the less you become determined to find them. And, what do you think your ref to CNET Blog was or BleepingComputer was, both blog posts. I guess I should go now and edit those out if you really think they don't belong here. Why don't you go ahead and do that since you placed them there, OK? C2SP (talk) 19:20, 18 August 2009 (UTC)
Those won't blog post, they were official reviews, from notable sites. The Network World one is fine, just not you mentioning the four hours it took, since they all take that long. And why would I want to find them at all? You want them in here, then you have to go search for them. I don't see as how the article really needs them. DreamFocus 20:40, 18 August 2009 (UTC)
Still posts made in a blog, so if you wont kill it then it must be fine to place other posts made in blogs here too, so I will start my search for the negative. I am sure that I could use audience reactions from those same refs since you find the ref so noteworthy. And, why wouldn't you want to find negative reviews for inclusion, are you affiliated to this MalwareBytes company? C2SP (talk) 22:00, 18 August 2009 (UTC)
Hey, I found two different and very creditable sources talking about some telemarketing scandal MalwareBytes was involved with, I'll go ahead and add a new section to cover that since it involved the topic of this entry. Should be an interesting read and could help to expand this article. C2SP (talk) 22:05, 18 August 2009 (UTC)

SoftPedia selective review

It did say the others didn't manage to wipe out the rootkits either, but Malwarebytes did manage to get everything else, picking up somethings that others did not. They praised it for running much faster, using far less RAM than any others. It was suggested that it be used with other things. The mention of the review should include everything, not just the negative part, and certainly not fail to mention that none of the other things tested were able to get all the root kits either. You can't criticize them for not doing something, which no one else could do either. Good find though. I suggest using cquote when quoting something though. DreamFocus 23:27, 22 August 2009 (UTC)

Well, I told you, since you are looking for ONLY positive reviews that I would be looking for ONLY negative reviews. I'm just getting started, there are many more to include. C2SP (talk) 23:37, 22 August 2009 (UTC)
I look for any reviews, just grabbing the first thing I found. But you can't take something out of context from a review, and imply something that isn't said. DreamFocus 23:52, 22 August 2009 (UTC)
I took out the POV part, but the other remains as it was a result of testing. I want to be fair, no POV's!! C2SP (talk) 23:31, 22 August 2009 (UTC)
You might add that if you like, how about user reviews/comments, are we using those? C2SP (talk) 23:33, 22 August 2009 (UTC)
BTW, I noticed your slick little change there. You can not assume that it will remove malware but it can be stated that it does at least scan for them, do not change that again. thanks C2SP (talk) 23:39, 22 August 2009 (UTC)
I didn't change anything. It always said that. Check the history. It formerly said a lot more.DreamFocus 23:51, 22 August 2009 (UTC)
perhaps we should nominate this entire page for deletion? I am seriously considering it for the following reasons:
  • Advertising or other spam without relevant content (but not an article about an advertising-related subject)
  • Articles whose subjects fail to meet the relevant notability guideline (WP:N, WP:BIO, WP:MUSIC, WP:CORP and so forth)
  • Any other content not suitable for an encyclopedia

Thoughts? C2SP (talk) 23:57, 22 August 2009 (UTC)

If you believe that, go for it. I'm sure reason will prevail, and it'll be a definite keep. DreamFocus 00:22, 23 August 2009 (UTC)
Yeah, I say go for it, too. -- Schapel (talk) 00:30, 23 August 2009 (UTC)
Would you like to go ahead and do it then. I would like to build a solid case first. C2SP (talk) 00:32, 23 August 2009 (UTC)
I don't understand why it is so important to include that it removes malware, when scanning for it should be good enough. That is like saying just because I turn the key in the ignition that my car will start. It might or might not, one can only ASSUME it will and an ASSUMPTION is not fact!! C2SP (talk) 00:38, 23 August 2009 (UTC)
The purpose of the software is to remove malware. Its what it exist for. And some programs give out free scanning, but you have to pay for a version that removes things. Its important to point out that this one has a free version that scans AND removes malware. DreamFocus 00:40, 23 August 2009 (UTC)
Thus my latest edit, it only attempts to remove them. Can you ensure that it will ALWAYS remove malware? No, then EDIT!! C2SP (talk) 00:42, 23 August 2009 (UTC)
It attempts to find them, and if it can find them, then it succeeds in removing them every single time. DreamFocus 00:45, 23 August 2009 (UTC)
Really? Citation? C2SP (talk) 00:47, 23 August 2009 (UTC)
Are you serious? Do you understand how software works? If it is able to find something, then obviously it can remove it. It isn't that difficult to erase it once you have identified it. DreamFocus 00:51, 23 August 2009 (UTC)
  • Three editors have reverted you. [2] HelloAnnyong, plus me and Schape a few times. Leave it alone already. DreamFocus 00:53, 23 August 2009 (UTC)
This page has been edited by a lot of people. Why don't you leave it alone? C2SP (talk) 00:55, 23 August 2009 (UTC)
We're talking about one sentence, which three editors have said you shouldn't mess with. Stop changing it back. DreamFocus 00:58, 23 August 2009 (UTC)
No, we are talking about cutting the fat. You see, the difference between me and you is, I am not affiliated with Malwarebytes and they aren't paying me to do this. C2SP (talk) 01:01, 23 August 2009 (UTC)
Against with your ridiculous accusation. I am not, and never have been receiving any payment, nor communications even, from Malwarebytes. DreamFocus 01:27, 23 August 2009 (UTC)
You sure do know a lot of insider information concerning Malwarebytes. Where did you get this insider information? C2SP (talk) 02:14, 23 August 2009 (UTC)

edit warring reported

I reported the violation of the three revert rule here: I see he did it again though. Be careful not to revert him more than three times. DreamFocus 01:23, 23 August 2009 (UTC)
I reported you, where you reverted 8 times. And, who are you talking to, your team members? C2SP (talk) 02:12, 23 August 2009 (UTC)
Not sure if you noticed this, but you reported the same revert TWICE!! This is probably why you get reverted so much. Try to pay more attention next time. Thank you. C2SP (talk) 02:33, 23 August 2009 (UTC)
Um.. not everything you reported was a revert. It should also be noted that WP:3RR applies only to edits in the past twenty-four hours, so your first three reverts of Aug 15 don't really count. — HelloAnnyong(say whaaat?!) 02:35, 23 August 2009 (UTC)
Tell me how many I included will stick? I am too new to get this perfect. C2SP (talk) 02:37, 23 August 2009 (UTC)

Speedy Deletion

This page shows no chance for improvement. ==Speedy deletion nomination of Malwarebytes' Anti-Malware==

A tag has been placed on Malwarebytes' Anti-Malware, requesting that it be speedily deleted from Wikipedia. This has been done under the criteria for speedy deletion, because the article seems to be blatant advertising that only promotes a company, product, group, service or person and would need to be fundamentally rewritten in order to become an encyclopedia article. Please read the general criteria for speedy deletion, particularly item 11, as well as the guidelines on spam.

If you can indicate why the subject of this article is not blatant advertising, you may contest the tagging. To do this, please add on the top of Malwarebytes' Anti-Malware and leave a note on the article's talk page explaining your position. Please do not remove the speedy deletion tag yourself, but don't hesitate to add information to the article that would help make it encyclopedic, as well as adding any citations from independent reliable sources to ensure that the article will be verifiable. Feel free to leave a note on my talk page if you have any questions about this. C2SP (talk) 02:44, 1 September 2009 (UTC)

You really ought to have a look at the types of articles which are typically tagged with {{db-ad}} to get an idea of what constitutes blatant advertising. This isn't it. I have no idea what your "looks dead" comment was about, but the software itself is obviously still being updated. We don't delete articles on the basis of the current content unless there's reason to believe that it's beyond salvage. Chris Cunningham (not at work) - talk 18:16, 1 September 2009 (UTC)

As a user I found this article mildly helpful so I oppose deletion.Burressd (talk) 01:21, 17 September 2014 (UTC)

recent negative additions

I see someone else has reverted it while I was reading through the new sources added. [3] After reading the review linked to at SoftPedia, and reading what was quoted from it, the selected quote did rather bias. The other freeware bits couldn't detect those rootkits either, which should've been mentioned. It did fine against other forms of viruses though, and received praise for being able to pick up things that other software could not, running fast, and using fewer resources. By only stating it failed to detect any root kits, it makes the software seem rather horrid. Unless you find a free malware scanning program that gets all or even most of the rootkits, you can't go criticizing any of them for something that none of them are able to do. DreamFocus 17:44, 24 October 2009 (UTC)

An anon IP, probably Cupids wings (talk ·contribs) just not logged in, reverted me. I'm glad that we're in agreement on this, though. Anon, perhaps you'd like to discuss your edits a bit more? — HelloAnnyong(say whaaat?!) 17:48, 24 October 2009 (UTC)
Special:Contributions/ new editor, 6 edits, three of which directly related to this article. DreamFocus 18:07, 24 October 2009 (UTC)
Not anon - it was me! (I've just fixed my sig on your talk page as well)
We're certainly not in agreement here though.
All I did was:
  • Reorder the existing references such that reviews raising issues were listed together
  • Remove a nebulus reference to "News organizations have..." to specify which ones (see Wikipedia:Avoid weasel words) - one of which was effectivly redundant, as already mentioned in the same section (Network World site)
  • Remove further weasel words about 3rd party sites
  • Add the highly relevant fact to the previous references where it stated it missed 67 rootkits, that that was out of 67 rootkits! - it missed all of them!
  • Removed two links to redirects of MS Antivirus (malware) under different names, which served no purpose other than to suggest they were two separate problems, not just the one (see the MS Antivirus (malware) page for aliases it uses)
If (for example) you feel other programs are similarly useless (100% failure rate, 42% failure rate), this should be stated in the article - not have it reverted back to something which is deliberatly misleading
Incidently, I've still not read anything in this article to suggest why it's notable enough to be included in the Wikipedia - which is a key problem with the article atm! I'm not actually sure why it would be notable either, there's a lot of products available which do thte same thing. Clearly you have an interest in it though - please could add something in to clarify this and ensure it conforms to WP:NOTE, otherwise the next guy to come along is just going to mark it again!
As it happens, the article's already been marked as an advert, and nominated for speedy deletion on at least two occasions. It's pretty clear there's a problem with the article; reverting my edits try to address this issue doesn't help. I'll leave the page as-is for now, though unless anyone can put in something better to make it more objective, I'll revert my edits back in. Cupids wings (talk) 18:12, 24 October 2009 (UTC)
Everything is notable according to the suggested guidelines, if it has been reviewed by reliable sources, which this software of course has. I know one of the other attempts to delete it was by a new editor who was warned about his inappropriate behavior at this article. So I don't the fact that someone suggested deleting it before you, and that the majority of people were against that, really matters. And you have been reverted by two different editors now, no one stating they agree with your edits. Follow Wikipedia procedures and form a consensus on the talk page, diving the content of what you did into sections, and discussing each bit perhaps. DreamFocus 18:40, 24 October 2009 (UTC)
You seem to have ignored the points I've made. Perhaps you'd like to go back and review each of them? Or, to cut things shorter, Which specifically don't you agree with? What exactly is the problem with the above, or are you seriously suggesting that the article as it is, is accurate, objective, not in the least bit misleading, and shouldn't be corrected?!! Cupids wings (talk) 19:58, 24 October 2009 (UTC)
What weasel words are you referring to? And why remove Both versions scan a user's computer and remove any malware that is found. You have to tell what the software does. DreamFocus 20:13, 24 October 2009 (UTC)
I covered two examples above - "News organizations have..." - which news organizations? The two listed (one of which is a duplicate - as described above) can be named explicitly.
"3rd party sites" - which "3rd party sites"? Be explicit, not vague with the use of weasel words. Why do you have any problem with this? Cupids wings (talk) 20:35, 24 October 2009 (UTC)
One of the overarching guidelines for notability is coverage in multiple secondary sources. There was an article in the Washington Post and LINK REMOVED PER SITE BLACKLIST. That's two, and that satisfies the basic version of WP:N. Perhaps the article in its current form doesn't contain enough information, but that can be remedied. 71 gnews articles and > 1 million ghits makes it somewhat more notable. — HelloAnnyong(say whaaat?!) 20:30, 24 October 2009 (UTC)
I think it'll be best instead of saying "news organizations" and "3rd party sites", to actually list some of them instead. That makes sense. You can't say that most news sites say its great, unless you look at all of them, and then count them up after all. I went ahead and removed that wording. DreamFocus 20:53, 24 October 2009 (UTC)
Sorry, I should have made my comment separate. I was responding to Cupid's question about proving notability. — HelloAnnyong(say whaaat?!) 21:46, 24 October 2009 (UTC)
Whoops! So was I. He mentioned those two things in his complaint, so the wording I did remove. DreamFocus 21:54, 24 October 2009 (UTC)

reliable sources

Anyone know where the list of reliable sources is at? I can't find it. I was wondering if Bright Hub would count as a reliable source.DreamFocus 18:07, 24 October 2009 (UTC)

If it's any use, Bright Hub's got a Wikipedia article, so presumably it's noteworthy enough to use?
Having said that though, it's debatable how noteworthy the Bright Hub article is itself - it's little more than a stub, with no claim of notability beyond that any other of thousands of similar sites could claim, and is practically an orphaned article - it's only got two links to it! Could you add/flesh it out a bit as well while you're looking at it? Cupids wings (talk) 18:19, 24 October 2009 (UTC)
Reading about it at places, and apparently almost anyone can sign up to post reviews, they putting it up there, no one checking for accuracy, and you get money from the ads on that page. People are thus encouraged to make as many articles as possible, to thus get more ad revenue. I don't think this would count as a reliable source. If anyone can remember where that page is that they list websites to add to the approved or rejected list of reliable sources, please post here or my user page and I'll get it reviewed there. DreamFocus 19:01, 24 October 2009 (UTC)
  • I'm curious if SoftPedia is a reliable resource. I Googled earlier and found some mention that they weren't. On their site I see celebrity gossip [4] written like a personal blog filled with opinions without facts, and other things that don't make it seem too credible. Opinions please. DreamFocus 21:42, 24 October 2009 (UTC)
Avoid Softpedia if you can. It's just an indexer of information, and not particularly reliable. — HelloAnnyong(say whaaat?!) 21:45, 24 October 2009 (UTC)

Added back Add tag

Anyone who reads this "entry" can see it is an AD. Plain and simple. You take out the negative remarks and post only the positive remarks and for what reason? Why is it so important that all references are positive? This is not a fair and balanced "entry" and it should not be allowed to stay the way it is now; it must be changed and dramatically. Or else, I think this thing should be nominated for the THIRD time to be deleted. C2SP (talk) 20:45, 27 October 2009 (UTC)

Can you give us some actual concrete examples of how it's an advertisement? And this article was nominated three days ago for CSD and was declined, so stop trying to have it removed just because you don't like it. — HelloAnnyong(say whaaat?!) 20:52, 27 October 2009 (UTC)
You're kidding right? I actually have to point it all out to you? Just read the entry yourself. And, I wont stop trying to delete this entry, and not because I don't like it (which I don't), but because it's the most obvious attempt to AstroTurf I have ever seen. You really have to be in denial not to see it. So, I don't know what to say: I'm not going to waste my time explaining it to you (AGAIN). C2SP (talk) 21:04, 27 October 2009 (UTC)
You were told last time not to add information back in without consensus. Other editors have told you in the past they were against that, and now HelloAnnyong and me are telling you again. If not a single person states they agree with you, and multiple editors say they are against it, then keep the tag out. Also, the only things taken out were from unreliable sources, or were quoted out of context in a misleading way to the reader. DreamFocus 22:00, 27 October 2009 (UTC)
  • Saying you won't stop until you delete the article, sounds like vandalism. If you want to nominate it for an AFD, then go to: [5] and read how to nominate something for deletion. I assure you, it will be kept. Its the same as all other software articles. Why not look at other software articles, and see what information they have, and why. DreamFocus 22:07, 27 October 2009 (UTC)
    • Just to point out, C2SP is very much a single purpose account. Nearly all of their edits have been about this page, and is something that might be taken into account during an AfD. — HelloAnnyong(say whaaat?!) 22:54, 27 October 2009 (UTC)
      • I would appreciate it if you would stop trying to label me with all these ridiculous terms. I could just as well call you a TOOL, but I wont. Anyway, I work on one article at a time, WHEN I HAVE THE TIME. This article is nowhere near complete, it backslides everyday. Until it is balanced or deleted, I wont stop making edits. I am NOT the only one voicing an opinion about this, check the history. You will see, once this gets fixed, I will be working JFK next. You'll see it. C2SP (talk) 01:02, 28 October 2009 (UTC)

how long the scan took the guy isn't relevant

I removed the [6] it took four hours to scan bit again. CNet describes the software is "relatively speedy malware remover". Everywhere I see reviews, talks about its speed compared to others. You can't mislead people by quoting the guy out of context, saying it took him 4 hours to do the scan. Unless you show a comparison of how long it took the same people to run other scans, then that information shouldn't be in there. Everyone please post Agree or Disagree, and state why if you feel like it. DreamFocus 01:35, 28 October 2009 (UTC)

Having the quotation on its own line like that adds way too much WP:WEIGHT to what is just one of several reviews. Ideally the reception should be in paragraph form (not a list) but to have the quote on its own line like that just makes it worse. Having said that, I suppose it is cherry-picking to point out the time that it takes to run. — HelloAnnyong(say whaaat?!) 02:56, 28 October 2009 (UTC)
It's a 6-year old argument, but still worth noting to non-participants that the idea of how long a scan takes is completely irrelevant to the anti-malware software, and "speed" doesn't mean much if it's detection rate is poor. There are numerous factors that will affect scan times, such as hardware (hard drive data transfer rate, available memory, memory speed, number of CPU's, CPU speed) and software (other applications running at the time, how much data is actually on the hard drive). Any mention of scanning times is completely misleading, and has no place in the article.Jonny Quick (talk) 06:20, 3 August 2015 (UTC)

Should the number of downloads for this software be in the article?

[7] I believe mentioning how many millions of people have downloaded the software, to be a relevant fact, and it clearly referenced. One editor keeps trying to remove that information though. Articles for television shows list how many people watched it. Same thing here. It belongs in the article. Please state if you Agree or Disagree, so we can form consensus and not end up with another edit war like last time. DreamFocus 01:39, 28 October 2009 (UTC)

This is a hard one. It's kinda funny that in the previous section you complain about how it's misleading to say the scan took four hours, but you want to include how many times it's been downloaded. To say that the software has been downloaded 24M times is technically true, but doesn't accurately represent the source - it should say that it's been downloaded from CNet that many times. But my bigger problem here is the source as a whole. It's one thing to use that page to say that it's an Editor's Choice program, and quite another to use a relatively trivial counter on the side. So I would support its removal until we can get a better source. For example, the Ubuntu article has a line saying that it was downloaded a bunch of times - but it references the New York Times. — HelloAnnyong(say whaaat?!) 03:04, 28 October 2009 (UTC)
FWIW, I believe both the number of downloads, and the scan time are contextless and useless. As has been pointed out, without comparison, the scan time tells nothing. And with the number of downloads, there is no indication of how many failed downloads, web spiders, upgrades, etc. are included. And it tells nothing of downloads from other sites. --HamburgerRadio (talk) 02:07, 4 November 2009 (UTC)
Okay. I'm fine with leaving out the number of downloads and the length of the scan. Way better solution. — HelloAnnyong(say whaaat?!) 02:26, 4 November 2009 (UTC)

Question about removal of Washington Post article

  • I'm have a question about the recent edit which removed a link to the Washington Post article. [8] Cupids Wings states in the edit summary "(WP "review" is actually generic review which applies equally to *any* malware and antivirus scanner)". The review [9] reads:
Malwarebytes' Anti-Malware (free demo, $25 to unlock all features) is a worthwhile addition to anyone's anti-spyware arsenal, because unlike some overly complex programs, it's easy to configure and use.

Using Malwarebytes' Anti-Malware is simplicity itself.

I'd like other people's opinions please. Is this not a valid review? DreamFocus 09:45, 4 November 2009 (UTC)

I reverted its edits myself, the edit summaries were simply untrue, and I am slightly concerned at a user that tried to delete this article once removing references like that. --UltraMagnusspeak 10:33, 4 November 2009 (UTC)
That's very selective quoting by User:Dream Focus.
I removed the reference - the "Washington Post review" is:
  1. A duplicate of the PCW review and not written by the Washingon Post, so it shouldn't even be referencing the Washington Post in the first place. If anything, the original PCW "review" should have been referenced as otherwise this misrepresents the source.
  2. There is no need to splatter the article with a total of 5 references to the exact same WWW site content on two separate (and at first glance seemingly unrelated) WWW sites. From User:Dream Focus's quote, the only place where it may be acceptable is in the "reception" section (which is really nothing more than a spam section as it's one sided, and only serves to promote the product, but that's separate issue).
  3. It is nothing more than a generic "review" which applies equally to any similar software product (as I clearly stated in the earlier edit summary) - thereby adding nothing to the article.
Cupids wings (talk) 16:10, 8 November 2009 (UTC)

Well, here is another reason to kill the washington post link, It is an exact copy of the PC World review. C2SP (talk) 23:50, 4 November 2009 (UTC)

They do say that at the top, and down below it says that's one of their partners. What's your point though? They don't have the staff to handle software reviews themselves, so they reprint articles from those they trust. DreamFocus 05:03, 5 November 2009 (UTC)
Well, I suppose you outta trust your PARTNERS. And, since you asked for it, I'll tell you my point. Since the Washington Post didn't actually print them, that all it was, was nothing more than an echo (a legal copy) of something printed by a source not a newspaper passed to them by a PARTNER. I think we might have a reason now to drop this article altogether, now that we know the nature of the reviews and how they were obtained. This means, at least in my eyes, that in fact Malwarebytes Anti-Malware is not noteworthy after all. Unless you want to give credit to any guy/girl with a website, I think we may have a problem here. You know software like Ubuntu or Windows, McAfee or Norton, only they are noteworthy, because they HAVE actually been printed in newspapers and everywhere else; they are well-known, people know what they are, etc. There is no question about their worth. However, you see this MBAM as it is so called, is just another Ad-Aware or Spybot rip-off, that will be here today and gone tomorrow. Why are we reserving space for such nonsense? Saying that, I say we reconsider the deletion of this article based on its lack of being noteworthy. C2SP (talk) 08:37, 5 November 2009 (UTC)
Wow, seriously? You're still trying to delete this article? Notability is defined by coverage in at least two secondary sources. The PCWorld/WaPo article is one, and NetworkWorld is two. Here's a third and a fourth. Stop trying to push your POV and move on. — HelloAnnyong(say whaaat?!) 13:11, 5 November 2009 (UTC)
Yeah seriously, because you know what, Network World is also a partner of PC World. How many PC World partners are we going to use here? Are we just going to keep referencing the exact same news/review as many times as we can find it on the Internet? I hope not. And, to be honest, I don't think you have shown enough evidence that any of these sources are truly creditable. You have the one PC World that I will agree with, but the others are either echoing the PC World Review or are not even themselves creditable resources. I think it's time you came to grips with this and realize that this article is about as noteworthy as yesterdays bowel movement and about as interesting as the flush that followed. C2SP (talk) 21:50, 5 November 2009 (UTC)
There is plenty of mention of it in legitimate sources. You can easily find them. Plus, over 25 million people have downloaded it. There is no question that large numbers of people use it, and know what it is. DreamFocus 22:14, 5 November 2009 (UTC)

Cannot remove viruses?

The latest allegation is that MBAM cannot remove viruses. One problem is that the term virus means different things to different people. Many people use the term to refer to all malware, so in this sense MBAM removes viruses. Perhaps MBAM does not remove a single true virus, meaning programs that replicate themselves from computer to computer. If someone wants to say that MBAM does not remove true viruses, it should be made clear that MBAM does not remove true viruses but removes other malware, and a reliable source should be cited. -- Schapel (talk) 23:17, 25 December 2009 (UTC)I looked through the references and could not find one that makes this statement.

I see someone put back the statement with a notice that the term virus is a catch-all is not a valid excuse. This completely ignores the main point: I looked through the references and could not find one that makes this statement.If someone wants to say that MBAM does not remove true viruses ... a reliable source should be cited. Remember that verifiability, not truth, is the threshold for inclusion in Wikipedia. Thank you. -- Schapel (talk) 02:04, 27 December 2009 (UTC)
The malware wouldn't get around, if it wasn't a virus. Contaminated files people download, are infected by the virus, and do in fact duplicate themselves under various conditions. There is no way possible so many people could be infected by something, if it was just one guy somewhere putting it out there time and again. That doesn't make any sense. DreamFocus 18:34, 5 January 2010 (UTC)

Intellectual property theft

"IOBIT initially denied the claim, but Malwarebytes presented the public with a whole bunch of proofs. IOBIT eventually removed the definitions without making any comment.[citation needed]" Why can't this be removed? It isn't cited and not even written properly yet I can't seem to edit it. —Preceding unsigned comment added by Theeonlyjbk (talk • contribs) 04:45, 2 February 2010 (UTC)

Odd. It seems to have changed now. Theeonlyjbk 04:25, 2 February 2010

Unbalanced tag

I'm going to remove the partisan tag from Reception, as it doesn't seem to make any sense. How are PC World and CNET not neutral sources? I'd like some clarification before it gets readded. — HelloAnnyong(say whaaat?!) 00:49, 3 June 2010 (UTC)

This section heaps nothing but "praise" for this product. It's not balanced and is nothing more than straight spam (which it clearly is) LinuxAngel (talk) 08:01, 3 June 2010 (UTC)
Then find some reliable sources that aren't so rosy. Previously we looked around for a bunch and didn't really find much, other than some people complaining on forums. — HelloAnnyong(say whaaat?!) 12:00, 3 June 2010 (UTC)
I found a new review at,2817,2363509,00.asp (not all the findings are good.) --HamburgerRadio (talk) 15:34, 3 June 2010 (UTC)
The reviewer rates the product as "good". The cons list includes "Must pay for real-time protection". Well duh! You should be reviewing the paid version primarily, companies not making things if they weren't making money from them. DreamFocus 15:41, 3 June 2010 (UTC)
Cons also include "Poor cleanup of rootkits and commercial keyloggers." The fact about having to pay for real-time is just reported without judgement in the heading anyway. --HamburgerRadio (talk) 15:47, 3 June 2010 (UTC)
(edit conflict) Good find. I've now changed the reception section over to using prose, as that's how the rest of Wikipedia does it. And I've added the new review. — HelloAnnyong(say whaaat?!) 15:42, 3 June 2010 (UTC)

I've semi-undone this edit, in that it doesn't accurately represent the source. If the product gets a 3.5 out of 5 and they say both good and bad things about the product, then we need to reflect that. To put an entirely negative spin on the review is inaccurate. — HelloAnnyong(say whaaat?!) 21:08, 3 June 2010 (UTC)

And I've modified this edit because of POV concerns. "the nastiest threats often use rootkit technology" doesn't need to be explained, and it's just making the one review seem more important than the others. This is getting rather tiresome... — HelloAnnyong(say whaaat?!) 21:55, 3 June 2010 (UTC)
  • In an attempt to balance it with some criticism, it listed the actual stats for what it failed at, but not the stats in the same review of how well it did with those it did good at. I removed this. [10] Also, the article referenced says
"Malwarebytes does attempt to remove keyloggers, but it's clearly not a priority for the app. In a separate test using commercial keyloggers, Malwarebytes detected just 29 percent of the samples compared to 86 percent for Norton and 92 percent for Spyware Doctor. Score-wise, Malwarebytes got 2.9 points, Norton 6.6, and Spyware Doctor 7.0."
  • Do we mention its not designed for that? These stats are for keyloggers ONLY. If its necessary to list stats for one thing, then you should list them for the other. Only listing the ones that show the negative is rather bias. It was tested for malware, scareware, keyloggers, and rootkits, separate scores for all, plus a total score already mentioned. Also, when the official website says its designed to remove malware, does that include scareware, keyloggers, and rootkits in the definition? Those things count as a type of malware. DreamFocus 22:19, 3 June 2010 (UTC)
Why did you go back to a list format? Nearly every other page on Wikipedia does reception in a prose format, and it's considered the standard these days. — HelloAnnyong(say whaaat?!) 00:08, 4 June 2010 (UTC)
Its easier to read. And who considers that the standard format? You can't put unrelated sentences together all shoved together in one paragraph because you want a prose format. DreamFocus 03:12, 4 June 2010 (UTC)
Um, take a look at every single article that has a reception section and is either FA or GA. Like here, today' FA was The Beatles: Rock Band. And just look at their reception section. It's prose, not a list. It's just a de facto standard. And I don't see how they're unrelated sentences; they're all reviews of the product displayed one after another. Would you prefer some flowery text that connects them together? — HelloAnnyong(say whaaat?!) 03:19, 4 June 2010 (UTC)
Don't jump on the bandwagon. Which is easier to read, to get and find information from? Textbooks and educational things do it like this for a reason. DreamFocus 18:35, 4 June 2010 (UTC)

This section is just promotional Gat101 (talk) 12:20, 4 June 2010 (UTC)

If you're either a sockpuppet or meatpuppet of LinuxAngel, you should probably avoid editing here - or anywhere else, really, as that sort of thing is not allowed on Wiki. — HelloAnnyong(say whaaat?!) 12:22, 4 June 2010 (UTC)
I was thinking the same thing. DreamFocus 18:35, 4 June 2010 (UTC)

Try addressing the issue and gaining consensus, instead of making ad hominem attacks against people just because they disagree with you and want to see the article be more neutral

Источник: []
, malwarebytes anti malware Archives

Antivirus scan inside compressed archives, i.e. RAR, ZIP...

Scan archives file contents with antivirus / antimalware software in order to detect packed / zipped malware and resolve possible security issues before actual archive content extraction takes place, is a common best practice when unpacking compressed files from sources that cannot be trusted without a minimum degree of verification - or if the archive file has been exposed to potential threats in the process in example downloaded through an untrusted connection, or stored on a server whose reliability cannot be verified, received by mail as attachment.

PeaZip meets this security requirement integrating antivirus / antimalware scan option both from the filesystem (scan uncompressed files or entire archive files before browsing them) and for files inside archives, allowing to scan selected compressed (zip, 7z, rar, or in any other read supported format) files before extraction with anti-virus and anti-malware software.

This feature is especially useful when dealing with encrypted archives, as live scan of resident antivirus cannot verify the content of the archive until the password is provided and the un-zipped content is accessible for inspection in unencrypted form - making the archive manager application the first line of defense for detecting those incoming threats.

As role of thumb, anyway, before any other action you are adviced to:
  • trust only downloads and attachments from secure, reputable, trusted (and verifiable) sources
  • verify that the data matches known hash values in order, to guarantee the intended content was actually downloaded, and that no data corruption or forgery happened neither on the data storage server, neither during the transmission process

Please note you will need to enter archive password (from padlock icon in PeaZip context menu) in order to scan encrypted files.

Read more on antivirus software Wikipedia page, and online guide pages about how to protect files and safety practices for sharing data.

Anti-virus and anti-malware software for in-archive scan

PeaZip's "Open with" menu, auto configure itself to show option to analyze archive files (or analyze compressed files inside archives) with detected antivirus / antimalware software. The menu is also available from Run with buttom in File Tools tool bar.
This funtion is available also inside archives, as "Extract and open with" and alternatively as "Preview with" which keeps the output in a temporary work folder PeaZip will take care to clean up.
This allows to inspect content of archives which the antivirus software itslef is not able to access, either because encrypted or because compressed in a format the antivirus software does not support.

Following security programs are supported as scanners - which means the application is automatically detected and properly configured by PeaZip without requiring user manually configuring the scan, which anyway is always possible if desired *:
  • Avast

  • AVG Anti-Virus Free

  • Avira AntiVir Personal

  • ClamWin (Open Source antivirus)

  • Comodo Cleaning Essentials

  • ESET Smart Security, and ESET NOD32 Antivirus

  • Malwarebytes' Anti-Malware (MBAM)

  • Microsoft Security Essentials (MSE) and Microsoft Windows Defender

  • Spybot Search & Destroy

  • VirusTotal Uploader

Inspecting untrusted compressed & encrypted files, running the analisys before make use of the content, can severely reduce chances of PUP / PUA, virus, malware, or other unwanted, harmful software (keyloggers, sypware, adware, ransomware...), to enter the system.
Moreover, PeaZip can open as archives (and inspect for malware) most executable, installers, and resource file types (.exe, .msi, .dll, .sys), CAB, Java JAR, Flash SWF / FLV, and most document types like OpenDocuments ODF files, and both classic MS Office formats (.doc, .xls, .pps, .ppt) and new Office Open XML formats (.docx, .xlsx, .pptx), allowing browsing and in-depth security scanning of embedded resources to help finding possible source of infection inside container files.

* Organize > Applications (Alt+9) allows to integrate / remove / modify custom applications in "Open with menu", scripting the options to be passed to the executable program (or batch script).
This menu can obviously be used, alongside for security purpose, for setting up custom favourite most used software to open selected files, in example Notepad, most common browsers, media players and image viewers are auto-configured by PeaZip, and can be customized by end users.

Useful online resources: Avast, AVG, Avira, Comodo, ESET, Malwarebytes commercial antivirus programs (with free versions), ClamWin open source antivirus, Spybot Search&Destroy popular antimalware application, VirusTotal online meta-scanner employing multiple anti-malware and anti-virus detection engines.

FAQ > Security > Detect virus in archive files

Topics about in-archive scanning with PeaZip and common antivirus / antimalware software suites like Avast, AVG, Avira, Comodo, ESET, Malwarebytes, ClamWin, Spybot Search&Destroy, VirusTotal.. how to scan for virus compressed files inside archives before extraction, detect malware, analyze archive files (ZIP, RAR...) and other file types, inspect installers, dll, executables and documents:
how to run antivirus analysis inside archive files,
detect virus in archive files,

scan rar file for virus,

detect malware inside zip files,

in-archive malware scan,

securely manage archives,

scan archives for virus with AVG,
antivirus scan compressed archives,
how to scan zip files content,

inspect suspect archives with antimalware software,

check downloaded archives for viruses,
scan encrypted rar zip archives,
scan archive for virus with ESET,
secure archive management,
scan rar file before extraction,
how to scan for virus compressed files inside archives,

how to find virus in zipped files,

how to search for malware infection inside compressed files,

scan suspicious archives,

zip file scanner,
manage archive security,
scan archive for virus with Avast,
how to scan compressed files,
scan for virus inside archive files,
scan zip files before extraction,
detect malicious software and virus before extraction from downloaded rar zip files,
scan archive for virus with Avira,

analyze downloaded rar zip files for potentially unwanted programs,

secure archive manager,
detect malware, analyze ZIP, RAR files, inspect installers content
scan rar zip files before extracting

Источник: []
malwarebytes anti malware Archives



A computer worm is a type of Trojan that is capable of propagating or replicating itself from one system to another. It can do this in a number of ways. Unlike viruses, worms don’t need a host file to latch onto. After arriving and executing on a target system, it can do a number of malicious tasks, such as dropping other malware, copying itself onto devices physically attached to the affected system, deleting files, and consuming bandwidth.




Trojan is a malware that uses simple social engineering tricks in order to tempt users into running it. It may pretend to be another, legitimate software (spoofing products by using the same icons and names). It may also come bundled with a cracked application or even within a freeware.

Once it is installed on the computer, it performs malicious actions such as backdooring a computer, spying on its user, and doing various types of damage.

Trojans are not likely to spread automatically. They usually stay at the infected host only.



Trojan dropper

Downloaders and droppers are helper programs for various types of malware such as Trojans and rootkits. Usually they are implemented as scripts (VB, batch) or small applications.

They don’t carry any malicious activities by themselves, but just open a way for attack by downloading/decompressing and installing the core malicious modules. To avoid detection, a dropper may also create noise around the malicious module by downloading/decompressing some harmless files.

Very often, they auto-delete themselves after the goal has been achieved.




The term “rootkit” comes from “root kit,” a package giving the highest privileges in the system. It is used to describe software that allows for stealthy presence of unauthorized functionality in the system. Rootkits modify and intercept typical modules of the environment (OS, or even deeper, bootkits).

Rootkits are used when the attackers need to backdoor a system and preserve unnoticed access as long as possible. In addition, they may register system activity and alter typical behavior in any way desired by the attacker.

Depending on the layer of activity, rootkits can be divided into the following types:

Usermode (Ring 3): the most common and the easiest to implement, it uses relatively simple techniques, such as IAT and inline hooks, to alter behavior of called functions.

Kernelmode (Ring 0):  the “real” rootkits start from this layer. They live in a kernel space, altering behavior of kernel-mode functions. A specific variant of kernelmode rootkit that attacks bootloader is called a bootkit.

Hypervisor (Ring -1): running on the lowest level, hypervisor, that is basically a firmware. The kernel of the system infected by this type of a rootkit is not aware that it is not interacting with a real hardware, but with the environment altered by a rootkit.

The rule states that a rootkit running in the lower layer cannot be detected by  any rootkit software running in all of the above layers.



Remote Access Trojan (RAT)

Remote Access Trojans are programs that provide the capability to allow covert surveillance or the ability to gain unauthorized access to a victim PC. Remote Access Trojans often mimic similar behaviors of keylogger applications by allowing the automated collection of keystrokes, usernames, passwords, screenshots, browser history, emails, chat lots, etc. Remote Access Trojans differ from keyloggers in that they provide the capability for an attacker to gain unauthorized remote access to the victim machine via specially configured communication protocols which are set up upon initial infection of the victim computer.  This backdoor into the victim machine can allow an attacker unfettered access, including the ability to monitor user behavior, change computer settings, browse and copy files, utilize the bandwidth (Internet connection) for possible criminal activity, access connected systems, and more.



Rogue scanners

Rogue scanners, also known as fake scanners, fake AV, or rogueware, are pieces of code injected into legitimate sites or housed in fake sites. Their social engineering tactic normally involve displaying fictitious security scan results, threat notices, and other deceptive tactics in an effort to manipulate users into purchasing fake security software or licenses in order to remove potential threats that have supposedly infected their systems. Their warnings were deliberately crafted to closely resemble interfaces of legitimate AV or anti-malware software, further increasing the likelihood that users who see them will fall for the ploy. These malware can target and affect PCs and Mac systems alike. In 2011, known names in the security industry have noted the dramatic decline of rogue scanners, both in detection of new variants and search engine results for their solutions.

Rogueware is one of two main classes of scareware. The other is ransomware. Rogue scanners are not as apparent as they used to be several years ago. It is believed that ransomware has completely replaced rogue scanners altogether.



Point of Sale (POS)

Point-of-sale (POS) malware is software specifically created to steal customer data, particularly from electronic payment cards like debit and credit cards and from POS machines in retail stores. It does this by scraping the temporarily unencrypted card data from the POS’s memory (RAM), writing it to a text file, and then either sending it to an off-site server at a later date or retrieving it remotely. It is believed that criminals behind the proliferation of this type of malware are mainly after data they can sell, not for their own personal use. Although deemed as less sophisticated than your average PC banking Trojan, POS malware can still greatly affect not just card users but also merchants that unknowingly use affected terminals, as they may find themselves caught in a legal mess that could damage their reputation.

POS malware may come in three types: keyloggers, memory dumpers, and network sniffers.



Info stealers

The term info stealer is self-explanatory. This type of malware resides in an infected computer and gathers data in order to send it to the attacker. Typical targets are credentials used in online banking services, social media sites, emails, or FTP accounts.

Info stealers may use many methods of data acquisition. The most common are:

  • hooking browsers (and sometimes other applications) and stealing credentials that are typed by the user
  • using web injection scripts that are adding extra fields to web forms and submitting information from them to a server owned by the attacker
  • form grabbing (finding specific opened windows and stealing their content)
  • keylogging
  • stealing passwords saved in the system and cookies

Modern info stealers are usually parts of botnets. Sometimes the target of attack and related events are configured remotely by the command sent from the Command and Control server (C&C).



DNS hijacker

DNS changers/hijackers are Trojans crafted to modify infected systems’ DNS settings without the users’ knowledge or consent. Once the systems are infected and their DNS settings modified, systems use foreign DNS servers set up by the threat actors. Infected systems that attempt to access specific sites are redirected to sites specified by threat actors.


Источник: []

What’s New in the malwarebytes anti malware Archives?

Screen Shot

System Requirements for Malwarebytes anti malware Archives

Add a Comment

Your email address will not be published. Required fields are marked *