Fix/undo anti-antimalware registry hacks

[Guest]

[AlphaRosea]

There are some occasions where I install MBAM or SAS on a computer and try them only to encounter errors and conclude that a worm etc may be responsible for this. It would be handy for CAV to be able to detect and fix known registry hacks that serve to disable antimalware.

I currently have a computer that actually belongs to me/my dad (which was lent to a friend of his for a few months) that came back with an crap-load of infections and neither MBAM nor SAS worked... though CIS wasn't threatened by the malware. I got another antimalware, a-squared Free, (it's initial def update is ~65MB lawwwwd) that detected them all but couldn't remove half of them (those were deeply entrenched in the system apparently. Explorer would crash and Windows would hang or the computer would even BSOD if I forced the removal of the stubborn ones).

Hopefully I can get a screenshot for the names of some of those infections sometime and post it. I remember there are a few instances of Vundo in there...

[jay2007tech]

though CIS wasn't threatened by the malware

CIS has it's own self-defense  mechanism for that purpose

There are some occasions where I install MBAM or SAS on a computer and try them only to encounter errors and conclude that a worm etc may be responsible for this

I think a better idea would be to request that to MBAM and SAS forum.  

I would write to saying this to them in their forum and/or email (below)
Ask them "You would like MBAM to have a stronger "self-defense mechanism" against malware from tampering MBAM or a least have that option available to make it stronger. (or weaker if it interferes with other software).   <-----feel free to copy and paste it to save you from typing

You would like MBAM to have a stronger "self-defense mechanism" against malware from tampering MBAM or a least have that option available to make it stronger. (or weaker if it interferes with other software)

=========================================================
until they put in a stronger self-defence, reinstall it.  (Don't uninstall the program, just download the newest MBAM and click "install".  It will fix itself.  AND as a added bonus, you won't need to redownload the anti-virus definitions again

P.S. after doing this, reboot the computer and then start hitting the "F8" key until a new screen comes up.  go to windows "safe mode"  Run MBAM and clean the infection from there will most likely prevent the same infections from coming back again and again. 

I hope this helps you

[AlphaRosea]

That's nice and all but it wouldn't work for me. They are presumably disabled via the registry hacks. As in a registry entry is set that stops them from running or denies them critical resources. I don't count on self-defense components because I only use the free versions which don't have real-time defense.

There was another infected computer I deal with before then. On that one I could use SAS but not MBAM. And SAS detected an evil registry key related to MBAM and that's how I'm aware of all this.

CIS has it's own self-defense  mechanism for that purpose

Defense+ is magic.

CAV would surely turn some heads when users see that it starts fixing, of all things, the infamous "disabled Task Manager" hack.

[Tags:]