Arvutifoorum VISTA
http://vista.getforum.org/

Malwarebytes või mingi muu tõrje USB`le ?
http://vista.getforum.org/malwarebytes-voi-mingi-muu-torje-usb-le-t1709.html
1. leht 1-st

Autor:  Krooniline [ 01 Mai 2010, 16:58 ]
Teema pealkiri:  Malwarebytes või mingi muu tõrje USB`le ?

Tervitus.

Tahaks panna mälupulgale nuhkvara tõrje, et saaks suvalise arvuti vajadusel läbi skännida. Proovisin Malwarebytes`t ja lasi pulgale installida, aga lükates teise arvutisse siis käima ei lähe. Omal on win7 ja teisel oli xp.
Kas üldse lihtlabasest installimisest piisab, või pean pulgal enne midagi tegema ? :roll:

Autor:  erik [ 01 Mai 2010, 17:12 ]
Teema pealkiri:  Re: Malwarebytes või mingi muu tõrje USB`le ?

Midagi on:
http://www.emsisoft.com/en/software/stick/
Aga Malwarebytes ei ole võimalik.

Autor:  grote5que [ 03 Mai 2010, 09:14 ]
Teema pealkiri: 

spybot lite

Autor:  tudiludi [ 03 Mai 2010, 12:07 ]
Teema pealkiri:  Re: Malwarebytes või mingi muu tõrje USB`le ?

Hirenäs bootcd-l on malwarebytes tätitsa olemas, kui millegipärast tööle ei lähe. Tegelt peakski uurima, sest malwarebytes vajab net framework 2 vähemalt ja peaks uurima, kas minixp-le saab selle peale panna ja sedaviisi käivitada.

Üldiselt soovitan Hiren's bootcd-d. Kõik, mis vaja on olemas ja veel hea träni. :P

Autor:  Krooniline [ 03 Mai 2010, 17:00 ]
Teema pealkiri:  Re: Malwarebytes või mingi muu tõrje USB`le ?

erik kirjutas:
Midagi on:
http://www.emsisoft.com/en/software/stick/
Aga Malwarebytes ei ole võimalik.


Hetkel lükkasin jah sellelt lehelt saadava programmi, aga kui keegi välja nuputab kuidas MalwareBytes`t annab panna antke teada :D

Autor:  grote5que [ 04 Mai 2010, 09:18 ]
Teema pealkiri: 

Malwarebytes Anti-Malware Portable

To make Malwarebytes' Anti-Malware portable is more difficult, as it does NOT run from a USB-Stick by just copying the application directory! Two system files (mbam.sys & mbamswissarmy.sys), two registered libraries (mbamext.dll & ssubtmr6.dll) and one registered ActiveX control (vbalsgrid6.ocx) are mandatory!

Malwarebytes Anti-Malware execution behavior:

* Three objects have to be registered: mbamext.dll, ssubtmr6.dll and vbalsgrid6.ocx
To do so, use the command regsvr32.exe "path\file" (use switch "\s" for 'silent')
(The files are located in the application directory)
* Two system files have to exist:
C:\WINDOWS\system32\drivers\mbam.sys
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
(These files are copied there during install and you have to take them with you)
* Necessary directories are created automatically:
%ALLUSERSPROFILE%\Application Data\Malwarebytes\
%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\
%USERPROFILE%\Application Data\Malwarebytes\
%USERPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\
%USERPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\
%USERPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\
* Necessary files (definitions) are created upon update:
%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\ignore.dat
%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\news.txt
%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
(Further files like logs are created during operation)
* Settings are saved in registry (HKCU\Software\Malwarebytes' Anti-Malware)


Making Malwarebytes Anti-Malware portable:

* Install
* Copy application directory to any location you like
* Copy mbam.sys & mbamswissarmy.sys from "C:\WINDOWS\system32\drivers\" anywhere you like, to take them with you (eg. the copied application directory)
* Uninstall
* Remove the uninstall files (unins000.dat, .exe & .msg) from the copied application directory if you like
* Take the application directory anywhere you like
* On the host machine copy mbam.sys & mbamswissarmy.sys to "C:\WINDOWS\system32\drivers\"
* On the host machine run:
regsvr32.exe "DRIVE:\PATH\mbamext.dll"
regsvr32.exe "DRIVE:\PATH\\ssubtmr6.dll"
regsvr32.exe "DRIVE:\PATH\\vbalsgrid6.ocx"
(You will be notified about registration success (or errors), use switch "/s" for silent registration.)
(You need admin rights for registration to succeed. Do this from an admin account or with elevated rights)
* Run "mbam.exe" from the application directory (not mbamgui.exe)


Batch to automate the necessary preparation on the host machine:
(Assuming that all mentioned files, including the batch, are located in the same directory)
Code:

COPY "%CD%\mbam.sys" "C:\WINDOWS\system32\drivers\mbam.sys"
COPY "%CD%\mbamswissarmy.sys" "C:\WINDOWS\system32\drivers\mbamswissarmy.sys"
regsvr32.exe "%CD%\vbalsgrid6.ocx"
regsvr32.exe "%CD%\ssubtmr6.dll"
regsvr32.exe "%CD%\mbamext.dll"

(Remember: Administrative rights needed. Use switch "/s" for silent registration)

Traces left on host system and how to clean up:
Malwarebytes' definition files, logs etc. are quite small (below 2MB) wich is small enough, but the system files and settings in registry should be removed anyway and the registered objects should be unregistered in any case!
This leaves us for complete clean-up with:

* DELETE: "%ALLUSERSPROFILE%\Application Data\Malwarebytes"
* DELETE: "%USERPROFILE%\Application Data\Malwarebytes"
* DELETE: "C:\WINDOWS\system32\drivers\mbam.sys"
* DELETE: "C:\WINDOWS\system32\drivers\mbamswissarmy.sys"
* DELETE: HKCU\Software\Malwarebytes' Anti-Malware
* UNREGISTER: regsvr32.exe /u "DRIVE:\PATH\vbalsgrid6.ocx"
* UNREGISTER: regsvr32.exe /u "DRIVE:\PATH\ssubtmr6.dll"
* UNREGISTER: regsvr32.exe /u "DRIVE:\PATH\mbamext.dll"


Batch to automate clean-up:
(Assuming that the batch is located in the same directory as the registered objects. WinXP cmd only! Use DELTREE in DOS instead of RMDIR.)
Code:

RMDIR /S /Q "%ALLUSERSPROFILE%\Application Data\Malwarebytes"
RMDIR /S /Q "%USERPROFILE%\Application Data\Malwarebytes"
DEL "C:\WINDOWS\system32\drivers\mbam.sys"
DEL "C:\WINDOWS\system32\drivers\mbamswissarmy.sys"
REG DELETE HKCU\Software\Malwarebytes' Anti-Malware /f
regsvr32.exe /u "%CD%\vbalsgrid6.ocx"
regsvr32.exe /u "%CD%\ssubtmr6.dll"
regsvr32.exe /u "%CD%\mbamext.dll"

(Remember: Administrative rights needed. Use switch "/s" for silent unregistration)


Additional remarks:

* As mentioned, you need administrative rights at least for objects (un)registration, but you should do any malware scanning and cleaning from an administrative account or at least with elevated rights anyway!
* For both applications there is cleaning done in the "Application Data" directory. Unfortunately the name of this directory is language dependent (it is named differently in some - but not any - non-english Windows locales), eg. in german (as for me), it is called "Anwendungsdaten". You have to change this in the batch files if you are executing them such a system.
In the case of the %USERPROFILE%, the "%USERPROFILE%\Application Data\" directory can be addressed directly by the %APPDATA% variable, but this does not hold for %ALLUSERSPROFILE%. There is no way to address %ALLUSERSPROFILE%\Application Data\ directly in a batch file (at least none i know about).

*****************************************
kui rahulikult läbi lugeda siis pole seal rasket midagi, isegi cmd faili sisu on kaasa antud :)

Autor:  erik [ 04 Mai 2010, 17:55 ]
Teema pealkiri:  Re: Malwarebytes või mingi muu tõrje USB`le ?

Ikka kuidagi saab kui kuidagi ei saa :D :)I

Autor:  tudiludi [ 04 Mai 2010, 20:34 ]
Teema pealkiri:  Re: Malwarebytes või mingi muu tõrje USB`le ?

On saadaval Malwarebytesi portable versioone, aga need on mitteametlikud (kui mitte öelda illegaalsed). Portable versiooni uuendada ei saa ja peab käivitama Vista + süsteemides adminnina, et käivituks.

1. leht 1-st Kõik kellaajad on UTC + 2 tundi [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/