Skip navigation.

GT500.org Blog

Computers, Security, Whatever.

re: Your Brains

Microsoft Security Essentials and Malwarebytes' Anti-Malware on Windows XP

I've noticed that Microsoft Security Essentials and Malwarebytes' Anti-Malware both running real-time protection on Windows XP at the same time have a tendency to cause your computer to freeze. Below is detailed a quick solution.

Restart your computer in Safe Mode, and then launch Malwarebytes' Anti-Malware. Go to the 'Protection' tab, and uncheck the option that says "Start with Windows". Now restart your computer normally.

Once your computer is running normally, open Microsoft Security Essentials, and click 'Settings', and then click "Excluded processes", just like in the screenshot below:




After going to "Excluded processes", click the 'Add' button, and add the files listed below (this must be done one at a time):

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

If you have never seen that type of file selector before, then note that to open a folder all you have to do is click the little '+' sign to the left of the folder name, like in the following screenshot:




Now, after adding all three of those files to the "Excludes processes" list, please go to the "Excluded files & locations" list, like in the following screenshot:




Add the following two files to this list:

  • C:\WINDOWS\system32\drivers\mbam.sys
  • C:\WINDOWS\system32\drivers\mbamswissarmy.sys

After adding those two files to the list, close Microsoft Security Essentials, and then open Malwarebytes' Anti-Malware. Go to the 'Protection' tab and check the option that says "Start with Windows". Now, if you restart your computer, the freezing issues should be solved. :wink:

Ordering Windows 7

I've been running Windows 7 Ultimate x64 in trial mode for about two months now. While I do have one rearm left, and can get an extra month if I need to, I decided to just go ahead and purchase the OEM edition of Windows 7 Professional x64. It's only $150 (USD) on NewEgg, so why not? :cheers:

NewEgg was kind enough (since the purchase was $150) to give me free shipping via UPS, so it should be here on Monday or Tuesday of next week.

I may have to reinstall Fedora 11 after wiping out my current Windows 7 install, and reformatting, but who cares. It's not like I have anything really important saved in Linux right now anyway. P:

Dead Internet

My DSL connection just went out while I was in the middle of getting some work done. This is always annoying. It's one thing for it to go out in the middle of a game like Call of Duty 4, but in the middle of work is a total pain in the neck. I had a ton of work sitting there waiting for me, and now I can't get it done tonight.

I guess I can be grateful that this Palm Pre is still connected, but it's not that great for browsing. I seriously need Opera Mobile on this phone!

Official hpHosts Mirror

GT500.org has just become an official mirror for hpHosts.

I set up a new FTP account for Steven, and told him to offload whatever he needed onto my server. Since my server is hooked to a 100Mbps backbone, it should always be a fast download. My server is mirror #7 on the download page. :wink:

If you have not tried hpHosts yet, then I highly recommend it.

For those wondering why you would want to try a HOSTS file in the first place, or what they do, note that a HOSTS file blocks your computer from accessing malicious websites. When you are browsing around, and you get forwarded to a bad site or a bad ad tries to load, the HOSTS file will tell your computer to block it. This method is not perfect, but it is far better than browsing around without it. Especially if you are not a technician or malware analyst, as I've seen even IT administrators click the wrong link.

Now Hosting vURL Engine

Steven Burns (the maintainer of hpHosts and some other online security sites, and who is also a researcher for Malwarebytes) asked me earlier today if I could host vURL on my server for him. Of course, I was more than happy to do so.

Now, when you use vURL Online (note that Steven's site is pretty slow, so give it some time to load) you will find GT500 under the list of servers to use. :wink:

Some Shortcomings

I've noticed two major shortcomings in this new blog that may annoy me in the future.

  1. No 'indent' tag.

  2. No nested lists.

Now it may be possible to do custom HTML, and solve both of those issues. I'll have to play with it in the future, and see if it works. For now, I need to go melt some cream cheese and mix it with some guacamole. Best combination of tasty amino acids I have found thus far! I just need to make sure I take a glucose tablet before eating it. :wink:

AVG and MBAM

So, for the last two months AVG has been (on occasion) having issues with Malwarebytes' Anti-Malware. Usually breaking the database, but I think they were deleting mbam.exe (the main executable for Malwarebytes' Anti-Malware) the first time they had issues.

A kind user on the Malwareytes forums volunteered a solution that appears to be working. That solution is detailed below, for anyone who needs it.

These instructions assume that you have Malwarebytes' Anti-Malware installed in the default location on your C: drive. If this is not the case, then please adjust the paths. Note that on 64-bit systems the software is in the "Program Files (x86)" folder, instead of just "Program Files".



Windows XP and 2000:
  1. If you have removed Malwarebytes' Anti-Malware, then please reinstall it. Do not allow your computer to restart afterwards.

  2. Open AVG.

  3. Go to 'Tools'.

  4. Go to "Advanced Settings".

  5. Click to expand the "Resident Shield" tab.

  6. Go to the Excluded Files list.

  7. Add the following files to the list of excluded files:
    * C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
    * C:\WINDOWS\system32\drivers\mbam.sys
    * C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    * C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    * C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    * C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    * C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
    * C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
    * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

  8. Uninstall Malwarebytes Anti-Malware via the Add/Remove Programs utility in the control panel, or via the Malwarebytes' Anti-Malware folder in the Start Menu.

  9. Reinstall Malwarebytes Anti-Malware, and restart your computer.


Windows Vista and newer:
  1. If you have removed Malwarebytes' Anti-Malware, then please reinstall it. Do not allow your computer to restart afterwards.

  2. Open AVG.

  3. Go to 'Tools'.

  4. Go to "Advanced Settings".

  5. Click to expand the "Resident Shield" tab.

  6. Go to the Excluded Files list.

  7. Add the following files to the list of excluded files:
    * C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
    * C:\WINDOWS\system32\drivers\mbam.sys
    * C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    * C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    * C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    * C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    * C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
    * C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
    * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

  8. Uninstall Malwarebytes Anti-Malware via the Add/Remove Programs utility in the control panel, or via the Malwarebytes' Anti-Malware folder in the Start Menu.

  9. Reinstall Malwarebytes Anti-Malware, and restart your computer.

Back To Blogging

It's been a while, hasn't it? I was just too lazy to follow through on that idea of making my own blog engine, so here I am, using something that I've been ignoring for many years. Oh well, it's better than nothing, and it's better than the old SimplePHPBlog I had originally been using.

So, let's see. What's been happening since I killed my old blog over a year ago?

  • I now work for a security company called Malwarebytes. I do technical support for them, which boils down to about 80% helping people remove malicious software that has infected their computers, and about 20% actual technical support. Note, for those in need, we do all of that for free. No pay-for-support plan, but unfortunately no one answering phones (support via e-mail and forums only), so there is a trade-off.

  • At some point I became an Operawatch editor, but it seems like Operawatch is dead these days (I haven't heard from any of the developers in a while, even though I pitched some recent ideas for entries I wanted to write).

  • I got a Palm Pre, which is really intuitive in some ways, and incredibly retarded in others. Perhaps I would have been better off with an Android powered phone?

  • I recently quite the {XF} clan, which I had been a member of for almost 2 years. I always hated the way it was run, and couldn't take it anymore. Another guy quite with me when a third guy mentioned we should start our own clan, but sadly that third guy chickened out on us, and stuck with the old group.

  • Call of Duty: Modern Warfare 2 was just released, and they are trying to kill PC gaming with this one. No dedicated servers (peer-hosting via matchmaking is the only options for online play), and they also removed the ability to lean around corners. The lean issue is not that big, but I pay $99 per month for a dedicated server hooked to a 100Mbps pipe, so why would I want to play a game that I can't put up a server for?

I think that's pretty much it. Nothing else is coming to mind at least. I'll blog about other things here eventually. For now, I will assume that no one will see this for a good month or two. :wink: