Remove-Malware.com Forums

[Dieselman]

Ok I just duplicated it....................Very odd. I never noticed it before. Oh well. Even I can be wrong. No one is perfect. Either way you look at it its not big deal. Just makes you realize that NIS is doing its job and blocking unauthorized programs from accessing it. But MBAM is not trying to scan C\Windows\Programs Files\Norton. What it is scanning is the files in memory and running processes. So a quick scan from MBAM scans for malware in memory and whatever processes are running. Norton says "Oh No................You aren't gaining access to me" so it prevents it. Does that help?

At least you know that NIS is not easily terminated and its self protection module works properly. I never look in my logs so maybe thats why I never saw what you were talking about. So in a nut shell.............MBAM is not scanning NIS. MBAM is scanning running processes for known malware.

[Tomo172]

That would explain the "access process data" part of the alert.

[Dieselman]

Exactly Tomo..............Now your learning. Most quick scans scan every running process for known malware. It doesn't matter even if that process belongs to your favorite security product.

[ThisNameWasntTaken]

Learn something new everyday eh Dieselman? I kind of thought it could be ignored, but now that I have pros to ask, I thought I'd get their take. Didn't know it was the process in RAM that MBAM was "attacking", but that's why I am here: to learn, and to keep in the know about malware. Thanks for the answers.

[Dieselman]

Ok let me try and make this clearer to you "MBAM WAS NOT ATTACKING ANYTHING NOR WAS IT ATTACKING ccSvcHst.exe". MBAM like any other on demand scanner was doing its job by scanning every process running in memory. Thats how it finds malware. The best way to spot malware is by looking at ALL you running processes and noticing the fake ones from the real ones.

[ThisNameWasntTaken]

I know. That's why I put attack in quotes. Sorry for the misunderstanding. I clearly understand what is going on.

[Dieselman]

Ok great. Also quick scans with MBAM,SAS and HMP is all you really need.

[Hardov]

What about a quick scan whit NIS 11 or Idle time scan-NIS?

[bogdan]

Today, most malware runs at startup or places files in folders that are scanned during a quick scan (system folders). This is why in most cases a quick scan is enough. If the quick scan detects something, perform a full scan to remove files that the malware might have left behind in folders not covered by the quick-scan. Full scans were obligatory back in the day when we had mostly patching viruses that infected executables all over the hard-drive.
@hardov Performing a quick/Idle scan from time to time is recommended because some malware might have passed through your security. Assume that today you get infected with a malware that your antivirus doesn't detect. Tomorrow they might add the signature for it and a quick/idle scan will detect it.

[Dieselman]

What about a quick scan whit NIS 11 or Idle time scan-NIS?

Those are all done "Automatically". Just look at your Norton tasks.