From: The Central Scrutinizer on
"~BD~" <BoaterDave(a)> wrote in message
> David Kaye is (I believe) one of life's 'good guys' and has a vast amount
> of computer experience. Perhaps he wasn't concentrating and

Let's say what you mention here is true. If that is the case, why would he
know that users running as local admin is for sure asking for problems? He
said he is running that way as all of his clients do as well! WHAT!!!!

> missed your question.
> Maybe he will confirm that he *is* using Version 5 in due course.
> Btw, at the link you posted it *does* say about the Free version of Avast!
> Antivirus and anti-spyware
> Secures e-mail and chats
> I had a look at the web site of the other person commenting on your Blog
> about Malwarebytes. John Warnken seems to be quite
> genuine - maybe you should invite him to this thread?!!
> --
> Dave

From: The Central Scrutinizer on
I would focus more on getting your customers to not run with local admin
privs as a normal user.

"David Kaye" <sfdavidkaye2(a)> wrote in message
> sfdavidkaye2(a) (David Kaye) wrote:
>> I rolled back the registry and eliminated it, but I'm rather pissed that
>>the latest Avast did not see it at all.
> For the record "the lastest version" means exactly that, 5.0.462. I'm
> wondering what part of "latest version" people don't understand.
> Anyhow, back to our story...MB found it, Avast didn't. The ave.exe
> malware
> program has been out there for some time. I first saw it almost a year
> ago. I'm really surprised and disappointed that Avast didn't see it, and
> I'm
> inclined to rethink whether I should encourage my customers to use it.
From: ~BD~ on
David Kaye wrote:
> ~BD~<BoaterDave(a)> wrote:
>> The Real Truth MVP wrote:
>>> Yes, all kidding aside it could be a new variant and he also only posted
>>> the program version number not virus definition version which is 100403-1
>> Maybe he'll check if he reads my reply to you!
> I did and I checked and it's 100403-1. I let Avast automatically update both
> the program and the definition files.
> It looks like this may be a trend. I walked a customer through a registry
> rollback (luckily the malware didn't take over safe mode) and had her set it
> back 3 days. Again, like me, she has Avast on her computer, and likely has
> the current definition file. I know she has the same program version I do.
> Funny thing is that in quick scan mode, MBam didn't see anything at all. On
> my computer it saw ave.exe.
> Thank goodness it was merely a matter of rolling back the registry and not
> something more serious like boot sector injections, etc. Still, she still has
> the malware on her computer; it's just the registry doen't know about it.
> Next time I visit her I'll have to check and get rid of it.

Perhaps try Microsoft Security Essentials!

I'm using it on two machines and it seems to work just fine!

You have obviously found this experience somewhat disconcerting, David,
and I can just feel your frustration. For me, though, it has been most
interesting, especially your posting times being ahead of others who are
also using Eternal-September. Might you approach Ray Banana about this?
I've found him very helpful.

I wish you a very Happy Easter.

Dave BD

An afterthought! Assume you had a pristine machine (new or with a new
hard disk) - not connected to the Internet - upon which you had loaded
Malwarebytes from a memory stick. If you ran a full scan it should of
course report no infections. With all the skill you have acquired, would
you be able to tell if changes had been made to your machine by MBAM
which might, perhaps, enable remote access to it when connected to the
From: David Kaye on
"The Central Scrutinizer" <gcisko(a)> wrote:

>Let's say what you mention here is true. If that is the case, why would he
>know that users running as local admin is for sure asking for problems? He
>said he is running that way as all of his clients do as well! WHAT!!!!

I have been fixing malware problems fulltime since 2002. That's 8 years.
When I remove malware, turn off unnecessary services, remove unneeded
startups, and put in a rudimentary anti-malware program (Avast lately), I
seldom get repeat calls from my customers for malware problems. When they do
call me back it's to fix something unrelated or to refer a new customer.

So, I feel fairly confident that XP is just fine in the default user mode,
which has admin privileges.

Oh, I suppose I could set them up with limited accounts but do you know how
sloppy that is? Some programs simply won't work, while others get flaky.
Quickbooks is a perfect example. It will not run properly (and sometimes not
at all) on a limited account.

From: FromTheRafters on
"David Kaye" <sfdavidkaye2(a)> wrote in message


> This is where heuristic scanning comes in and why MBam can catch
> nearly
> everything. I had the impression, reading from Avast's documentation
> and
> various postings from people that Avast also had similar heuristic
> scanning.
> Apparently not.


From my reading, Avast! only uses its heuristic's for its e-mail