Jump to content

Malicious Website Protection disabled


Recommended Posts

This message is a follow-on from topic 160864 in the Malwarebytes Anti-Malware Help forum.

 

I have removed all entries in the registry as suggested by Ron Lewis.

 

The only reason "Selective Startup" is used is I am runnimg a dual-boot system (7 & 8.1) and "normal startup" is not possible.

 

It was suggested by RL that I have some type of minor infection, and to ask here.

 

Please find the 3 attached files but they were produced before changes were made to the registry.

Addition.txt

CheckResults.txt

FRST.txt

Link to post
Share on other sites

  • Root Admin

I would recommend you restore MSCONFIG back to normal and use another tool or uninstall if you don't want certain items.

Please read the following article cocerning the use of MSCONFIG

Msconfig Is Not A Startup Manager

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

Next

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

Link to post
Share on other sites

Ron, thanks for your response.

 

I've reset MS config back to enable all startup programs, but with a dual boot system, you cannot make normal startup the default.

 

I ran TDSSKiller and no threats were found.

 

Hope you can find something here on the attached files.

Result.txt

TDSSKiller.3.0.0.41_14.11.2014_20.18.48_log.txt

TDSSKiller.3.0.0.41_14.11.2014_20.25.13_log.txt

Link to post
Share on other sites

  • Root Admin

Well as you can see here from the Event Logs there is something gong on with the computer that is causing required services or apps to not run correctly. It could be your antivirus but not sure at this point.

As for MSCONFIG and Dual Boot not sure what you mean. I've dual booted and multi booted computers for years and it had nothing to do with MSCONFIG

 

 

 

 

Application errors:
==================
Error: (11/14/2014 07:47:50 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (11/14/2014 07:47:30 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {1974dbb5-e67b-4c4e-82c4-51cf4a20d449}

Error: (11/14/2014 02:38:06 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/14/2014 02:38:06 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/14/2014 09:13:54 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Link to post
Share on other sites

Can i refer you to the following page that explains selective startup with windows 8 on a dual boot system with windows 7. In particular the last line which reads

"Windows 8 will always boot in “Selective startup” mode. Windows 7 however retains whichever startup mode choice you have made."
 

http://www.pagestart.com/win8selectivestartup01.html

 

The antivirus is Microsoft Security Essentials, the standard one that comes with Windows 8! There has never been any other antivirus installed.

 

I agree there's something going on, and whatever it is it's closing down the Malicious Website Protection.

 

Where do we go from here?

Link to post
Share on other sites

  • Root Admin

Well unfortunately as said the Event Logs show that the computer is not functioning correctly. That is beyond the scope of malware detection and removal. Then adding in dual boot certainly does not make things easier for maintaining the computer.

 

We can look at a few things but I wouldn't hold my breath that it would help. My suggestion would be to stop dual booting (was very popular and perhaps in some cases needed back in the day but really is of little value now days except to add complexity to the system) - then backup your data, fdisk, format, and reinstall one instance of Windows whether it be 7 or 8 and then see if you're still having issues or not.

 

Do you have any of these error when you boot into Windows 7 ?

Link to post
Share on other sites

Ron,

Whilst I appreciate your efforts, there are many things which don't make sense. Sure, there may be error reports on my PC as I'm sure there are on most if not all. It works fine 99% of the time, and the errors are seamless to the operator.

 

Version 1.75 still works without a hitch, and I'm happy to keep using it but you're going to discontinue support next year.

 

And as far as re-installing Windows goes, as I pointed out last week, https://forums.malwarebytes.org/index.php?/topic/160864-yet-another-malicious-website-protection-disabled/  I did exactly that, and the same thing happened within hours!

 

The question remains, whatever you may say is going on with my computer, (and many others) why the hell should it shut down your Malicious Website Protection! It doesn't shut it down on 1.75, so maybe your programmers can investigate it from that angle instead of trying to analyse our computers.

 

As you well know, it's not an uncommon issue.

 

Meanwhile, I'll take a look at Windows 7 and let you know.

Link to post
Share on other sites

  • Root Admin

Yes it is common and in most cases it's due to infection and computer issues just like you have.

 

This one event alone (forget about the others for now) will make most use of the computer and it's data integrity suspicious as it is very important that this underlying service resource works properly. 

 

Error: (11/14/2014 07:47:30 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.

 

The Volume Shadow Copy Service is what allows System Restore Creation and Restore. Without it that repair feature is broken.

 

Bottom line as I see it is that you're either not installing Windows properly or you have some type of hardware issues. I've probably installed Windows over a thousand times in my 20+ years of computer support and I've not had a single computer ever with the errors you're having. The most common problem is only errors at the very start as you're installing the proper drivers to get all the hardware working. Once that is done there are NO errors in the Event Logs on any computer I've ever built.

 

These errors are not common but they are certainly capable of preventing the computer from running properly and that does include our software.

 

If you like you can rebuild again and this time seek advice in the PC Help forum before installing ANY other software beyond the OS, or if you've purchased the software within the last 30 days you can submit for a refund if you like but the current logs are not indicating that this is due to an infection.

 

If you like we can run some other scans to look for malware as I said and see if anything can be found that might be contributing to this issue or not, just let me know.

 

Thanks

Link to post
Share on other sites

I have system restore turned off. It's of no use to me. Are you saying this is why I'm having trouble with your software?

 

Just to check that out, I did a fresh install of Windows 8.1 today and have left all windows settings as they are (including system restore).

 

It didn't take more than a couple of hours to get the dreaded "Malicious Website..." warning again. So for all the changes I've made to try to get Malwarebytes to work, it seems it just won't work for me.

 

I've opened a new topic in Malwarebytes Anti-Malware Help     forum.

 

I'm about to give up on this..... there has to be a reason and you must look for the common denominator with all the people having the same issue.

Link to post
Share on other sites

  • Root Admin

I'm sorry I don't know how else to explain this to you. You are not installing Windows properly. You should have NO ERRORS in your event logs but you have many. Some of them certainly can and will affect other programs from working properly not just our software but since you either do not believe me or choose to ignore me then all I can do at this point is suggest you contact the Help desk and possibly seek a refund if possible.

 

Thank you again

Link to post
Share on other sites

Ron,

 

With regards to the new install, as I said, I have changed no windows settings, I have not installed any drivers, yet it still fails.

 

Please explain to me how one can install windows "not" properly! I've been using windows as long as you have and don't think I'm a dummy. Did you bother to take a look at the files I attached for the new install, or would you prefer me just to go away?

 

I'm as anxious to solve this as all tghe others that obviously don't know how to install windows either!

Link to post
Share on other sites

  • Root Admin

As I said - I agree with you that that protection modules do fail. However in almost every case it's either due to infection, corruption, or hardware failure. We have double digit millions of users using the program so we know the protection modules work except when something on the computer is not as it should be. Yes I wish they were a bit more robust and did not have to rely on the underlying Windows API to function but that route was chosen to be more compatible with most computers out there.

I'm certainly willing to help you try to track down the issue but you'll need to do your part as well by helping to track down and fix services that are not working.

No one is trying to pawn you off but your tone seems to indicate that you're fed up and why I suggested possibly trying to get a refund. If you want to try to track it down and fix it then let me know.

Thanks

Link to post
Share on other sites

Ron, the reason I did a new install is I'm trying to track down and fix whatevber it is that's causing this.

 

Did you look at the attached file for the new install ?

 

https://forums.malwarebytes.org/index.php?/topic/161250-malicious-website-protection-turns-off/#entry910778

 

The application errors you've attached there are dated 14th November, so they don't come from today's install.

 

There are some errors showing, but how are they relevant to your system and why should they impact it so badly?

 

The errors show some windows updates failed, but that's hardly unusual. (And yes, Windows is not activated but that shouldn't impact your program either)

 

And why does 1.75 work perfectly?

Link to post
Share on other sites

Ron,

 

Never one to give up, I'm still trying other things to prove that there's a problem we're not seeing.

 

I've re-installed Windows 8.1 yet again, this time on a clean, newly formatted drive, not dual boot, and nothing has been installed except Malwarebytes.

 

I've not manually installed any drivers or windows updates, and the whole system isn't more than 4 hours old.

 

Malwarebytes completed a scan, and I have not adjusted any settings in it, except to activate it.

 

Windows is NOT activated.

 

Malicious Website Protection turned off within a couple of hours, as usual.

 

The scans are attached and I like you to check them over for me please.

 

 

Addition.txt

CheckResults.txt

FRST.txt

Link to post
Share on other sites

  • Root Admin

The Event Logs indicate service issues again (which do impact other programs including ours)

We rely on the underlying Networking Stack to be working properly in order for the Web Protection module to load and stay loaded. With the errors shown below I'm sure that is why it does not load.


Error: (11/22/2014 09:54:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
%%21

Error: (11/22/2014 09:54:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IP Helper service terminated with the following error:
%%1058

Error: (11/22/2014 09:53:09 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

 

 

 

Please try the following fix as a possible solution. Probably not directly related and in fact may be told that it's not for Windows 8 but go ahead and try it.

http://support.microsoft.com/kb/2401987

 

 

Also take a look at the following article

http://support.microsoft.com/kb/921471

 

 

Take a look at the following article and see if it helps to resolve some of these errors.

http://winwiki.org/event-id-7023-service-control-manager/

 

 

1.75 and 2.0 are not even close to the same product. That's like trying to compare a Mortorcyle to a Car just because they both have an engine. They are not the same. The 2.0 has may more features and is much more capable of finding and removing malware that 1.75 was.

 

Try the above items and see if that helps to fix the errors and let me know.

Link to post
Share on other sites

Ron, It seems we just go on blaming each other's products for the failures. I have checked the event manager on several other computers running Windows 8, and they all have multiple errors listed - some apparently 100% reliable computers logging over 5000 errors in the last 7 days.


So, I don't think there is ever going to be an error free windows system, and if that's what your software requires, it won't work too often.


 


With regards to the 3 links you gave me above, the first didn't run on my system (and as you said, wasn't really applicable anyway)


The second relates to failure to activate windows. I deliberately haven't activated it. It's just a "test build" and I can't afford to buy a copy just for this purpose. It shouldn't effect you though.


The third, I installed and executed the program, but of course they are happy to scan it for free, but want money for the so-called fix!


 


So, bottom line is I'm back to version 1.75 (which is what I bought and paid for) and I'll use that until I can no longer. Hopefully by then pressure from others may result in a "working" version 2.*.*.*.


 


Thanks for trying to help.

Link to post
Share on other sites

  • Root Admin

Not trying to play any blame game - just trying to help you get it running is all.

Okay then sorry the program is not working well for you then. If it is a recent purchase then you can submit to the helpdesk for a refund if you like. If it's the lifetime version then perhaps a future update will work for you.

Link to post
Share on other sites

  • 2 months later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.