siliconman01

This is on Windows 8.1.1 x64 Professional with IE 11 as the only installed browser. MBAE V1.05.1.1015 blocks CyberLink PowerDVD 14 V14.0.4704.58 from opening. It makes no difference if it is shielded as a mediaplayer, other, browser, office, or pdfreader.

After ~9 hours of running the test build, Mbae-svc.exe is holding steady at 3.1/3.2 mbytes RAM. In addition, mbae.exe has dropped from ~16 mbytes in build 1012 to 3.8 mbytes in the test build. Thanks very much for the test build and the fix.

On my Windows 8.1.1 x64 Professional systems, mbae-svc.exe is at 12 mbytes RAM and climbing steadily. Is there a way to get my hands on the test build to fix this on my systems as well ? TIA

Thus far I am not seeing any issues with mbae V1.05.3.1010 on: Windows 8.1.1 x64 Professional on a Dell XPS 8700 SE desktop Windows 8.1.1 x64 Professional on a MS Surface Pro tablet Windows 10 Build 9860 x64 on an older Dell XPS 410

This is on Windows 8.1.1 x64 Professional with IE 11 as the only browser. My system is a Dell XPS 8700 SE with 24 gbytes RAM, SSDs and an Intel i7-4770 CPU, 3.40 GHz so it has a lot of horsepower. Upgraded MBAE Premium 1.04 with 1.05.1004. There is a noticeable slowdown in the initial opening of IE 11. Once IE 11 is open, it seems to respond without any slowdown.

Ashampoo 14 UpdateMediator.exe is falsely detected as Spyware.Password MBAMFalsePositive.txt updateMediator.zip

This is on Windows 8.1+ x64 Professional (fully up-to-date). MBAM 2.0.1.1004 crashes when viewing a scan log. I have attached the *.dmp, logs, system info, and Event Viewer text for the Event ID 1000 crash of MBAM. Please note that I did a clean install yesterday of MBAM and thought that fixed the crash problem; however, the crash returned. MBAMCrashDump&Logs.zip

The clean removal tool and re-install appears to have fixed the problem. I am not running BitLocker or any other encryption software. Thanks much for your prompt response and expert advice. Really do appreciate it.

This crash seems to be centered around closing the "settings" window when MBAM attempts to save settings.

This is on Windows 8.1+ x64 Professional (with latest update). MBAM is frequently crashing with an Event ID 1000 crash. This is occurring when I close the GUI. MBAM is installed totally fresh on the system. Logs and the dump are attached. MBAMCrashLogs.zip

Sorry! 4 files attached.

4 files are attached.

4 files in TuneUp Utilities 2014 are falsely detected as Trojan.Agent.ED

Files Detected: 1 H:\Unlocker\Unlocker1.9.2.exe (PUP.Optional.Babylon.A) -> No action taken. [a5c599ca25473cfaadad351240c1926e] Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.30.02 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16635 Tom Ray :: TOMSWIN8PRO [administrator] Protection: Disabled 7/30/2013 12:49:00 AM MBAM-log-2013-07-30 (00-49-48).txt Scan type: Full scan (H:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 207686 Time elapsed: 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 H:\Unlocker\Unlocker1.9.2.exe (PUP.Optional.Babylon.A) -> No action taken. [a5c599ca25473cfaadad351240c1926e] (end)

This is on Windows 7 SP1 x86 and x64 Professional with latest MBAM version and definitions update. EMCO file Unlockit.exe is being falsely detected as Trojan.Onlinegames. Malwarebytes Anti-Malware (PRO) 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.02.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Tom Ray :: TOMSWIN7X64 [administrator] Protection: Disabled 11/2/2012 1:07:55 PM mbam-log-2012-11-02 (13-28-34).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 315690 Time elapsed: 20 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Program Files (x86)\EMCO\UnLock IT\v3\UnLockIT.exe (Trojan.Onlinegames) -> No action taken. [94ede6cc411cf83e0ca4d654b84858a8] (end)

Fix confirmed. Thanks much

Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5360 Windows 6.1.7600 Internet Explorer 9.0.7930.16406 12/20/2010 4:04:20 AM mbam-log-2010-12-20 (04-04-11).txt Scan type: Full scan (C:\|D:\|O:\|) Objects scanned: 255164 Time elapsed: 19 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\program files (x86)\trojanhunter 5.3\rulefiles\Gen.dll (Spyware.Banker) -> No action taken. [c12fb361847ca75937adcb8fb34dfb05]

Windows 7 x64 Professional, MBAM 1.50 Beta. Malwarebytes' Anti-Malware 1.50 Public Beta www.malwarebytes.org Database version: 5093 Windows 6.1.7600 Internet Explorer 9.0.7930.16406 11/10/2010 9:21:20 PM mbam-log-2010-11-10 (21-21-12).txt Scan type: Full scan (C:\|D:\|O:\|) Objects scanned: 250262 Time elapsed: 17 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Windows\winsxs\amd64_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.1.7600.16385_none_622070221822eb39\purbleplace.exe (Trojan.Crypt) -> No action taken. [eef783909070ce32a51fa4bc679942be]

As I said, in PD 11 the BlockedFileList is installed automatically when you install PD 11. HOWEVER, it may not contain mbamservice.exe yet because Raxco just learned of this yesterday.

I do not have SAS realtime protection enabled along side MBAM realtime. On my Windows 7 x86 Pro computer, only NIS 2010 is active with MBAM Pro; on my Win 7 x64 only Avira Premium Security Suite V9.0 is active with MBAM Pro. Raxco was notified and confirmed the issue. They are adding mbamservice.exe to the BlockedFileList of files. My PD 11 Professional is not beta. I got an early final release because I have Raxco's extended support service. PD 11 is suppose to be released 09-Mar-10 to the general public.

You can see other files that PerfectDisk boot time defrag blocks at the knowledge base article below. http://www.perfectdisk.com/support/kb/823 I had this same issue with PD 10, Vista x64 Professional, and with SuperAntiSpyware Pro prior to upgrading to Windows 7 x64. You will see SAS in the list of blocked programs in the article above for PD 10. In PD 10, this BlockedFileList had to be user installed. In PD 11, the PD installer automatically adds this list to the registry. With PD 11 and MBAM real-time, it did not occur on my Windows 7 x64 Professional computer but did on my Windows 7 x86 Professional computer. Note that until 08-March-2010, I was running the free MBAM on both systems. No issues occurred between PD 11 and MBAM. I licensed both computers on 08-March-2010 and activated MBAM protection. That's when the PD 11 Pro boot time BSOD started occurring on the Win 7 x86 system. The BSOD occurs (100% repeatable) at the very beginning of the boot time defrag before PD 11 starts any file moving. From everything I have heard/read, this is an unpredictable event. It occurs on some computers and not on others.

On my Windows 7 x86 Professional system with PerfectDisk 11 Professional and MBAM V1.44, the system will BSOD on every boot time defrag unless this BlockedFileList fix is applied. Raxco acknowledged the issue as well.

Users of PerfectDisk 11 and MBAM realtime on Windows 7 x64 and x86 may encounter a BSOD at the time PerfectDisk 11 begins a Boot Time defrag on system reboot. There is a conflict between PerfectDisk 11 Boot Time defrag and mbamservice.exe. To correct this issue, a manual registry modification needs to be made. At HKLM\SYSTEM\CurrentControlSet\services\DefragFS\Parameters, add mbamservice.exe to the BlockedFileList Multi-SZ list. Raxco has been contacted and is updating their expanding list of blocked files. Note that this blocks the service from loading at the time the Boot Time defrag is being performed. Once the Boot Time defrag is completed, PerfectDisk restarts the Windows load and mbamservice.exe will start up as needed.

False positive on one of the modules of security program TrojanHunter. Attached is the SubmitFiles.exe module. Malwarebytes' Anti-Malware 1.44 Database version: 3606 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 1/21/2010 12:54:20 AM mbam-log-2010-01-21 (00-54-08).txt Scan type: Full Scan (C:\|D:\|O:\|) Objects scanned: 211134 Time elapsed: 20 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files (x86)\TrojanHunter 5.2\SubmitFiles\SubmitFiles.exe (Malware.Packer.Gen) -> No action taken. [835E6C5E7E126F453CC830BC12A6DBFD]

Fix confirmed