Jump to content

John A

Honorary Members
  • Posts

  • Joined

  • Last visited

Everything posted by John A

  1. There appears to be an issue with MBAE when Secunia PSI runs. Windows 7 x 32 I started Secunia PSI for the first time since installing MBAE. It scanned but PSI didn't display results. Restarted PSI and it crashed with the error below. Right clicked on MBAE and Stopped protection PSI crashed again Could not restart MBAE protection - right click non-functional Restarted computer, MBAE OK Removed PSI, installed latest version, same problem - MBAE right click non-functional Removed MBAE, PSI still crashed Removed PSI, reinstalled MBAE, MBAE OK Reported issue to Secunia. Log Name: Application Source: Application Error Date: 13/11/2013 8:01:18 PM Event ID: 1000 Task Category: (100) Level: Error Keywords: Classic User: N/A Computer: John-PC Description: Faulting application name: PSIA.exe, version:, time stamp: 0x5277789f Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c Exception code: 0xc0000005 Fault offset: 0x00055f99 Faulting process id: 0x520 Faulting application start time: 0x01cee04e30faf0ab Faulting application path: C:\Program Files\Secunia\PSI\PSIA.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 283f1dc8-4c42-11e3-8d30-001a4d44f605 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Application Error" /> <EventID Qualifiers="0">1000</EventID> <Level>2</Level> <Task>100</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2013-11-13T09:01:18.000000000Z" /> <EventRecordID>25172</EventRecordID> <Channel>Application</Channel> <Computer>JohnMarg-PC</Computer> <Security /> </System> <EventData> <Data>PSIA.exe</Data> <Data></Data> <Data>5277789f</Data> <Data>ntdll.dll</Data> <Data>6.1.7601.18247</Data> <Data>521ea91c</Data> <Data>c0000005</Data> <Data>00055f99</Data> <Data>520</Data> <Data>01cee04e30faf0ab</Data> <Data>C:\Program Files\Secunia\PSI\PSIA.exe</Data> <Data>C:\Windows\SYSTEM32\ntdll.dll</Data> <Data>283f1dc8-4c42-11e3-8d30-001a4d44f605</Data> </EventData>
  2. See attached mbae-default.log dds.zip
  3. I have just noticed that MBAE reports 3 blocked exploit attempts (see image). Yet there is no record of any of these in the logs, and I have received no advices from MBAE about these. What is interesting is that it has crashed 3 times - I therefore wonder if the crashes occured after detecting an exploit during the blocked exploit processing.
  4. Another crash occurred today... Log Name: Application Source: Application Error Date: 9/11/2013 9:48:38 AM Event ID: 1000 Task Category: (100) Level: Error Keywords: Classic User: N/A Computer: John-PC Description: Faulting application name: mbae.exe, version:, time stamp: 0x5267e260 Faulting module name: MSVCR100D.dll, version: 10.0.30319.1, time stamp: 0x4ba1dbd4 Exception code: 0xc0000005 Fault offset: 0x000f32a4 Faulting process id: 0xa48 Faulting application start time: 0x01cedcb6c6464538 Faulting application path: C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe Faulting module path: C:\Windows\system32\MSVCR100D.dll Report Id: e79ee910-48c7-11e3-8d3b-001a4d44f605 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Application Error" /> <EventID Qualifiers="0">1000</EventID> <Level>2</Level> <Task>100</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2013-11-08T22:48:38.000000000Z" /> <EventRecordID>24170</EventRecordID> <Channel>Application</Channel> <Computer>John-PC</Computer> <Security /> </System> <EventData> <Data>mbae.exe</Data> <Data></Data> <Data>5267e260</Data> <Data>MSVCR100D.dll</Data> <Data>10.0.30319.1</Data> <Data>4ba1dbd4</Data> <Data>c0000005</Data> <Data>000f32a4</Data> <Data>a48</Data> <Data>01cedcb6c6464538</Data> <Data>C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe</Data> <Data>C:\Windows\system32\MSVCR100D.dll</Data> <Data>e79ee910-48c7-11e3-8d3b-001a4d44f605</Data> </EventData>
  5. Looking through my event log I also discovered these two entries regarding another crash of MBAE that got passed me, both occurring at the same second. 8 seconds before this, gupdate was reported to have run, if that is relevant. I have the crash dump files available in a zip file but don't want to post them on the forum This was first: Log Name: Application Source: Windows Error Reporting Date: 8/11/2013 3:00:00 PM Event ID: 1001 Task Category: None Level: Information Keywords: Classic User: N/A Computer: John-PC Description: Fault bucket , type 0 Event Name: AppHangB1 Response: Not available Cab Id: 0 Problem signature: P1: mbae.exe P2: P3: 5267e260 P4: 9892 P5: 513 P6: P7: P8: P9: P10: Attached files: C:\Windows\Temp\WERF0C4.tmp.appcompat.txt C:\Windows\Temp\WERF123.tmp.xml C:\Windows\Temp\WERF153.tmp.WERInternalMetadata.xml C:\Windows\Temp\WERF163.tmp.hdmp C:\Windows\Temp\WERF2DB.tmp.mdmp These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_mbae.exe_394bc3d11bdcb3d28279eddeba15584d3fa07b4_cab_0801f344 Analysis symbol: Rechecking for solution: 0 Report Id: 3c47b4ff-482a-11e3-8d2e-001a4d44f605 Report Status: 4 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Windows Error Reporting" /> <EventID Qualifiers="0">1001</EventID> <Level>4</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2013-11-08T04:00:00.000000000Z" /> <EventRecordID>23948</EventRecordID> <Channel>Application</Channel> <Computer>John-PC</Computer> <Security /> </System> <EventData> <Data> </Data> <Data>0</Data> <Data>AppHangB1</Data> <Data>Not available</Data> <Data>0</Data> <Data>mbae.exe</Data> <Data></Data> <Data>5267e260</Data> <Data>9892</Data> <Data>513</Data> <Data> </Data> <Data> </Data> <Data> </Data> <Data> </Data> <Data> </Data> <Data> C:\Windows\Temp\WERF0C4.tmp.appcompat.txt C:\Windows\Temp\WERF123.tmp.xml C:\Windows\Temp\WERF153.tmp.WERInternalMetadata.xml C:\Windows\Temp\WERF163.tmp.hdmp C:\Windows\Temp\WERF2DB.tmp.mdmp</Data> <Data>C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppHang_mbae.exe_394bc3d11bdcb3d28279eddeba15584d3fa07b4_cab_0801f344</Data> <Data> </Data> <Data>0</Data> <Data>3c47b4ff-482a-11e3-8d2e-001a4d44f605</Data> <Data>4</Data> </EventData> </Event> Log Name: Application Source: Application Hang Date: 8/11/2013 3:00:00 PM Event ID: 1002 Task Category: (101) Level: Error Keywords: Classic User: N/A Computer: John-PC Description: The program mbae.exe version stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ff4 Start Time: 01cedc2fcdfa0fc7 Termination Time: 15 Application Path: C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe Report Id: 3c47b4ff-482a-11e3-8d2e-001a4d44f605 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Application Hang" /> <EventID Qualifiers="0">1002</EventID> <Level>2</Level> <Task>101</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2013-11-08T04:00:00.000000000Z" /> <EventRecordID>23949</EventRecordID> <Channel>Application</Channel> <Computer>John-PC</Computer> <Security /> </System> <EventData> <Data>mbae.exe</Data> <Data></Data> <Data>ff4</Data> <Data>01cedc2fcdfa0fc7</Data> <Data>15</Data> <Data>C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe</Data> <Data>3c47b4ff-482a-11e3-8d2e-001a4d44f605</Data> <Binary>430072006F00730073002D00740068007200650061006400000044006500610064006C006F0063006B0000000000</Binary> </EventData> </Event>
  6. These two log entries occurred a couple of seconds before the crash I initially reported, I don't know if they are related. Log Name: Application Source: SkypeUpdate Date: 8/11/2013 6:55:41 PM Event ID: 101 Task Category: Service Events Level: Information Keywords: Classic User: N/A Computer: John-PC Description: Service stopped. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="SkypeUpdate" /> <EventID Qualifiers="0">101</EventID> <Level>4</Level> <Task>1</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2013-11-08T07:55:41.000000000Z" /> <EventRecordID>23981</EventRecordID> <Channel>Application</Channel> <Computer>John-PC</Computer> <Security /> </System> <EventData> </EventData> </Event> Log Name: Application Source: SkypeUpdate Date: 8/11/2013 6:55:40 PM Event ID: 103 Task Category: Service Events Level: Information Keywords: Classic User: N/A Computer: John-PC Description: SkypeUpdate service is shutting down due to idle timeout. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="SkypeUpdate" /> <EventID Qualifiers="0">103</EventID> <Level>4</Level> <Task>1</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2013-11-08T07:55:40.000000000Z" /> <EventRecordID>23980</EventRecordID> <Channel>Application</Channel> <Computer>John-PC</Computer> <Security /> </System> <EventData> <Data>SkypeUpdate</Data> </EventData> </Event>
  7. I recall that the error occurred around the time when I clicked a button on the website to send an email receipt, I don't know if that helps?
  8. Sorry, I have tried a few things but I am unable to replicate this. I am unsure what else was open at the time and I can only go so far through the car registration renewal process again because the renewal process has already occurred. I will keep trying!
  9. AntiExploit failed with the following details. At the time I was using IE10 and accessing http://www.myrta.com/wps/portal/extvp/myrta/rego/renew-transfer-rego/ Windows 7 x 32 MSE * Malwarebytes Pro * IE10 * with recommended exclusions Faulting application name: mbae.exe, version:, time stamp: 0x5267e260 Faulting module name: MSVCR100D.dll, version: 10.0.30319.1, time stamp: 0x4ba1dbd4 Exception code: 0xc0000005 Fault offset: 0x001159da Faulting process id: 0x9b4 Faulting application start time: 0x01cedc57ca1a92e9 Faulting application path: C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe Faulting module path: C:\Windows\system32\MSVCR100D.dll Report Id: 2eef077b-484b-11e3-8cd9-001a4d44f605 Log Name: Application Source: Application Error Date: 8/11/2013 6:55:50 PM Event ID: 1000 Task Category: (100) Level: Error Keywords: Classic User: N/A Computer: John-PC Description: Faulting application name: mbae.exe, version:, time stamp: 0x5267e260 Faulting module name: MSVCR100D.dll, version: 10.0.30319.1, time stamp: 0x4ba1dbd4 Exception code: 0xc0000005 Fault offset: 0x001159da Faulting process id: 0x9b4 Faulting application start time: 0x01cedc57ca1a92e9 Faulting application path: C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe Faulting module path: C:\Windows\system32\MSVCR100D.dll Report Id: 2eef077b-484b-11e3-8cd9-001a4d44f605 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Application Error" /> <EventID Qualifiers="0">1000</EventID> <Level>2</Level> <Task>100</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2013-11-08T07:55:50.000000000Z" /> <EventRecordID>23982</EventRecordID> <Channel>Application</Channel> <Computer>John-PC</Computer> <Security /> </System> <EventData> <Data>mbae.exe</Data> <Data></Data> <Data>5267e260</Data> <Data>MSVCR100D.dll</Data> <Data>10.0.30319.1</Data> <Data>4ba1dbd4</Data> <Data>c0000005</Data> <Data>001159da</Data> <Data>9b4</Data> <Data>01cedc57ca1a92e9</Data> <Data>C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe</Data> <Data>C:\Windows\system32\MSVCR100D.dll</Data> <Data>2eef077b-484b-11e3-8cd9-001a4d44f605</Data> </EventData> </Event>
  10. I also have no problems running on Windows 8.1 Pro with Media Center x 64
  11. The attached shows a log entry (from your test file) - when I select it, the Exclude button isn't active.
  12. Does the application update itself automatically?
  13. Running OK on two computers with Malwarebytes Pro, MSE, W7 x 32, IE10. Two questions: (1) I tried the Exploit Test program which produced a message that it had blocked an exploit. Are there plans to include more info in this message , such as which process caused it? (2) How do I add exclusions? I see only a way to remove exclusions
  14. No worries. I am glad to have the full list of mirrors for future reference. Cheers John
  15. As I said, this happened on two different computers, two different internet connections. Also happened using IE and Firefox. However now the CNET download works fine, must have been a transient problem with CNET But the Bleeping Computer link in your reply still fails (see attached file). I discovered that you need a slash at the end of the URL in your link, ie http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/, then it works fine.
  16. Thanks daledoc1, very helpful. The Bleeping Computer and Yahoo links don't work, the others are fine.
  17. I am trying to download the free version of Malwarebytes from CNET using the link on your web site. The download is painfully slow for a while then it just stops, eg at 65%. This happens on two different computers and on both ADSL and 3G wireless connections. All other internet access is normal. Is there an alternative site I can try?
  18. This occurs when opening an email newsletter from a reputable on-line shop oo.com.au IP-BLOCK (Type: outgoing, Port: 50027, Process: wlmail.exe) I have reported this issue to them but I want to check with you that it is not a false+
  19. I wanted to post my experience with this issue. I was using my Windows 7 desktop when the problem hit - I saw an alert from Malwarebytes, clicked on it then saw another. At that point I tried to open Malwarebytes from the tray icon but it did not respond (now I know it was very busy quarantining files). I kept trying to open it and kept getting no response. So I suspected that malware had hit my computer and had disabled/screwed Malwarebytes. So I immediately forced a shut down. On restart I had a catastrophic failure as the login facility was disabled. I then started my Windows 8 laptop to see if the same issues appeared there, but fortunately I stopped it starting as I suddenly had the thought that this could possible be a problem with false positives from Malwarebytes. Just as well I stopped it or it would have been hosed as well!! I started up an old XP netbook that did not have MB installed and had a look at the MB forum then discovered the problem was a MB update. Back to my desktop - I put a recovery disk in and did a System Restore. The system then started OK, but Windows Update failed to work and SFC refused to start. With those key procedures failing I had grave suspicions about the integrity of my system. I summarised that it may be possible to apparently repair the system, only to find some other component failing later. I tried to restore a Windows 7 Backup disk image and that failed!!!! So I re-formatted and reinstalled Windows, software and data (which I backup separately). This took a couple of days work, but my system is now a bit livelier so I am happy. But had I also lost my Windows 8 and Windows 7 laptops I would not have been impressed! I suspect that Malwarebytes tied itself up in knots because there were so many files being quarantined. I have temporarily disabled Malwarebytes file system protection on all my computers. I would like to know if the quality control procedures promised by you have been implemented yet. If so I will re-enable protection.
  20. This is an annoying problem with this forum in IE10, Windows 7 or Windows 8. Can't enter new line in IE10 Writing a post on this forum I cannot take a new line using Enter button or any other method unless I switch from rich text to plain text. This does not happen in Firefox and did not happen in IE9. Seems like an issue with IE10?
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.