Jump to content

jweigang

Honorary Members
  • Posts

    21
  • Joined

  • Last visited

Everything posted by jweigang

  1. Started getting a false positive from the very useful Icon Configuration Utility, last changed in Sept. 2018. https://funk.eu/icu-icon-configuration-utility/ Scan log & zip file attached. MWB_ICU_falsePos.txt ICU_v6_-_Exe.zip
  2. Thank for the info. Updated and you are correct, MBAM no longer complains about arj.exe. Jim
  3. Started getting a malware report from ancient arj.exe, which scans 100% clean on VirusTotal. -Log Details- Scan Date: 7/10/20 Scan Time: 10:48 AM Log File: 5d970bd0-c2bc-11ea-bd3a-000000000000.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.955 Update Package Version: 1.0.26655 License: Premium -System Information- OS: Windows 10 (Build 18362.900) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 276688 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 13 min, 44 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.Generic.602674278, C:\PROGRAM FILES\BIN\ARJ.EXE, No Action By User, 1000000, 0, 1.0.26655, 6CB283CDD39A2A2323EC1466, dds, 00801464 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) ARJ.zip
  4. This morning I started getting a report of Malware.Generic.435098342 from a USB3 card driver. Scans 100% clean on VirusTotal. The .exe file listed in the report lives within the flagged .zip file, so I've attached only the zip. MWBfalse.txt Renesas_driver_Mailiya.zip
  5. Just started getting complaints about the StartIsBack installer. The two copies of the installer on my computer are identical. MBAM_StartIsBack.txt StartIsBackPlusPlus_setup.zip
  6. One thing you should be aware of: With the messed-up window, I can't really operate MBAM's controls--the dialog display is squished horizontally, but the mouse-click zones aren't. So when I click directly on a control on the screen, either the control doesn't work or some other control may be activated. A built-in means of turning off hardware acceleration will need to be operable using the keyboard alone. Personally, I would be happy to be rid of the moving-bar scan-in-progress thing, which seems like the only part of the user interface that needs acceleration. Jim
  7. Damn--it's Ctrl-Enter that sends, Shift-Enter does a newline. Continuing... Found this thread: https://forums.malwarebytes.com/topic/255363-404-menu-is-scrambled-only-some-letters-visable/#comments And the recommended solution fixed the problem: To set the environment variables, ensure the Malwarebytes UI is closed and run the following batch file as administrator: https://malwarebytes.box.com/s/hbxc3vcb8spn2dv6qvnrrtumvrb8iv36 Support Tool Log attached, in case it's of use to the developers. Jim mbst-grab-results.zip
  8. Oops, pressed shift-enter when I meant ctrl-enter and away that message went--incomplete. Continuing... Found this thread: https://forums.malwarebytes.com/topic/255363-404-menu-is-scrambled-only-some-letters-visable/#comments
  9. Fresh install of Win10 (x64) on an older Compaq laptop (Presario F761us). Windows works fine, Chrome/Youtube/Libre Office/Sumatra PDF all work fine, but the Malwarebytes 4 window looks like this: Looks the same if I maximize the window, minimize & restore, resize. In shortcut properties, tried Win7 compatibility, disable fullscreen optimizations, both high DPI checkboxes--no difference. In System Properties > Performance Options > Visual Effects, selected Adjust for best performance--no difference. In the Malwarebytes Support Tool, tried a repair, which reinstalled MBAM 4--no difference. Found this thread: https://forums.malwarebytes.com/topic/255363-404-menu-is-scrambled-only-some-letters-visable/#comments
  10. When did the freeze first start occurring? Dec 18 What were you doing on the computer immediately prior to the latest freeze? Web browsing, Excel, Word--or nothing (idle) Did you notice anything significant occur around the time of the latest freeze (e.g. AV notification, application crash, etc)? No Has a freeze occurred when the computer is idle? Yes, this is how it usually happened once we were trying to diagnose the problem Have you noticed a correlation between high network traffic and the computer freezing? No How often does the computer freeze? Several times a day--until we are tired of dealing with it Are you able to reproduce the freeze on-demand? If the answer is yes, what are the steps? Nothing works any better for us than just waiting How old is the computer? About 6 years. It's a Toshiba P845 Was the computer upgraded from XP/Vista to Windows 7? No, fresh install of Windows 7 in Aug 2018 onto spinning HD, cloned to Samsung EVO 860 SSD Is the computer fully up-to-date with Windows Updates? Which updates have been installed after the first freeze occurred? Yes, including the Dec 2018 updates and, for about a day, even the Jan 2018 updates (still hung) Does the computer have multiple network adapters? If it does, what happens when you disable the adapter currently in use and switch to a different adapter? Tried both the built-in Intel Centrino Wireless-N 2200 adapter and an external Alfa AWUS036H adapter (Realtek-based). Hung with both. Does not hang if you disconnect from wifi (disabling adapter not necessary). BUT--all of the hangs were observed when connected to a Netgear N600 WNDR3400v3 router, and the system would not freeze (in 15+ hours) when connected (via Intel N2200) to a Cisco DP3939 modem+router. Someone mentioned something about hangs being correlated with MBAM automatic definition updates, and the hang patterns I observed match this: Initially, it would take up to two hours for the computer to freeze, but once it had frozen it would re-freeze much more quickly after that--as if the initial wait was for a new definition file to appear (or to be looked for), and after reboot MBAM knew it needed to check and was waiting only a randomizing amount of time.
  11. Some notes about applying Workaround #2: After installing the previous version of MBAM, I immediately turned off application updates. For some reason, the version didn't remember the activation key, so I entered it to engage premium. In doing so, the application updates slider got turned back on and I had to turn it off again. I suggest inserting a line into the "Malwarebytes for Windows and Windows 7 Freeze/Lock-up" writeup, under Known Workarounds #2, as follows: * Run the downloaded setup file... >* Reenter your license key if necessary to activate the product, and after doing so, * To prevent the program from automatically... If people don't notice that activation has turned app updates back on, they may think that Workaround 2 works only for a while.
  12. Attached is the requested troubleshooting information. I don't know how useful this will be, because I ran mbst AFTER uninstalling the problematic '508 version of MBAM and installing the previous version (Workaround #2). Non-tech user is sick & tired of computer freezing and doesn't want to reinstall 508 to duplicate problem. The previous version is working fine on this system; no crashes in 18 hours or so. mbst-grab-results.zip
  13. I would like to thank Bleeping Computer for their article about this problem, which I found in their Twitter stream after struggling for six days to diagnose the freezes on a friend's laptop (which had started back on Dec 18). It would have taken me a LONG time to identify MBAM as the cause because her laptop ran FINE at my place, for 15+ hours, connected to a Cisco DP3939 router, but invariably failed within 2 hrs or so at her place, using a Netgear N600 WNDR3400v3 router. It froze at her place using both the built-in WiFi (Intel, I think) and an external Alfa AWUS036H (Realtek) wifi, so I was looking towards the router or modem as causes. Rather embarrassing, because I was the one who recommended she sign up with Malwarebytes after her Avast subscription expired. But if MBAM weren't so generally reliable, I might have tried disabling it in the course of trying to identify the cause. The fact that it worked perfectly on one router and not another was the diagnostic killer for me.
  14. With 1.0.8351, the scan now reports no threats detected. (I didn't quarantine anything from the previous scan.) Thanks for the quick fix!
  15. Getting report of Trojan.Banker from iasrecst.dll that reports fully clean on VirusTotal.com. Registry keys also flagged, but I don't know how to tell if there is or isn't a problem with them. iasrecst.zip False Positive iasrecst.dll Trojan.Banker.txt
  16. Started getting a probable false positive today from sp38062.exe, which is an HP BIOS update available from here: http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?cc=us&lc=en&dlc=en&softwareitem=ob-56219-1 MWB thinks it's finding Trojan.Carberp.ED in wflash.exe and flash64.exe within the archive. Virustotal and Metascan online call the archive clean. MWBlog_2014-12-28.txt sp38062.zip
  17. Well, that did change something. Now there is no false positive for the sp36409.exe files, but it still claims that Dorkbot lives inside .zip files containing sp36409.exe, and it still identifies RStone.exe (the core problem within sp36409.exe) as being infected. My temp5 directory contains the following: Directory of C:\Temp506/30/2014 06:58 PM <DIR> .06/30/2014 06:58 PM <DIR> ..06/30/2014 12:34 PM 8,698,288 Copy of sp36409.zip06/30/2014 06:58 PM 0 dir.txt06/30/2014 06:58 PM 49,152 RStone.exe06/30/2014 12:31 PM 1,112 scanlog.txt06/30/2014 06:57 PM 1,284 scanlog_6-30-10.txt06/30/2014 12:15 PM 8,939,824 sp36409.exe06/30/2014 12:34 PM 8,698,288 sp36409.zip06/30/2014 12:15 PM 8,939,824 sp36409b.exe 8 File(s) 35,327,772 bytes(with those zip files being what was attached to the original post--just sp36409.exe and scanlog.txt). The log of a scan of this directory, using database 6 30 10, follows. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 6/30/2014Scan Time: 6:56:06 PMLogfile: scanlog_6-30-10.txtAdministrator: Yes Version: 2.00.2.1012Malware Database: v2014.06.30.10Rootkit Database: v2014.06.30.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows XP Service Pack 3CPU: x86File System: NTFSUser: User Scan Type: Threat ScanResult: CompletedObjects Scanned: 6Time Elapsed: 1 min, 10 sec Memory: DisabledStartup: DisabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 3Trojan.Dorkbot.ED, C:\Temp5\Copy of sp36409.zip, , [c6dc85f97407290d7c43036132cf26da], Trojan.Dorkbot.ED, C:\Temp5\RStone.exe, , [c0e2a2dcb8c394a227988dd7d42d8d73], Trojan.Dorkbot.ED, C:\Temp5\sp36409.zip, , [bce6ec92a6d5d264922dc79d837e1ee2], Physical Sectors: 0(No malicious items detected) (end)
  18. RStone.exe (within sp36409.exe) flagged as Trojan.Dorkbot.ED The driver exe comes from here: hxxp://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?cc=us&lc=en&softwareitem=ob-52194-1
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.