Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by LiquidTension

  1. We are aware of an issue involving sporadic freezes/lock-ups of machines running the latest version of Malwarebytes for Windows and Windows 7. This issue is currently being investigated and further updates will be provided in this forum topic. We apologise for the inconvenience this has caused and are working hard to identify the cause and provide a permanent solution. Known Information: The following information is know about the issue. Certain Windows 7 (any edition) machines are affected (hardware/software dependent). Only Malwarebytes for Windows version 3.6.1 CU 1.0.508 with Premium activated is affected. Earlier versions are unaffected. To check if you have this version installed, open Malwarebytes and click Settings followed by About. The machine will sporadically freeze/lock-up with no ability to use input devices or overcome the issue. A hard reboot is required. Known Workarounds: It has been reported that either of the following workarounds have a high success rate in mitigating the issue entirely. Disable Malwarebytes for Windows Web Protection. Open Malwarebytes for Windows. Toggle the Web Protection switch off. Click Yes if prompted by User Account Control (UAC). To suppress the 'Real-Time Protection turned off' notifications, do the following: Click Settings. Ensure the Application tab is selected. Under Notifications, toggle the 'Show notifications when Real Time Protection [...]' setting off. Revert to the previous Malwarebytes for Windows components package. Download the setup file from the following link: https://malwarebytes.box.com/s/xq78v2de2k893g1h41upzbtqmsc6t375 Run the downloaded setup file to over-the-top install the earlier version. This will remove the current version and install the earlier. Note: Once installed, verify Malwarebytes Premium is activated by confirming "Malwarebytes Premium" is displayed on the Dashboard. To prevent the program from automatically updating to the latest affected version, do the following: Open Malwarebytes for Windows and click Settings. Ensure the Application tab is selected. Under Application Updates, toggle the 'Automatically download and install application component updates' setting off. Troubleshooting: If you would like to assist the on-going investigation into the cause of this issue, please refer to the troubleshooting steps below. Thank you to all those who have provided feedback and troubleshooting information on this issue so far. Step #1: Malwarebytes Support Tool (MBST) Please download MBST using the link below: http://downloads.malwarebytes.com/file/mbst Once the file is downloaded, open your Downloads folder or the location of the downloaded file. Double-click mb-support-#.#.#.###.exe to run the program. If prompted, place a checkmark next to Accept License Agreement and click Next. Click the Advanced menu on the left. Please do not click Start Repair. Click Gather Logs. Upon completion, click OK. A file named mbst-grab-results.zip will be saved to your Desktop. Step #2: System Information Press the Windows Key + R on your keyboard at the same time. Type msinfo32 and click OK. A new window will open. Click File followed by Save. Give the file a name, select your Desktop as the location and click Save. Drag the saved .nfo file into the mbst-grab-results.zip on your Desktop to add it to the Zip file. Step #3: Provide Zip file Create a post in the following discussion topic by opening the link and clicking Reply to this topic. Attach the mbst-grab-results.zip file located on your Desktop in your post. Click "Reveal Hidden Contents" below for details on how to attach a file. (Optional) Step #4: PSList Please download PSList.zip using the link below: https://malwarebytes.box.com/shared/static/jrbrzr4rpbu4rlstl4abq0ghglg24hov.zip Open your Downloads folder. Right-click PSList.zip and click Extract All.... Ensure Show extracted files when complete is checked and click Extract. A folder will open. Open the PSList folder inside. Right-click PSList64.bat (use PSList.bat if you are running 32-bit Windows) and click Run as administrator. Note: If you are prompted by Windows SmartScreen, click More info followed by Run anyway. A black console window will appear. Each second, a new text file will be written to the extracted PSList folder.. Please leave the console window open and wait for the machine to freeze/lock up. Note: Running the batch file for extended periods of time may potentially result in a large amount of consumed disk space. If this is an issue, output files generated earlier in the process can be deleted. For example, if Output3000.txt is reached in the extracted PSList folder, delete files 1 through to 2000. Once the machine has locked up, force a restart. After the machine has restarted, right-click the extracted PSList folder and click Send to followed by Compressed (Zipped) folder. Name the Zip file PSList-Output. Repeat Step #3 to attach the file to your forum post. (Optional) Step #5: Change network adapter We are currently exploring the possible correlation between this issue and certain network adapters. If you are in a position to disable the network adapter currently in use, please do so and check if the issue still occurs with a different network adapter in use. Click the Start button followed by Control Panel. Click Network and Sharing Center or View network status and tasks under Network and Internet. Click Change adapter settings. Right-click the in-use network adapter and click Disable. Connect to the Internet using a different network adapter (e.g. insert an Ethernet cable). Please let us know which network adapter you disabled, which you switched to and if this had any impact on the issue. Please use the following topic for discussion on the issue: https://forums.malwarebytes.com/topic/240530-another-windows-7-x64-freeze-after-the-10508-update
  2. LiquidTension

    Windows 10 Defender disabled

    Thanks Chuck. Please download batch.bat using the following link: https://malwarebytes.box.com/s/jlhjsposwb7q81ihpsr6au89b7f4pd3v Right-click the file and click Run as administrator. A file named query2.txt will be saved to your Desktop. Please attach this in a post. Afterwards, please restart the computer (Start button > Power button > Click Restart; not Shut down). After the restart, do the following: Press the Windows Key + R on your keyboard at the same time. Type services.msc and click OK. Scroll down to Windows Defender Antivirus Service. Right-click and click Properties. Click Start. Let me know the results.
  3. Hi zarthan, Please hold off on running the FRST fix above (in post #7). Thank you for providing the mbst-grab-results.zip. Please do the following: Right-click the Malwarebytes icon in the notification area (next to the clock) and click Quit Malwarebytes. Press the Windows Key + R on your keyboard at the same time. Type services.msc and click OK. Scroll through the list of services until you reach Malwarebytes Service. Right-click Malwarebytes Service and click Properties. Set the Startup type to Automatic (Delayed Start). Click OK and close the Services window. Once done, please restart the computer (Start button > arrow next to Shut down > Restart). After the restart, please try to open Malwarebytes. Let me know how you get on. If you still encounter an issue, please let me know how you're attempting to launch Malwarebytes.
  4. I'm sorry to hear of the issue you've experienced. Please provide the log file referenced in the post above and we'll look into the cause of this issue.
  5. LiquidTension

    Unable to contact license server (another)

    The logs indicate the connection to the licensing server is timing out. Have you made any recent changes to the computer or environment/network? Does the same issue occur in Safe Mode with Networking? https://support.microsoft.com/en-gb/help/12376/windows-10-start-your-pc-in-safe-mode In Normal Mode, can you try temporarily disabling Windows Firewall and check if the issue still occurs: https://www.tenforums.com/tutorials/70699-turn-off-windows-defender-firewall-windows-10-a.html#option4
  6. Thank you. I'm not seeing any reference to Ransomware Protection in that log. Please do the following: Enable Malwarebytes Enhanced Event Log Data Setting Open Malwarebytes. Click the Settings menu. Ensure the Application tab is selected. Scroll down to Event Log Data. Turn the Collect enhanced event log data for support setting On. Rerun Process Monitor in the same manner you did before, but don't stop the capture yet. Quit Malwarebytes (right-click the Malwarebytes icon in the notification area and click Quit Malwarebytes). Relaunch Malwarebytes, wait for the user interface to open and confirm Ransomware Protection is off. Return to Process Monitor. Click File followed by Capture Events and repeat the earlier steps to Zip up the generated log. Rerun the Malwarebytes Support Tool as well. Click Advanced > Gather Logs and attach the generated mbst-grab-results.zip (found on your Desktop). https://downloads.malwarebytes.com/file/mbst
  7. I have no issues with Process Monitor boot time logging on Windows XP. It could very well be related to the same issue you're encountering with MBAMChameleon boot start. I'm looking into other potential methods of obtaining similar information. In the meantime, you may want to leave the start type as System. This is expected. You should find the process automatically restarts.
  8. Yes, that would be helpful. Thank you.
  9. LiquidTension

    Windows 10 Defender disabled

    Hi Chuck, I see you're running an outdated version of Windows 10. Have you considered updating to the latest version? Windows 10 Home Version 1803 17134.523 Here is the source of your issue: Error: (01/16/2019 10:38:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MsMpEng.exe, version: 4.18.1812.3, time stamp: 0xaa8bf4c9 Faulting module name: mpengine.dll, version: 1.1.15500.2, time stamp: 0x5bff8402 Exception code: 0xc0000005 Fault offset: 0x0000000000185014 Faulting process id: 0x18d0 Faulting application start time: 0x01d4ae26dfcbc18c Faulting application path: C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{31014893-3B92-4278-A6DC-46D6DC812EC0}\mpengine.dll Report Id: 65675de3-e275-488f-ab22-b9472624e4d4 Faulting package full name: Faulting package-relative application ID: Please do the following: SFC /Scannow Please download sfc_scannow.bat using the link below. https://malwarebytes.box.com/s/71uel6xlgciq5fitx1lq8a6jqo3ck4mi Open your Downloads folder. Right-click sfc_scannow.bat and select Run as administrator to run the file. Note: If you are prompted by Windows SmartScreen, click More info followed by Run anyway. A black Command Prompt window will appear. Upon completion, a file named mb-cbs-log.txt will be created on your Desktop. Please attach the file in your next reply. Also, please run the following command at the Command Prompt and provide the generated output saved to your desktop. reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /s >> "%userprofile%\desktop\query.txt"
  10. Thank you. I'll look into the error and update the script accordingly. In the meantime, please manually download and run Process Monitor: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon Extract the downloaded file and run procmon.exe. Once Process Monitor is running, open Malwarebytes, click Settings, click Protection and try to toggle Ransomware Protection to on. When it fails to turn on, return to Process Monitor. Click File followed by Capture Events. This will remove the checkmark and stop the capture. Click File, followed by Save. Click OK. One or more files named Logfile.pml will be saved to the chosen location. Please Zip up all of the files (highlight all files > right-click > Send to > Compressed (Zipped) folder) and attach the file in a post. If the file is too large, upload it to WeTransfer.com and provide the generated link.
  11. Hi Dan, Thanks for reporting this. We're currently tracking an issue with certain protection components failing to start. To confirm, if you start a new Malwarebytes session (right-click the Malwarebytes icon in the notification area and click Quit Malwarebytes) and the relaunch Malwarebytes, is Ransomware Protection still tuned off? We'd like to get a Process Monitor log captured during a failed attempt to turn Ransomware Protection on. Please refer to the steps below. Run Process Monitor Please download run_procmon.bat using the link below. → https://malwarebytes.box.com/s/he92cwwd71sa0w7waiub8wx69ymb5d4i Open your Downloads folder. Double-click run_procmon.bat. Click Yes if prompted by User Account Control. Note: If you are prompted by Windows SmartScreen, click More info followed by Run anyway. A black Command Prompt window will appear. When prompted to carry out the tasks, please do the following: Open Malwarebytes and try to turn Ransomware Protection on. Once done, click inside the Command Prompt window and press Y on your keyboard followed by Enter. Upon completion, a file named procmon-log.zip will be saved to your Desktop. Please attach the file in your next reply. Note: If the file is too large, you will be provided instructions to upload the file to a file hosting website (wetransfer.com).
  12. LiquidTension

    Malwarebytes keeps turning off

    Thanks for the follow-up!
  13. That's correct. The license is first backed up and then deactivated when the tool removes Malwarebytes. If the user opts to reinstall Malwarebytes after the reboot via the tool, the backed up license will be used by the installer to automatically activate Premium. I edited my post above to clarify that a manual reinstallation will require manual reactivation.
  14. LiquidTension

    MBAM Service sending data

    The domains depicted in your screenshot are related to Malwarebytes update checks and license state/key check-ins. Note that disabling telemetry within the settings will prevent normal usage telemetry from being sent up, but does not suppress certain threat detection telemetry as this is required for normal operation of certain Real-Time Protection components.
  15. Understood. The purpose is not to resolve the issue, but to start the next set of troubleshooting from a consistent starting point. Can you enable boot time logging in Process Monitor: https://www.msigeek.com/6231/how-to-enable-system-boot-time-logging-using-process-monitor-tool Reboot the computer. After the reboot, rerun Process Monitor and click Yes when prompted if you wish to save the collected data. Zip up the generated .pml files and upload to WeTransfer.com.
  16. Providing the machine is connected to the Internet and keystone.mwbsys.com is reachable, uninstalling Malwarebytes (via Programs and Features, Malwarebytes Support Tool, etc) will automatically deactivate the license. Manually reinstalling Malwarebytes on the same machine will therefore require a reactivation of Premium. This doesn't apply to an over-the-top installation, which will retain the license state.
  17. Please refer to the workarounds listed in the following topic: https://forums.malwarebytes.com/topic/241223-malwarebytes-for-windows-and-windows-7-freezelock-up/?tab=comments#comment-1291076 The second workaround will allow you to keep Malwarebytes installed, only with an earlier components package version. To confirm, do you continue to experience complete system freezes with Web Protection disabled or after reverting to the previous components package version? Please refer to the topic linked above.
  18. Thanks for the follow-up. Let us know if you encounter any further issues.
  19. Please see this topic for current workarounds: https://forums.malwarebytes.com/topic/241223-malwarebytes-for-windows-and-windows-7-freezelock-up/ We are working on a more permanent solution and will update the topic as soon as possible.
  20. LiquidTension

    new computer no account access

    Hello bplantcjf, The Support team have been made aware of your issue/ticket and will respond as soon as possible.
  21. The expected behaviour currently is to only clear the item from the menu when the main Malwarebytes service (MBAMService) is restarted. If the item persists over a reboot, it might be because you're experiencing repeat/consistent blocks involving the same IP address/domain - this is something we can investigate if the requested log file in post #2 is provided. Thank you for the feedback. It will be passed onto the development team.
  22. Hi Marvin, This is currently being looked into. I'll send you a message here on the forum with further details once I have them.
  23. LiquidTension

    How to store passwords in my account

    If the same email address used to register the MyAccount account was also used to originally purchase the lifetime license from the Malwarebytes website, it should automatically appear in MyAccount. If a different email address was used to purchase the lifetime license from the Malwarebytes website, a support request will need to be created.
  24. LiquidTension

    Mbamservice.exe crashes - LesH2

    Hi Les, Are the mbamservice crashes being recorded in the Windows Event Logs? Can you take a screenshot of what you're seeing please. Please rerun the Malwarebytes Support Tool. Click Advanced > Gather Logs and attach the newly created mbst-grab-results.zip (found on your desktop).
  25. Hi Dave, Please run the Malwarebytes Support Tool and perform a clean reinstallation of Malwarebytes (Advanced > Clean). Once done, open Malwarebytes and verify the "Enable self-protection module" setting is On. Run the two commands below: sc query mbamchameleon > "%userprofile%\desktop\query1.txt" sc qc mbamchameleon >> "%userprofile%\desktop\query1.txt" Now turn "Enable self-protection early start" on. What happens? Please avoid manually changing the start type in the registry for now. Afterwards, run the two commands below: sc query mbamchameleon > "%userprofile%\desktop\query2.txt" sc qc mbamchameleon >> "%userprofile%\desktop\query2.txt" Please attach query1.txt and query2.txt (found on your desktop).

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.