Jump to content

LiquidTension

Staff
  • Content Count

    3,084
  • Joined

  • Last visited

Posts posted by LiquidTension


  1. Thanks for the file.

    The log confirms AdwCleaner isn't crashing. Around the time AdwCleaner is launched up until the process exits, there's activity from the following programs:

    • Ashampoo UnInstaller
    • Malwarebytes for Windows
    • Norton Security
    • Acronis True Image
    • Active Desktop Calendar


    Unfortunately, the issue wasn't reproducible after setting up a Windows 7 machine and testing various scenarios with the above software installed.

    We can see that immediately before AdwCleaner exits unexpectedly, Norton Security has opened up the AdwCleaner exe file for reading.
    image.thumb.png.f1bee7a510cb1bb30251c5127a1fd85e.png

    Do you have Norton Security configured with non-default settings?

    I know you mentioned that you've already tried with Norton Security disabled. However, just disabling is sometimes not sufficient. Would you be willing to temporarily uninstall Norton Security, reboot and then try running AdwCleaner once more? At the very least, this will help rule out Norton Security for definite.

    Also, I don't see consent.exe being launched at any point. Just to confirm, when you run AdwCleaner, the User Account Control (UAC) box doesn't appear prompting you to "allow changes"?


  2. Hi @Lollie,

    Please carry out the "technical issue" instructions in post #2 so we can take a closer look at the issue.

    Just to confirm, is the following accurate?

    • When Malwarebytes is running, social options in Fallout 76 do not function correctly.
    • Disabling Web Protection has no impact and the issue persists.
    • After "Quitting Malwarebytes", normal functionality is restored to Fallout 76.


    Do you experience a similar issue with other games/programs?


  3. Thank you for the file. No issues there. We haven't had any other reports of the issue you're encountering and are unable to reproduce it, so the cause is likely something specific to your machine (third-party software configuration, hardware issue, etc).

    Did you carry out the clean boot instructions from earlier? Here's a copy:

    LtF7KGB.png Perform Clean Boot

    • Press the Windows Key + R on your keyboard at the same time. Type msconfig and click OK.
    • On the Services tab of the System Configuration dialog box, select the Hide all Microsoft services check box.
    • Click Disable all.
    • Scroll through the list and look for Malwarebytes Service. Place a checkmark next to this.
    • On the Startup tab of the System Configuration dialog box, click Open Task Manager.
    • On the Startup tab in Task Manager, for each startup item, select the item and then click Disable.
    • Close Task Manager.
    • On the Startup tab of the System Configuration dialog box, click OK and then restart the computer.
    • Log back into your normal user account.
       

    After performing the clean boot, please open Malwarebytes and check if the issue still occurs.


  4. Thanks. There was an issue with downloading the Process Monitor executable.

    It will need to be manually downloaded using the following link: https://live.sysinternals.com/Procmon.exe

    • After downloading the file, run it and wait for the main window to populate.
    • Try to run AdwCleaner. Wait at least 20 seconds after double-clicking the file.
    • Return to the Process Monitor window.
    • Click File -> Capture Events.
    • Click File -> Save.
    • Ensure "All events" is selected, make a note of the path that the file is being saved to and click OK.
    • Navigate to the location of the saved PML file. Right-click the file and click Send to followed by Compressed (Zipped) file.
    • Upload the file to WeTransfer.com and provide the download link in a new post.
      • Open the WeTransfer.come website.
      • Click Add your files, navigate to the location of the Zip file and double-click it.
      • Click (...) and select the link radio button under Send as.
      • Click Transfer.
      • Copy the download link and paste it in a new forum post.

  5. Hello @IsabelCosta,

    The issue you're experiencing is caused by Malwarebytes version 3.7's incompatibility with third-party layered service providers. In your case, this originates from the Internet Lock 6.0 software you have installed on the computer.

    Until we release a fix for this issue, you will either need to uninstall Internet Lock 6.0 and reboot the computer or revert to the previous version of Malwarebytes (version 3.6).

    If you wish to revert, you can download the 3.6 installer using the following link: https://malwarebytes.box.com/s/plo5hdm39who0lwld7j1y5e55rum8z33

    You will also need to disable the, "Notify me when full version updates are available" setting (in Settings -> Application) to prevent being persistently notified of the 3.7 upgrade (which contains the incompatibility).


  6. Hello,

    Thanks for the file. Were you also able to perform the clean boot? What were the results?

    Please do the following:

    MgeHyNE.png SFC /Scannow

    • Please download sfc_scannow.bat using the link below.
      https://malwarebytes.box.com/s/71uel6xlgciq5fitx1lq8a6jqo3ck4mi
    • Open your Downloads folder.
    • Double-click CX41PDv.png sfc_scannow.bat.
    • Note: If you are prompted by Windows SmartScreen, click More info followed by Run anyway.
    • A blue Command Prompt window will appear.
    • Upon completion, a file named 3YDDDvL.png mb-cbs-log.zip will be created on your Desktop.
    • Please attach the file in your next reply.

  7. On 6/8/2019 at 5:36 AM, FeMaster said:

    We are at the 1 month mark with this issue, and there has been nothing additional added to the thread. Can I assume that the problem has not yet been resolved, and that I should not attempt to update to the latest version?

    The update that corrects this issue has yet to be released. As soon as it is, I'll post to this topic.

    Thank you for your patience.


  8. Hello,

    Setting Malwarebytes to "never register" in the Windows Security Center has no impact on the Real-Time Protection provided by the program.

    The issue you've encountered is something we're aware of and will be providing a fix for in an upcoming version of Malwarebytes. Note that when Windows Defender is the only other security product installed, the expected default behaviour is for Malwarebytes not to register in the Windows Security Center. The fact Malwarebytes did register when set to default settings is the issue that we will be addressing.


  9. Hi @n00bie,

    This issue was caused by an incompatibility in Malwarebytes version 3.7 with third-party layered service providers, which we can see are added by Proxifier:

    Winsock: Catalog5 01 C:\Windows\SysWOW64\PrxerNsp.dll [87024 2018-08-15] (Initeks, OOO -> )
    Winsock: Catalog9 03 C:\Windows\SysWOW64\PrxerDrv.dll [98800 2018-08-15] (Initeks, OOO -> Initex)
    Winsock: Catalog9 04 C:\Windows\SysWOW64\PrxerDrv.dll [98800 2018-08-15] (Initeks, OOO -> Initex)
    Winsock: Catalog9 05 C:\Windows\SysWOW64\PrxerDrv.dll [98800 2018-08-15] (Initeks, OOO -> Initex)
    Winsock: Catalog9 06 C:\Windows\SysWOW64\PrxerDrv.dll [98800 2018-08-15] (Initeks, OOO -> Initex)
    Winsock: Catalog9 22 C:\Windows\SysWOW64\PrxerDrv.dll [98800 2018-08-15] (Initeks, OOO -> Initex)
    Winsock: Catalog5-x64 01 C:\Windows\system32\PrxerNsp.dll [101872 2018-08-15] (Initeks, OOO -> )
    Winsock: Catalog9-x64 03 C:\Windows\system32\PrxerDrv.dll [119792 2018-08-15] (Initeks, OOO -> Initex)
    Winsock: Catalog9-x64 04 C:\Windows\system32\PrxerDrv.dll [119792 2018-08-15] (Initeks, OOO -> Initex)
    Winsock: Catalog9-x64 05 C:\Windows\system32\PrxerDrv.dll [119792 2018-08-15] (Initeks, OOO -> Initex)
    Winsock: Catalog9-x64 06 C:\Windows\system32\PrxerDrv.dll [119792 2018-08-15] (Initeks, OOO -> Initex)
    Winsock: Catalog9-x64 22 C:\Windows\system32\PrxerDrv.dll [119792 2018-08-15] (Initeks, OOO -> Initex)


    A fix will be provided for this issue in an upcoming version of Malwarebytes. Once released, you should have no issues reinstalling Proxifier.


  10. Thanks for your patience. Unfortunately, the dump file hasn't provided any useful information.

    Let's see if we can narrow down the cause further. Given the Safe Mode results, this most likely won't have any impact, but it's still worth trying.

    LtF7KGB.png Perform Clean Boot

    • Press the Windows Key + R on your keyboard at the same time. Type msconfig and click OK.
    • On the Services tab of the System Configuration dialog box, select the Hide all Microsoft services check box.
    • Click Disable all.
    • Scroll through the list and look for Malwarebytes Service. Place a checkmark next to this.
    • On the Startup tab of the System Configuration dialog box, click Open Task Manager.
    • On the Startup tab in Task Manager, for each startup item, select the item and then click Disable.
    • Close Task Manager.
    • On the Startup tab of the System Configuration dialog box, click OK and then restart the computer.
    • Log back into your normal user account.
       

    After performing the clean boot, please open Malwarebytes and check if the issue still occurs.

    -----

    If the issue still occurs, please do the following:

    uViWDv6.png Export Event Logs

    • Press the Windows Key + R on your keyboard at the same time. Type eventvwr.msc and click OK.
    • Expand Windows Logs.
    • Right-click Application and click Save All Events As.... Name the file application and click OK.
    • Repeat for Security and System.
    • Navigate to the location of the files. Highlight the three files, right-click one and click Send to followed by Compressed (zipped) folder.
    • Name the Zip file EventLogs.zip and attach the file in your next reply.

  11. Apologies, I missed your post. Let's move onto Process Monitor and see if this provides further insight into the issue you're having.

    MgeHyNE.png Run Process Monitor

    • Please download run_procmon.bat using the link below.
      https://malwarebytes.box.com/s/he92cwwd71sa0w7waiub8wx69ymb5d4i
    • Open your Downloads folder.
    • Double-click CX41PDv.png run_procmon.bat. Click Yes if prompted by AVOiBNU.jpg User Account Control.
    • Note: If you are prompted by Windows SmartScreen, click More info followed by Run anyway.
    • A blue window will appear.
    • When prompted to carry out the tasks, please do the following:
      • Try to run AdwCleaner. Wait at least 20 seconds after double-clicking the file.
    • Once done, click inside the Command Prompt window and press Y on your keyboard followed by Enter.
    • Upon completion, a file named HSPwQfy.png procmon-log.zip will be saved to your Desktop. Please attach the file in your next reply.
    • Note: If the file is too large, you will be provided instructions to upload the file to a file hosting website (wetransfer.com).

  12. Hi @AnglepoiseLamp,

    The issue stems from non-default permissions set on the C:\Windows\System32\drivers folder; specifically, the Administrators user group (as well as for the SYSTEM user account) permissions for the parent drivers folder, subfolders and files. This is not a typical occurrence and the Malwarebytes software is not at fault here for the installation issues you're having. Other third-party software has most likely modified the permissions set on the drivers folder, which is causing the issue you're having with installing Malwarebytes.

    In a scenario like this where we don't know the full extent of changes made to file system permissions, I'd suggest using a tried and tested tool to reset all file system permissions back to the default/expected state. An example of such a tool is Tweaking.com's Windows Repair: https://www.tweaking.com/content/page/windows_repair_all_in_one.html.


  13. Thanks for the file. Nothing specifically related to the issue you're having with AdwCleaner is standing out.

    There's a bunch of leftovers from various security products. Let's get this cleared up. WinPatrol is most likely responsible for the leftovers, so please disable or temporarily uninstall this first before proceeding with the steps below. Keep WinPatrol disabled/uninstalled for the duration of troubleshooting.

    xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

    • Please download the attached Fixlist.txt file from this email.
    • Ensure the file is saved to your Downloads folder.
    • Open your Downloads folder. Inside you should see a file named FRSTEnglish.exe along with Fixlist.txt.
    • Right-click xlK5Hdb.png FRSTEnglish.exe and select AVOiBNU.jpg Run as administrator to run the program.
    • Click the Fix button (not the Scan button). Please be patient.
    • If you are prompted to reboot upon completion, please consent.
    • A log named UdawJ7P.png Fixlog.txt will be saved in your Downloads folder.
    • Please attach the log in your next reply.

    -----

    I know you mentioned trying with Norton Security disabled. Just to rule this out entirely, could you temporarily uninstall Norton Security, reboot the machine and try to run AdwCleaner once more by double-clicking the file.

    Failing that, we can take a closer look at exactly what events are taking place when you run AdwCleaner by using a tool such as Process Monitor.
     

    Fixlist.txt


  14. 8 hours ago, JES said:

    Maurice - No change in my situation but now I understand the problem. Thanks to you.

    Hi JES,

    If you would prefer not to disable Malwarebytes Web Protection, you also have the option of disabling the Web Protection-related settings in Sophos.

    Specifically, the following will need to be disabled in Sophos. This will allow you to use Malwarebytes Web Protection.

    • Malicious Traffic Detection (under Protection -> General)
    • Web Protection (under Protection -> Web)
    • Download Protection (under Protection -> Web)
       

    We spent considerable time investigating the issue but ultimately determined it was an unavoidable conflict stemming from both products' use of the Windows Filtering Platform.


  15. Hi @AnglepoiseLamp,

    This issue most likely stems from the permissions set on the C:\Windows\system32\drivers folder, preventing the Administrator user group (the context in which the Malwarebytes installer runs as) from writing the mbae64.sys file to the folder. During initial installation, this issue will only affect mbae64.sys as the other driver files used by Malwarebytes (mbam.sys, mwac.sys, etc) are dynamically written to the folder by the Malwarebytes Service (MBAMService) after the service has been installed and started.

    To confirm if this is the case, we'll need to start by querying the permissions set on the drivers folder. For simplicity, we can use the FRST tool to accomplish this.

    Please download the following Fixlist.txt file using the link below (click the Download button in the upper-right corner):
    https://malwarebytes.box.com/s/u6pi4i0z1c0r1c18seeyucaecil2pa5h


    Ensure the file is saved to the same folder as the FRST tool. Then run it in same manner as before and provide the generated Fixlog.txt file.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.