Jump to content

LiquidTension

Staff
  • Content Count

    3,650
  • Joined

  • Last visited

Posts posted by LiquidTension


  1. Hi @ToddTheSquid,

    You've encountered a known database update issue that results in an issue with Malware Protection starting. We're currently working on a permanent fix and hope to release it shortly. This fix will come in the form of another database update.

    The easiest method to restore Malware Protection functionality is to perform a clean reinstallation of Malwarebytes with the Malwarebytes Support Tool.
    Please refer to the following: https://support.malwarebytes.com/docs/DOC-2674

    It's possible you may still encounter an issue afterwards. Let us know if you do and follow-up instructions will be provided.


  2. It's likely being disabled by one of your other installed programs, such as AVG PC TuneUp. I would start by removing this and checking if it has any impact.

    If you're still having a problem and need to identify the culprit, you can perform a clean boot:
    https://support.microsoft.com/en-gb/help/929135/how-to-perform-a-clean-boot-in-windows (ensure you check, "Hide all Microsoft services")

    After performing the clean boot, you should find the BFE service remains enabled. From here, re-enable half of the items that were disabled in the clean boot and check if the BFE service is disabled once more. Repeat the process until the culprit is identified.


  3. Hi @Terrorbone,

    The computer has malware on it which is likely what is causing the issue with MBAMService installing.

    Please refer to the following topic to receive assistance with getting the computer cleaned up:
    https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

    -----

    @leodki and others, please create a new topic and describe the issue you're experiencing.
    Please be sure to include the information requested here: https://forums.malwarebytes.com/topic/190532-having-problems-using-malwarebytes-please-follow-these-steps/


  4. On 11/23/2019 at 12:30 AM, pfeerick said:

    Another scheduled scan issue I've just encountered with after just updated to 4.0.4 on two machines is that the delete option does not appear to work... at least visually. If you delete a scheduled scan, it stays in the list, but if you close and re-open the window, it is indeed deleted. i.e. the scheduled scan list is not being refreshed when an item is deleted.

    Hi @pfeerick,

    This is related to a user interface refresh issue that we're aware of. We hope to have this fixed in an upcoming update.

    For now, you may need to close and reopen the user interface in order for the changes to be reflected correctly (as you've already found yourself).


  5. Hi @denzele,

    If you do not wish to keep Ransomware Protection disabled, you can try adding the Origin installation folders as exclusions in Malwarebytes. Be sure to restart the computer afterwards and then re-enable Ransomware Protection. This has proven successful in our internal testing and for other affected users.

    Steps on adding exclusions in Malwarebytes version 4 can be found here: https://support.malwarebytes.com/docs/DOC-3543
    You will need to add a folder exclusion for C:\Program Files (x86)\Origin and C:\Program Files (x86)\Origin Games.


  6. Hi @LHilde42,

    In your report, the "replaced" items correspond to legitimate Chrome configuration files that have had potentially unwanted modifications made to them. Malwarebytes does not quarantine these files as it could potentially break your Chrome browser. Instead, it opts to selectively remove the unwanted modifications made to the files (either by replacing with good values or by removing the offending values entirely), whilst leaving the file itself intact. This action is referred to as "replace" in the scan results displayed/reported by Malwarebytes.

    As you've already had Malwarebytes take action on the items, no further action is required providing you are not experiencing any outstanding issues.


  7. Hi spinoxin,

    Please refer to the following post: https://forums.malwarebytes.com/topic/254241-new-instances-of-igexe-constantly-needs-whitelisting/?do=findComment&comment=1348390

    As noted above, the ig-*.exe files are only temporary copies of the base ig.exe; used during scanning and as part of on-execution protection provided by the Malware Protection component. If you use the 'Quit Malwarebytes' option and look inside the installation folder (%programfiles%\Malwarebytes\Anti-Malware by default), you will only see a single ig.exe.


  8. Hi @Rix643,

    This is behaviour related to the new engine introduced with the Malwarebytes version 4 update. It will occur during both scans and when Malware Protection is enabled. Impeding this behaviour will impact the detection/malware protection capabilities of Malwarebytes scans/Real-Time Protection. However, it won't impact other protection components and when considering the overall protection of the machine offered by Malwarebytes, you will still be more than adequately protected.

    Do you have the option to add partial filenames/use wildcards (e.g. ig-*.exe)?


  9. Hi @tonguetwister,

    With the release of Malwarebytes version 4, the new default behaviour is for Malwarebytes to register in the Windows Security Center. By registering, Windows Defender is automatically disabled. This behaviour is unrelated to the 1.0.15526 update package version.

    Release notes for the version 4 update can be found here:
    https://support.malwarebytes.com/docs/DOC-3606

    Note the second bullet point under, "Performance/protective capability".


  10. On 11/28/2019 at 7:27 PM, danielfcoelho said:

    I have the same problem here. I use MBAM together with Kaspersky Internet Security, and after upgrading KIS to version 2020 the system started to have instabilities, only returned to normal after I uninstalled MBAM. I spent three days using just KIS and the computer worked normal, but it was just installing MBAM again that started to crash everything.

    Hi @danielfcoelho,

    If you were to uninstall Kaspersky Internet Security instead of Malwarebytes and reboot, you would also find the computer functions normally. The issue is caused by a conflict between both programs; not by Malwarebytes alone. The issue was first introduced after Kaspersky released a new update labelled "patch e".

    Unfortunately, we do not have any updates on the topic at this current time. The latest information/workarounds can be found in the following post:
    https://forums.malwarebytes.com/topic/253165-malwarebytes-not-working-any-more-with-kis-200141085-e/?do=findComment&comment=1343422


  11. Hello @jayman1000,

    Please carry out the following instructions so we can take a closer look at the issue:
    https://support.malwarebytes.com/docs/DOC-2396

    Also, when the prompt to restart the computer appeared, did you manually open the Malwarebytes user interface?
     

    On 11/24/2019 at 12:18 AM, exile360 said:

    This is the same issue I and several others encountered when trying to upgrade.  It occurs because the Malwarebytes service remains running after launching the installer for the new version and automatically prompts to install the new version again even though the installer was already launched previously.  In some cases this results in an endless loop of trying to install the new build, it being interrupted by the service from v3 causing the new version to fail to install, rebooting and the cycle starting all over again.  If this occurs, removing version 3 from the system and then installing version 4 fresh should resolve it.  Just uninstall v3 from the control panel, reboot the system, then download and install version 4 from here.

    This is not quite accurate. When the installer service first starts, the Malwarebytes Service is stopped. If an issue is encountered during file replacement (e.g. a DLL failed to unload), the Malwarebytes Service is restarted and the a reboot prompt is shown. The service is restarted so that the user is not left unprotected if they do not consent to the reboot immediately.

    Interruption after the reboot will only occur if the user manually launches Malwarebytes whilst the Malwarebytes version 4 installation is taking place silently. This is because the service start type is set to manual prior to the reboot. Whilst it's still not an ideal situation, it's not quite as bad as described above. We're working on improving the overall user flow of the installation process.


  12. 18 hours ago, Omoeba said:

    @LiquidTensionjust to confirm, is the "enable tamper protection" WSC status for a few minutes after reboot caused by MB or not?

    Tamper Protection in Windows 10 isn't related to this forum topic or to the WSC fix mentioned in the changelog.
    The issue that we fixed involved the status of Malwarebytes being reported as turned off when the product was fully enabled.

    Is your only issue with WSC reporting Tamper Protection as off? What is the current status of Malwarebytes? Do you have the Windows Defender "periodic scanning" setting enabled? By default, it is expected for Tamper Protection to be disabled when another security product is registered as an Anti-Virus in WSC. It can however be enabled if the Windows Defender "periodic scanning" setting is enabled.

    ---

    Also, as mentioned earlier, it takes several minutes after a Windows startup for WSC to report correct information for the system. This has nothing to do with Malwarebytes and is entirely related to expected WSC behaviour. There is no value in checking WSC immediately after a reboot.


  13. Thank you for the update.
     

    Quote

    Yes, it is the Malware and PUP protection that is involved when it is activated.

    To confirm, when Malware Protection is enabled, you experience issues with Firefox (and Windows in general) locking up/functioning correctly?
    You're also experiencing an issue with scans not completing. Does this consistently occur, even with Malware Protection disabled?

    What type of scan are you running? Manual or scheduled and Threat, Custom or Hyper? Does it occur with all scan types?

    Does performing a clean boot (with Malwarebytes Service left enabled/checked) have any impact? https://support.microsoft.com/en-gb/help/929135/how-to-perform-a-clean-boot-in-windows
     

    1 hour ago, chantal11 said:

    I had a lot of trouble doing the last part, with the problem reproduced.

    The issue was with detecting your OS version. I've sent you an alternative set of instructions to generate a memory dump.


  14. Thanks for the files. It looks like this is being caused by (or at least is related) to DB updates being applied prior to the scan being started.

    We're investigating further and will hopefully find a consistent set of steps to reproduce the issue. In the meantime, please let me know if you encounter any further issues.

    If you're able to reproduce the issue on-demand or on a more consistent basis, it would definitely help with finding a solution.


  15. Hi @doug78,

    Thank you for the update.
     

    We'll need a memory dump and debug logging from Malwarebytes Service whilst the machine is in the issue state. Please ensure Kaspersky is either disabled or uninstalled and do the following:

    • Open Malwarebytes.
    • Click Settings.
    • Turn the, "Event log data" setting on.
       

    Afterwards, quit Malwarebytes (notification area icon -> Quit Malwareytes) and ensure the computer is functioning normally. Then proceed with the steps below.

    • Please download run_procdump.bat using the link below.
      https://malwarebytes.box.com/s/e127cj2ppb2lq6njf67li2gls3kbfz24
    • Open your Downloads folder.
    • Double-click CX41PDv.png run_procdump.bat. Click Yes if prompted by AVOiBNU.jpg User Account Control.
    • Note: If you are prompted by Windows SmartScreen, click More info followed by Run anyway.
    • A blue window will appear.
    • When prompted to reboot, type Y into the window and press Enter on your keyboard.
    • After your computer has rebooted, please do the following:
      • Reproduce the issue state.
    • Once done, open your Downloads folder and double-click the run_procdump.bat file once more.
    • Upon completion, a file named HSPwQfy.png memorydump.zip will be saved to your Desktop. Please attach the file in your next reply.
    • Note: If the file is too large, you will be provided instructions to upload the file to a file hosting website (wetransfer.com).


    Please respond back with the following:

    • The zipped up memory dump.
    • New Malwarebytes Support Tool logs (rerun the tool -> Advanced -> Gather logs).
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.