Jump to content

umopapisdn

Members
  • Posts

    17
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Its been a few days, I just wanted to know if you found anything in the crashdump file that is useful?
  2. I thought this looked interesting, too, so I ran the crashdump again and captured a screenshot of it. I hope this helps!
  3. Wow! WeTransfer was interesting. I had to click a blank area to select the file to upload. I have a Dropbox Business account. I wanted to use it but I wanted to follow your instructions...so I used WeTransfer. There is some history you should be aware of. When I would reboot the pc then run the runme.bat file as administrator I would be prompted for UAC. Every time I was challenged with the UAC prompt, and accepted it, I could launch a scan of drive F from the context menu with no crash! However, when I reboot the pc and try to launch a scan of drive F from the context menu, Windows Explorer crashes. Somehow, accepting the UAC was preventing the crash! Similar to after the first crash MBAM would work as expected, too. I finally tried lowering the UAC to never prompt rebooted, launched runme.bat as administrator was able to capture the crash. This seemed odd as when I did the clean install of MBAM it was with the UAC at the recommended (default) level. However, originally the UAC was lowered to never when I installed the first time and started the thread. (as you saw in the MBSupport logs) So, here is the file. I hope this will reveal what is happening. https://we.tl/t-gIlz5Ln3QV
  4. This is interesting. When I run the batch file (as administrator) and then use the file explorer context menu to scan drive F there is no crash of explorer! I could not find the .dmp file so I opened the batch file in editor to see where it was being written. Apparently, it is the folder that procdump.exe is run from (by default). No file is being written when there is no crash. So, I am going to try reboot and make it crash without loading procdump as administrator to see if the UAC process is preventing the crash. I had to go out on a call, so, it will be later today when I can resume chasing this issue. As yet, I have no crash dump log to send you. I just wanted you to know that I have not lost interest and why the delayed response.
  5. I ran through it again, just now, and see that the error did not happen on the last run. I looked for c:\program files\malwarebytes\ and the folder was successfully deleted after reboot. None of the drives are encrypted. I just found that I can select the drives. I was clicking too fast. When I click and hold for a moment it works as expected to select the drives.
  6. I had a look at the mbst-clean-results.txt file and found this line: 2018-09-17 18:03:43.364 Failed to delete File C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll, reason:(Access is denied.(error=5)), Could it be a problem with permissions causing the issue? Interestingly, the problem only occurs when I use the context menu to launch a scan, the mbshlext.dll file is responsible for the context menu being there! Also, I tried a "clean" boot of windows 7 and the MBAM program would not load. It said (not responding) right from launch!
  7. C:\ D:\ are both partitions of physical drive 0 F:\ is a physical USB 3.0 Drive E:\ is the DVD Drive
  8. The non c:\ are d:\ (another partition on Drive 0) and f:\ an external USB drive. E:\ is reserved for the DVD
  9. Something else I have noticed, that is odd... When I go to Scan>Custom Scans>Configure I cannot select any drives in this installation. In my other computers I can select anything I wish, however, in this installation when I select drive c or d or f the check appears in the checkbox for only a moment and then almost immediately disappears. I am not double-clicking It is very odd behavior IMHO. It just wont let me scan any drives other than a normal drive c scan without using the context menu to initiate it and when I do Windows Explorer stops working... error report generates... explorer.exe restarts then it completes the scan (supposedly) is okay again for subsequent scans from the context menu without "crashing". Windows Explorer until I reboot. Then it all reverts to the issues. Also, after it crashes explorer, I can still not select any drives in the custom scan. Sounds like malicious activity to me...
  10. In the first set of logs, I had gone into the settings inside MBAM 3.5.1 and unchecked the option for Show on context menu. That was the only workaround I could come up with...removing it from the context menu. Thus all the registry entries were gone.
  11. This is the log files collected after the clean reinstall and changing the UAC settings. All settings in MBAM 3.5.1 are still set to defaults. As previously stated, the scans complete normally, but only after Windows Explorer crashes out once. After explorer.exe has restarted, I can scan any drive I wish without any further crashes. Possibly malware loading at boot time? Or maybe a boot time program leaking the memory that mbshlext.dll needs? mbst-grab-results.zip
  12. Following the instructions in that post I set my UAC to "Default" Recommended setting and rebooted. The issue persisted. I used the "Clean" button in mb-support-1.1.2.471 to perform a clean install of the MBAM 3.5.1. I allowed it to download and install the latest version on the outside chance that my previously downloaded installer had an issue. Unfortunately, nothing has worked. I left the clean install at all default settings, where I had enabled rootkit scans in the original. Thought maybe the rootkit scan had an issue with drives other than the boot drive. Still same condition exists when I attempt to scan any drive other than drive c from the context menu in File Explorer.
  13. Salutations, When I use the context menu in windows to scan any drive other than c: I am told that explorer.exe has crashed and a report is being generated to find a solution. This is followed by explorer.exe is restarting. After explorer has restarted the scan completes normally. The following error appears in event viewer. As a temporary workaround, I have disabled context menu scans in MBAM 3.5.1 Settings. I am running Windows 7 Home with 8GB RAM. I have no idea how to troubleshoot this error to get "Scan with Malwarebytes" to function properly from the context menu. Please help? Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: mbshlext.dll_unloaded, version: 0.0.0.0, time stamp: 0x5abe91ea Exception code: 0xc0000005 Fault offset: 0x000007fedfc5f97e Faulting process id: 0xc8c Faulting application start time: 0x01d44eb7189320a5 Faulting application path: C:\windows\Explorer.EXE Faulting module path: mbshlext.dll Report Id: 392bd72d-baad-11e8-8858-e0ca949f8102
  14. I thought that Malwarebytes 3.x Web Protection used a real-time malicious behavior detection algorythm. Apparently it uses a database instead. Please, re-scan my domain and update the database accordingly. Thank you in advance! 143.95.83.238 hxxp://www.doyleprimmmusic.com =============== Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 11/28/17 Protection Event Time: 9:13 PM Log File: d5c6ae10-d4aa-11e7-83c6-00e06112d51d.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.236 Update Package Version: 1.0.3368 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: doyleprimmmusic.com IP Address: 143.95.83.238 Port: [64333] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.