umopapisdn
-
Posts
17 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by umopapisdn
-
-
I thought this looked interesting, too, so I ran the crashdump again and captured a screenshot of it. I hope this helps!
-
Wow! WeTransfer was interesting. I had to click a blank area to select the file to upload. I have a Dropbox Business account. I wanted to use it but I wanted to follow your instructions...so I used WeTransfer. There is some history you should be aware of. When I would reboot the pc then run the runme.bat file as administrator I would be prompted for UAC. Every time I was challenged with the UAC prompt, and accepted it, I could launch a scan of drive F from the context menu with no crash! However, when I reboot the pc and try to launch a scan of drive F from the context menu, Windows Explorer crashes. Somehow, accepting the UAC was preventing the crash! Similar to after the first crash MBAM would work as expected, too. I finally tried lowering the UAC to never prompt rebooted, launched runme.bat as administrator was able to capture the crash. This seemed odd as when I did the clean install of MBAM it was with the UAC at the recommended (default) level. However, originally the UAC was lowered to never when I installed the first time and started the thread. (as you saw in the MBSupport logs) So, here is the file. I hope this will reveal what is happening.
-
This is interesting. When I run the batch file (as administrator) and then use the file explorer context menu to scan drive F there is no crash of explorer! I could not find the .dmp file so I opened the batch file in editor to see where it was being written. Apparently, it is the folder that procdump.exe is run from (by default). No file is being written when there is no crash. So, I am going to try reboot and make it crash without loading procdump as administrator to see if the UAC process is preventing the crash. I had to go out on a call, so, it will be later today when I can resume chasing this issue. As yet, I have no crash dump log to send you. I just wanted you to know that I have not lost interest and why the delayed response.
-
3 minutes ago, dcollins said:
No, that error is expected because the shell extension is loaded in explorer.exe.
As for your issue, are your drives encrypted by chance? Also, when you say you can't click the drives in Custom Scan, do you mean they're greyed out and disabled, or if you click them, they just don't have a checkbox next to them?
I ran through it again, just now, and see that the error did not happen on the last run. I looked for c:\program files\malwarebytes\ and the folder was successfully deleted after reboot. None of the drives are encrypted. I just found that I can select the drives. I was clicking too fast. When I click and hold for a moment it works as expected to select the drives.
-
I had a look at the mbst-clean-results.txt file and found this line:
2018-09-17 18:03:43.364 Failed to delete File C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll, reason:(Access is denied.(error=5)),
Could it be a problem with permissions causing the issue? Interestingly, the problem only occurs when I use the context menu to launch a scan, the mbshlext.dll file is responsible for the context menu being there! Also, I tried a "clean" boot of windows 7 and the MBAM program would not load. It said (not responding) right from launch!
-
9 hours ago, Firefox said:
Are these physical drives or are these network/mapped drives?
C:\ D:\ are both partitions of physical drive 0
F:\ is a physical USB 3.0 Drive
E:\ is the DVD Drive
-
The non c:\ are d:\ (another partition on Drive 0) and f:\ an external USB drive. E:\ is reserved for the DVD
-
Something else I have noticed, that is odd... When I go to Scan>Custom Scans>Configure I cannot select any drives in this installation. In my other computers I can select anything I wish, however, in this installation when I select drive c or d or f the check appears in the checkbox for only a moment and then almost immediately disappears. I am not double-clicking It is very odd behavior IMHO. It just wont let me scan any drives other than a normal drive c scan without using the context menu to initiate it and when I do Windows Explorer stops working... error report generates... explorer.exe restarts then it completes the scan (supposedly) is okay again for subsequent scans from the context menu without "crashing". Windows Explorer until I reboot. Then it all reverts to the issues. Also, after it crashes explorer, I can still not select any drives in the custom scan. Sounds like malicious activity to me...
-
In the first set of logs, I had gone into the settings inside MBAM 3.5.1 and unchecked the option for Show on context menu. That was the only workaround I could come up with...removing it from the context menu. Thus all the registry entries were gone.
-
This is the log files collected after the clean reinstall and changing the UAC settings. All settings in MBAM 3.5.1 are still set to defaults. As previously stated, the scans complete normally, but only after Windows Explorer crashes out once. After explorer.exe has restarted, I can scan any drive I wish without any further crashes. Possibly malware loading at boot time? Or maybe a boot time program leaking the memory that mbshlext.dll needs?
-
Following the instructions in that post I set my UAC to "Default" Recommended setting and rebooted. The issue persisted. I used the "Clean" button in mb-support-1.1.2.471 to perform a clean install of the MBAM 3.5.1. I allowed it to download and install the latest version on the outside chance that my previously downloaded installer had an issue. Unfortunately, nothing has worked. I left the clean install at all default settings, where I had enabled rootkit scans in the original. Thought maybe the rootkit scan had an issue with drives other than the boot drive. Still same condition exists when I attempt to scan any drive other than drive c from the context menu in File Explorer.
-
-
Salutations,
When I use the context menu in windows to scan any drive other than c:
I am told that explorer.exe has crashed and a report is being generated to find a solution. This is followed by explorer.exe is restarting. After explorer has restarted the scan completes normally. The following error appears in event viewer. As a temporary workaround, I have disabled context menu scans in MBAM 3.5.1 Settings. I am running Windows 7 Home with 8GB RAM. I have no idea how to troubleshoot this error to get "Scan with Malwarebytes" to function properly from the context menu. Please help?
Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: mbshlext.dll_unloaded, version: 0.0.0.0, time stamp: 0x5abe91ea
Exception code: 0xc0000005
Fault offset: 0x000007fedfc5f97e
Faulting process id: 0xc8c
Faulting application start time: 0x01d44eb7189320a5
Faulting application path: C:\windows\Explorer.EXE
Faulting module path: mbshlext.dll
Report Id: 392bd72d-baad-11e8-8858-e0ca949f8102 -
I thought that Malwarebytes 3.x Web Protection used a real-time malicious behavior detection algorythm. Apparently it uses a database instead. Please, re-scan my domain and update the database accordingly. Thank you in advance!
143.95.83.238
hxxp://www.doyleprimmmusic.com
===============
Malwarebytes
www.malwarebytes.com-Log Details-
Protection Event Date: 11/28/17
Protection Event Time: 9:13 PM
Log File: d5c6ae10-d4aa-11e7-83c6-00e06112d51d.json
Administrator: Yes-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3368
License: Premium-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0-Website Data-
Domain: doyleprimmmusic.com
IP Address: 143.95.83.238
Port: [64333]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe===============
-
My alert opened up indicating that my "real-time" protection was disabled. I attempted to enable it from the tray icon and it was greyed-out. I went into the software and changed the switch from off to "Starting..." it would not start so I ran a scan. The scan completed in 5 seconds and I was shocked. I checked the log and it said the scan was cancelled. I did not cancel it! Upon further inspection I remembered that I had enabled the heuristic and rootkit scans but in the log it said rootkit was disabled. I tried uninstalling the 3.0.6, rebooted, ran the mbam-clean-2.3.0.1001.exe, rebooted and installed the 3.1.2. I ran the default scan and the results are in the mbam-check-results.zip.
----------
The context menu from the tray icon had "Web Protection Off" available until I clicked on it to enable it. Then it greyed out and changing the scan setting to enabled in the software only results in "Starting..." being displayed on the screen for an extended period.
-
First of all, thank you for being here for me. I appreciate the help I am about to receive. This is a PC belonging to my son. He has brought it to me because he was surfing the web and a popup told him there were some 2500 infections on his pc and he clicked the links to clean it. DOH! Since then, he cannot do anything in his windows without the error:
C:\Windows\System32\dinotify.exe
This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Programs control panel.
Unfortunately, the aformentioned control panel also yields this error.
The desktop icons are all white and double-clicking them results in the same error.
Booting into "safe mode" I was able to run MBAM2 and the system seems to function normally for "safe mode". I was able to download and run the FARBER Recovery Scan Tool in "safe mode with networking" however there is also no internet connectivity in "normal mode".
MBAM 2 removed the Trojan.Siredef.C and the system is still useless. Subsequent MBAM2 scans return 0 mailicious items.
P.S. I am only able to use this computer in safe mode.
HELP!
----------------------------------
mbshlext.dll crashing explorer.exe in Windows 7
in Malwarebytes for Windows Support Forum
Posted
Its been a few days, I just wanted to know if you found anything in the crashdump file that is useful?