Jump to content

umopapisdn

Members
 View Profile  See their activity

  • Posts

    17

  • Joined

  • Last visited

 Content Type 

Posts posted by umopapisdn

    mbshlext.dll crashing explorer.exe in Windows 7

    in Malwarebytes for Windows Support Forum

    Posted

    Wow! WeTransfer was interesting. I had to click a blank area to select the file to upload. I have a Dropbox Business account. I wanted to use it but I wanted to follow your instructions...so I used WeTransfer. There is some history you should be aware of. When I would reboot the pc then run the runme.bat file as administrator I would be prompted for UAC. Every time I was challenged with the UAC prompt, and accepted it, I could launch a scan of drive F from the context menu with no crash! However, when I reboot the pc and try to launch a scan of drive F from the context menu, Windows Explorer crashes. Somehow, accepting the UAC was preventing the crash! Similar to after the first crash MBAM would work as expected, too. I finally tried lowering the UAC to never prompt rebooted, launched runme.bat as administrator was able to capture the crash. This seemed odd as when I did the clean install of MBAM it was with the UAC at the recommended (default) level. However, originally the UAC was lowered to never when I installed the first time and started the thread. (as you saw in the MBSupport logs) So, here is the file. I hope this will reveal what is happening. 

     

    https://we.tl/t-gIlz5Ln3QV

    mbshlext.dll crashing explorer.exe in Windows 7

    in Malwarebytes for Windows Support Forum

    Posted

    This is interesting. When I run the batch file (as administrator) and then use the file explorer context menu to scan drive F there is no crash of explorer! I could not find the .dmp file so I opened the batch file in editor to see where it was being written. Apparently, it is the folder that procdump.exe is run from (by default). No file is being written when there is no crash. So, I am going to try reboot and make it crash without loading procdump as administrator to see if the UAC process is preventing the crash. I had to go out on a call, so, it will be later today when I can resume chasing this issue. As yet, I have no crash dump log to send you. I just wanted you to know that I have not lost interest and why the delayed response. 

    mbshlext.dll crashing explorer.exe in Windows 7

    in Malwarebytes for Windows Support Forum

    Posted

    3 minutes ago, dcollins said:

    No, that error is expected because the shell extension is loaded in explorer.exe.

    As for your issue, are your drives encrypted by chance? Also, when you say you can't click the drives in Custom Scan, do you mean they're greyed out and disabled, or if you click them, they just don't have a checkbox next to them?

    I ran through it again, just now, and see that the error did not happen on the last run. I looked for c:\program files\malwarebytes\ and the folder was successfully deleted after reboot. None of the drives are encrypted. I just found that I can select the drives. I was clicking too fast. When I click and hold for a moment it works as expected to select the drives.

    mbshlext.dll crashing explorer.exe in Windows 7

    in Malwarebytes for Windows Support Forum

    Posted

    I had a look at the mbst-clean-results.txt file and found this line:

    2018-09-17 18:03:43.364   Failed to delete File C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll, reason:(Access is denied.(error=5)),

    Could it be a problem with permissions causing the issue? Interestingly, the problem only occurs when I use the context menu to launch a scan, the mbshlext.dll file is responsible for the context menu being there! Also, I tried a "clean" boot of windows 7 and the MBAM program would not load. It said (not responding) right from launch!

    mbshlext.dll crashing explorer.exe in Windows 7

    in Malwarebytes for Windows Support Forum

    Posted

    Something else I have noticed, that is odd... When I go to Scan>Custom Scans>Configure I cannot select any drives in this installation. In my other computers I can select anything I wish, however, in this installation when I select drive c or d or f the check appears in the checkbox for only a moment and then almost immediately disappears. I am not double-clicking ;) It is very odd behavior IMHO. It just wont let me scan any drives other than a normal drive c scan without using the context menu to initiate it and when I do Windows Explorer stops working... error report generates... explorer.exe restarts then it completes the scan (supposedly) is okay again for subsequent scans from the context menu without "crashing". Windows Explorer until I reboot. Then it all reverts to the issues. Also, after it crashes explorer, I can still not select any drives in the custom scan. Sounds like malicious activity to me...

    mbshlext.dll crashing explorer.exe in Windows 7

    in Malwarebytes for Windows Support Forum

    Posted

    This is the log files collected after the clean reinstall and changing the UAC settings. All settings in MBAM 3.5.1 are still set to defaults. As previously stated, the scans complete normally, but only after Windows Explorer crashes out once. After explorer.exe has restarted, I can scan any drive I wish without any further crashes. Possibly malware loading at boot time? Or maybe a boot time program leaking the memory that mbshlext.dll needs?

    mbst-grab-results.zip

    mbshlext.dll crashing explorer.exe in Windows 7

    in Malwarebytes for Windows Support Forum

    Posted

    Following the instructions in that post I set my UAC to "Default" Recommended setting and rebooted. The issue persisted. I used the "Clean" button in mb-support-1.1.2.471 to perform a clean install of the MBAM 3.5.1. I allowed it to download and install the latest version on the outside chance that my previously downloaded installer had an issue. Unfortunately, nothing has worked. I left the clean install at all default settings, where I had enabled rootkit scans in the original. Thought maybe the rootkit scan had an issue with drives other than the boot drive. Still same condition exists when I attempt to scan any drive other than drive c from  the context menu in File Explorer.

    mbshlext.dll crashing explorer.exe in Windows 7

    in Malwarebytes for Windows Support Forum

    Posted

    Salutations,

    When I use the context menu in windows to scan any drive other than c:

    I am told that explorer.exe has crashed and a report is being generated to find a solution.  This is followed by explorer.exe is restarting. After explorer has restarted the scan completes normally. The following error appears in event viewer. As a temporary workaround, I have disabled context menu scans in MBAM 3.5.1 Settings. I am running Windows 7 Home with 8GB RAM. I have no idea how to troubleshoot this error to get "Scan with Malwarebytes" to function properly from the context menu. Please help?

     

    Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: mbshlext.dll_unloaded, version: 0.0.0.0, time stamp: 0x5abe91ea
    Exception code: 0xc0000005
    Fault offset: 0x000007fedfc5f97e
    Faulting process id: 0xc8c
    Faulting application start time: 0x01d44eb7189320a5
    Faulting application path: C:\windows\Explorer.EXE
    Faulting module path: mbshlext.dll
    Report Id: 392bd72d-baad-11e8-8858-e0ca949f8102

    143.95.83.238

    in Website Blocking

    Posted

    I thought that Malwarebytes 3.x Web Protection used a real-time malicious behavior detection algorythm. Apparently it uses a database instead. Please, re-scan my domain and update the database accordingly. Thank you in advance!

    143.95.83.238

    hxxp://www.doyleprimmmusic.com

    ===============

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Protection Event Date: 11/28/17
    Protection Event Time: 9:13 PM
    Log File: d5c6ae10-d4aa-11e7-83c6-00e06112d51d.json
    Administrator: Yes

    -Software Information-
    Version: 3.3.1.2183
    Components Version: 1.0.236
    Update Package Version: 1.0.3368
    License: Premium

    -System Information-
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: System

    -Blocked Website Details-
    Malicious Website: 1
    , , Blocked, [-1], [-1],0.0.0

    -Website Data-
    Domain: doyleprimmmusic.com
    IP Address: 143.95.83.238
    Port: [64333]
    Type: Outbound
    File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ===============

    image.thumb.png.f31c1061d7118b9a066e1490be620782.png

    Full Scan under 10 seconds?!?

    in Malwarebytes for Windows Support Forum

    Posted

    My alert opened up indicating that my  "real-time" protection was disabled. I attempted to enable it from the tray icon and it was greyed-out. I went into the software and changed the switch from off to "Starting..." it would not start so I ran a scan. The scan completed in 5 seconds and I was shocked. I checked the log and it said the scan was cancelled. I did not cancel it! Upon further inspection I remembered that I had enabled the heuristic and rootkit scans but in the log it said rootkit was disabled. I tried uninstalling the 3.0.6, rebooted, ran the mbam-clean-2.3.0.1001.exe, rebooted and installed the 3.1.2. I ran the default scan and the results are in the mbam-check-results.zip.

     

    ----------

     

    The context menu from the tray icon had "Web Protection Off" available until I clicked on it to enable it. Then it greyed out and changing the scan setting to enabled in the software only results in "Starting..." being displayed on the screen for an extended period.

    mb-check-results.zip

    Trojan.Siredef.C and cannot use windows in normal mode.

    in Resolved Malware Removal Logs

    Posted

    First of all, thank you for being here for me. I appreciate the help I am about to receive. This is a PC belonging to my son. He has brought it to me because he was surfing the web and a popup told him there were some 2500 infections on his pc and he clicked the links to clean it. DOH! Since then, he cannot do anything in his windows without the error:

     

    C:\Windows\System32\dinotify.exe

       This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Programs control panel.

     

    Unfortunately, the aformentioned control panel also yields this error.

     

    The desktop icons are all white and double-clicking them results in the same error.

     

    Booting into "safe mode" I was able to run MBAM2 and the system seems to function normally for "safe mode". I was able to download and run the FARBER Recovery Scan Tool in "safe mode with networking" however there is also no internet connectivity in "normal mode".

     

    MBAM 2 removed the Trojan.Siredef.C and the system is still useless. Subsequent MBAM2 scans return 0 mailicious items.

     

    P.S. I am only able to use this computer in safe mode.

     

    HELP!

     

    ----------------------------------

     

    FRST.txt

    Addition.txt

    mbam first pass.txt

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.