Jeemag
-
Posts
50 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Jeemag
-
-
17 hours ago, PaulF said:
I wouldn't install it right now.
It's a weekend so I'm guessing there won't be any meaningful response until Monday at the earliest.
I had to uninstall the product & then run the mbam-clean program to get the service completely out.
Too bad there is no ability to download a prior version.
Hello,
Too late - it's gone - I had to uninstall it to get this far.
Regards
Cheemag
-
Hello,
I've had to uninstall MWB Pro as it was suddenly causing problems. Because I had to uninstall to get this far, I can't say what version it was.
Windows 7 booted normally and behaved normally until the yellow box came up in the notification area asking me to turn on som protections that were not turned on. Doing anything with this box (even dismissing it) caused the machine to slow to a crawl with CPU at 80% or so and eventually locking up completely. It would then behave normally until MWB's yellowbox comes up ...
I'm running Kaspersky 2018 Internet Security so MWB isn't too important, but is very useful for finding PUPs and other trash.
Should I download MWB again and install ?
Regards
Cheemag
-
Hello.
This is what is worrying me now. The first time I viewed that log, it had these detections in, but not now. What is going on here ?
There is also this, from another application (see below), which found three HK registry items, but was unable to find the keys.
I cannot understand how items can be found and then not found !
ADW Cleaner was run yesterday without finding anything - real or imaginary ...
Regards
Cheemag
--------------------
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017
Ran by Owner (12-08-2017 18:31:08) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner & (Available Profiles: Owner)
Boot Mode: Normal
==============================================fixlist content:
*****************
REG: REG QUERY "HKU\S-1-5-21-3038485607-2243731855-3424446531-1000\Software\drpsu" /s
REG: REG QUERY "HKCU\Software\drpsu" /s
REG: REG QUERY "HKCU\Software\Wow6432Node\drpsu" /s
*****************
========= REG QUERY "HKU\S-1-5-21-3038485607-2243731855-3424446531-1000\Software\drpsu" /s =========ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= REG QUERY "HKCU\Software\drpsu" /s =========ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
========= REG QUERY "HKCU\Software\Wow6432Node\drpsu" /s =========ERROR: The system was unable to find the specified registry key or value.
========= End of Reg: =========
==== End of Fixlog 18:31:09 ==== -
-
Hello,
I can't find a long in C:\AdwCleaner with these entries. Where is the log that I posted reside ?
Cheemag
-
On 08/08/2017 at 4:05 PM, Aura said:
Hi Jeemag
Can you attach the AdwCleaner log where these detection occurs? Also, follow the instructions below.
Farbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.-
Download the right version of FRST for your system:
- FRST 32-bit
-
FRST 64-bit
Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
- Move the executable (FRST.exe or FRST64.exe) on your Desktop;
- Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
- Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
-
Click on the Fix button;
- On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
- Copy and paste its content in your next reply;
GEvening
As expected nothing was found. Could it be that Adaware is wiping the items it finds without asking first?
Given that there may be false positives, it shouldn't do this !
-----------------------------------
Regards
Cheemag
-
Download the right version of FRST for your system:
-
Thanks.
The MWB scan was coincidence. It's working again now, so no problem.
Regards
Cheemag
-
Hello,
ADW Cleaner found these items:
***** [ Registry ] *****
Key Found: HKU\S-1-5-21-3038485607-2243731855-3424446531-1000\Software\drpsu
Key Found: HKCU\Software\drpsu
Key Found: [x64] HKCU\Software\drpsu***** [ Folders ] *****
Folder Found: C:\Windows\SysNative\Tasks\WiseCleaner
These keys and folder do not exist. What is going on here ? I've never used any of the software mentioned.
Regards
Cheemag
-
Hello,
Today I noticed that MWB-AR had stopped/was inactive (following a scan by Malwarebytes - coincidence?).
[Fix Now] and [Start protection] have no effect.
(Beta 0.9.18.797-1.1.86)
Regards
Cheemag
-
2 hours ago, 1PW said:
Hello Jeemag:
If the sub-directories exist, yes. Note: The C\ProgramData\ directory and its sub-directories may be hidden in some systems.
Remember, there is no current interest in the contents of any C:\Program Files\ sub-directories yet.
Thank you.
Good Afternoon,
Here are the directories. 7-zip error on the last one: couldn't open the Service\Log as it was in use (despite MWB-AR
having been stopped.
Regards
Cheemag
-
11 hours ago, 1PW said:
Hello Jeemag:
Using the native Windows built-in zip utility, please create the following, separate, .zip (not .7z or .rar) archive files for MBARW developer team analysis:
"C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\"
"C:\ProgramData\Malwarebytes\MBAMService\logs\"
"C:\ProgramData\MalwarebytesARW\"Please attach the .zip archives to your next reply. Thank you for your beta testing contribution to the Malwarebytes Anti-Ransomware (MBARW Beta) project and your valued feedback.
The whole Anti-Ransomware directory ?
Regards
Cheemag
-
14 hours ago, pondus said:
I dont think there is any security software that detect from a file name
Well it certainly has in this case!
I've re-installed bart.exe and it's working as normal without MWB-AR complaining ... I'd used it for years before yesterday without this problem.
I am aware that there is a ransomware of that name.
Regards
Cheemag
-
Good Evening,
Bart.exe, the file backup programme is NOT ransomware. Clearly MWB-AR thinks it is. It's from Zhorn Software:
http://www.zhornsoftware.co.uk/bart/
I've been using it for years, now all of a sudden MBW-AR thinks it's ransomware. I've restored it.
It has nothing to do with the Bart ransomware.
Surely it isn't a Good Idea to tag something as malware from the filename alone.
Regards,
Cheemag
-
On 21/08/2016 at 1:03 PM, 1PW said:
Hello Jeemag:
An unofficial analysis of the archives show a curious inability of MBARW Beta to recently communicate with multiple Malwarebytes servers. Rather than conduct a simple re-install of MBARW Beta7, please consider a clean install of MBARW Beta7:
1. Close all open user applications followed by a conventional Windows based uninstall of Malwarebytes Anti-Ransomware through the Windows system Control Panel.
2. If MBARW Beta7 was uninstalled successfully, the following sub-directories will have been deleted from a typical Windows 7 x64 system:C:\Program Files\Malwarebytes\
C:\ProgramData\Malwarebytes Anti-Ransomware\
C:\ProgramData\MBAMService\3. If any of the above directories remain, please delete them manually. If necessary, any remaining/uninstalled directory must be deleted in the Windows Safe mode.
4. Execute a conventional Windows restart to the Normal Windows boot mode and log-in through an Administrator's account. <===IMPORTANT!
5. Using an Administrator's account only, download a fresh MBARW_Setup.exe file and save to the Administrator's Desktop from the Malwarebytes Anti-Ransomware BETA 7 Now Available topic.
6. Right-click the saved MBARW_Setup.exe file and left-click Run as administrator from the context menu and continue.
7. Upon a successful installation, please restart the computer in a conventional manner to the Windows Normal boot mode.Please reply to your topic with the status of your reported issue. Thank you for beta testing MBARW and your valued feedback.
Thanks! I did all that yesterday and it seems to be holding.
Regards
Cheemag
-
Hello again,
Sorry to be so tardy in replying.
You neglected to say that the system won't allow files in these directories to be zipped as they're 'in use by another programme'. even with MWBAR stopped. They have to be copied to a temporary folder to be zipped.
Regards
Cheemag
-
I cannot get MBARW to run other than disabled. [Fix now] and Start Protection have no effect.
Running mbarw.exe as administrator has no effect.
What next ?
Cheemag
-
5 hours ago, AdvancedSetup said:
Hello @Jeemag sorry for the delay. I've looked at your logs and did not see anything obvious that would be stopping it unless possibly your antivirus was maybe blocking it.
If you can try temporarily disabling your antivirus and see if it will launch then or not and let us know, make sure you re-enable your antivirus. If that does not help then we might need to have someone help you take a deeper look at a possible infection or other cause.
No problem.
I've solved it: This machine has the 'black square icons' fault where all the desktop icons have been replaced by black squares. The icon cache has to be rebuilt at every boot to restore the icons. Mbae is in fact running and the icon showing in the tray - until the cache is rebuilt and Explorer restarted, then the mbae icon disappears from the tray although the prog is still running.
I'm stuck with it unless and until I solve this icons problem.
Regards
Cheemag
-
Evening,
Any further ideas on this problem ?
Retards,
Cheemag
-
14 hours ago, KenW said:
I had the same thing happen, Win 10 Pro, I uninstalled and reinstalled. Happens again, I will get logs.
I did that. Didn't help. Still the same.
Regards
Cheemag
-
-
On 13/07/2016 at 10:27 AM, daledoc1 said:
Hello, @Jeemag:
In order to better assist @pbust with troubleshooting, I suggest that you please follow the advice in this pinned topic: [README FIRST] >>> Posts here need to include MBAE logs <<<
Then, please attach BOTH the archived/zipped MBAE logs AND the 2 logs from FRST (FRST.txt and Addition.txt).
Thanks,
Attached contents of C:\Users\Owner\<MWB Exploit Stuff>
-
Hello,
I have Anti-Exploit Premium installed on Windows 7 Professional 64-bit SP-1 Up-to-date.
mbae.exe is in the Startup and appears in Task Manager as mbae.exe*32, but there is no icon in the system tray (hidden or unhidden).
To get the reassurance that it's running, I have to stop mbae.exe*32 in Task Manager and start mbae.exe from my file manager, after which it runs for the duration in the system tray.
Is there a workaround for this ?
It's a 64-bit machine but this programme appears to be running a 32-bit version despite there being a 64-bit executable in the application folder.
Regards
Cheemag
-
MWB ARB put Bart Backup into quarantine as ransomware.
I've been using it for years, so it certainly isn't ransomware.
Programme said it was putting it into quarantine, but it hasn't and thankfully the application still works.
--
Cheemag
-
LB Booster is flagged as a PUP by MWB.
This programme is a fork of Liberty Basic, both perfectly harmless Basic compiler programmes.
Directory is:
Volume in drive C is HDD-C
Volume Serial Number is BCB3-EF10
Directory of C:\Program Files (x86)\lb_booster
14/02/2015 11:47 <DIR> .
14/02/2015 11:47 <DIR> ..
20/01/2015 20:50 2,422 lbb.bmp
20/01/2015 20:50 66,113 lbb.chm
20/01/2015 20:14 448,976 lbb.exe
20/01/2015 20:52 1,330 lbb.exe - shortcut.lnk
20/01/2015 20:14 156,976 lbbrun.exe
5 File(s) 675,817 bytes
2 Dir(s) 937,595,801,600 bytes freeRegards
Jeemag
Malwarebytes Causing Problems
in BSOD, Crashes, Kernel Debugging
Posted
Thanks,
Not much point in collecting anything as I've uninstalled it.
It wasn't blue-screening just hijacking the processor and locking the system up.
However if you wish I'll run the tool, but Geek uninstaller did a very good job of uninstalling MWB.
Regards
Cheemag