oselotti

Here you go.

No, it still happens from time to time. You have to turn off Malwarebytes before updating WSL. Otherwise Malwarebytes will brick your package management system. This is what happened when I tried 10 minutes ago:

Malwarebytes broke my WSL again. I was updating my Ubuntu in Windows subsystem for Linux when Malwarebytes blocked mandb. It is a program that updates the manual page index caches in Ubuntu. I cannot undo this because the quarantine is empty. I guess I have to reinstall the whole WSL-system again. https://www.virustotal.com/fi/file/1b0cc047b00a989db271dd7564a87f5f34f76d2a1528fe3c6ba0ccda6e859f20/analysis/1494610888/ Here is the full log for apt: $ sudo apt update && sudo apt upgrade [sudo] salasana henkilölle user: Nouda:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB] Nouda:2 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages [258 kB] Nouda:3 http://security.ubuntu.com/ubuntu xenial-security/main Translation-en [109 kB] Nouda:4 http://security.ubuntu.com/ubuntu xenial-security/universe amd64 Packages [110 kB] Nouda:5 http://security.ubuntu.com/ubuntu xenial-security/universe Translation-en [56,6 kB] Nouda:6 http://security.ubuntu.com/ubuntu xenial-security/multiverse amd64 Packages [2 752 B] Löytyi:7 http://archive.ubuntu.com/ubuntu xenial InRelease Nouda:8 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB] Nouda:9 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [530 kB] Nouda:10 http://archive.ubuntu.com/ubuntu xenial-updates/main Translation-en [215 kB] Nouda:11 http://archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages [461 kB] Nouda:12 http://archive.ubuntu.com/ubuntu xenial-updates/universe Translation-en [180 kB] Nouda:13 http://archive.ubuntu.com/ubuntu xenial-updates/multiverse amd64 Packages [8 932 B] Noudettiin 2 135 kt ajassa 21min 41s (1 640 t/s) Luetaan pakettiluetteloita... Valmis Muodostetaan riippuvuussuhteiden puu Luetaan tilatiedot... Valmis 31 packages can be upgraded. Run 'apt list --upgradable' to see them. [sudo] salasana henkilölle user: Luetaan pakettiluetteloita... Valmis Muodostetaan riippuvuussuhteiden puu Luetaan tilatiedot... Valmis Käsitellään päivitystä... Valmis Seuraava paketti on alun perin asennettu automaattisesti, eikä sitä enää tarvita: snap-confine Use 'sudo apt autoremove' to remove it. Nämä paketit päivitetään: apt apt-transport-https apt-utils cloud-init distro-info-data dpkg libapt-inst2.0 libapt-pkg5.0 libicu55 libpam-systemd librtmp1 libsystemd0 libudev1 login logrotate openssh-client openssh-server openssh-sftp-server passwd python3-software-properties snap-confine snapd software-properties-common sosreport systemd systemd-sysv ubuntu-core-launcher udev uidmap unattended-upgrades zlib1g 31 päivitetty, 0 uutta asennusta, 0 poistettavaa ja 0 päivittämätöntä. Noudettavaa arkistoa 29,1 Mt. Toiminnon jälkeen käytetään 5 415 k t lisää levytilaa. Haluatko jatkaa? [K/e] k Nouda:1 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 dpkg amd64 1.18.4ubuntu1.2 [2 085 kB] Nouda:2 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 login amd64 1:4.2-3.1ubuntu5.2 [305 kB] Nouda:3 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 zlib1g amd64 1:1.2.8.dfsg-2ubuntu4.1 [51,2 kB] Nouda:4 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libapt-pkg5.0 amd64 1.2.20 [707 kB] Nouda:5 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libapt-inst2.0 amd64 1.2.20 [55,6 kB] Nouda:6 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 apt amd64 1.2.20 [1 042 kB] Nouda:7 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 apt-utils amd64 1.2.20 [196 kB] Nouda:8 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 systemd-sysv amd64 229-4ubuntu17 [12,8 kB] Nouda:9 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libpam-systemd amd64 229-4ubuntu17 [115 kB] Nouda:10 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libsystemd0 amd64 229-4ubuntu17 [205 kB] Nouda:11 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 systemd amd64 229-4ubuntu17 [3 623 kB] Nouda:12 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 udev amd64 229-4ubuntu17 [992 kB] Nouda:13 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libudev1 amd64 229-4ubuntu17 [55,3 kB] Nouda:14 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 ubuntu-core-launcher amd64 2.24.1 [1 564 B] Nouda:15 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 snap-confine amd64 2.24.1 [1 722 B] Nouda:16 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 snapd amd64 2.24.1 [9 588 kB] Nouda:17 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 passwd amd64 1:4.2-3.1ubuntu5.2 [780 kB] Nouda:18 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 distro-info-data all 0.28ubuntu0.3 [4 048 B] Nouda:19 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 logrotate amd64 3.8.7-2ubuntu2.16.04.1 [37,8 kB] Nouda:20 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 apt-transport-https amd64 1.2.20 [26,1 kB] Nouda:21 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libicu55 amd64 55.1-7ubuntu0.2 [7 659 kB] .gitfa8646d-1build1) ... Preparing to unpack .../openssh-sftp-server_1%3a7.2p2-4ubuntu2.2_amd64.deb ... Unpacking openssh-sftp-server (1:7.2p2-4ubuntu2.2) over (1:7.2p2-4ubuntu2.1) ...Preparing to unpack .../openssh-server_1%3a7.2p2-4ubuntu2.2_amd64.deb ... Unpacking openssh-server (1:7.2p2-4ubuntu2.2) over (1:7.2p2-4ubuntu2.1) ... Preparing to unpack .../openssh-client_1%3a7.2p2-4ubuntu2.2_amd64.deb ... Unpacking openssh-client (1:7.2p2-4ubuntu2.2) over (1:7.2p2-4ubuntu2.1) ... Preparing to unpack .../software-properties-common_0.96.20.6_all.deb ... Unpacking software-properties-common (0.96.20.6) over (0.96.20.5) ... Preparing to unpack .../python3-software-properties_0.96.20.6_all.deb ... Unpacking python3-software-properties (0.96.20.6) over (0.96.20.5) ... Preparing to unpack .../sosreport_3.4-1~ubuntu16.04.1_amd64.deb ... Unpacking sosreport (3.4-1~ubuntu16.04.1) over (3.2+git276-g7da50d6-3ubuntu1) ... dpkg: error processing archive /var/cache/apt/archives/sosreport_3.4-1~ubuntu16.04.1_amd64.deb (--unpack): unable to stat './usr/share/sosreport/sos/plugins/ipsec.py' (which I was about to install): Permission denied dpkg: virhe jälkipuhdistuksessa: unable to remove backup copy of '/usr/share/sosreport/sos/plugins/navicli.py': Permission denied dmesg: read kernel buffer failed: Funktion toteutus puuttuu E: Sub-process /usr/bin/dpkg returned an error code (2)

No, I run it online. However, I do not remember what database version I had when this happened last time. This problem started appearing after I upgraded to Malwarebytes 3. Also, it does not happen every time I upgrade my WSL installation, only sometimes. Malwarebytes Premium 3.0.6.1469, Component package 1.0.1.103, Update package 1.0.1753 I ran that tool and I tried to send the zip archive to you via PM but my archive is 293MB and this forum allows only 29.3MB attachments. Also, I do not like the idea of posting my log archive publicly to this forum, because I do not know what information it contains.

Here is the file and virustotal results. https://www.virustotal.com/fi/file/8582bd90af0d750c5b3ff37e5a6b018aebe71baafb215cb82c273d3281c160cf/analysis/1492324780/ Here is the log: 04/15/17 " 14:46:33.476" 1569125 0d90 14ac INFO AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwControllerImpl::ArwShimDetectionCallback "ArwControllerImplHelper.cpp" 922 "Received threat detection callback from ARW SDK, ObjectPath=dpkg, Sha256Hash=" 04/15/17 " 14:46:33.510" 1569156 0d90 14ac ERROR CleanControllerImpl mb::cleanctlrimpl::whitelist::SignatureWhiteLister::IsObjectWhiteListed "SignatureWhiteLister.cpp" 74 "No WHITESIGS found in Clean.mbdb" 04/15/17 " 14:46:33.510" 1569156 0d90 14ac ERROR CleanControllerImpl CommonCleanUtils::GetFileHashesAndSize "CommonCleanUtils.cpp" 311 "GetTripleHash failed for file = 'dpkg'" 04/15/17 " 14:46:33.510" 1569156 0d90 14ac ERROR CleanControllerImpl mb::swissarmyclientutils::SwissArmyShimLoader::GetFileSize "SwissArmyShimLoader.cpp" 517 "GetFileSize failed for dpkg; status=9" 04/15/17 " 14:46:33.510" 1569156 0d90 14ac INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 231 "White list status (not cached): File 'dpkg' => Hubble:Error" 04/15/17 " 14:46:33.510" 1569156 0d90 14ac INFO AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwControllerImpl::ArwShimDetectionCallback "ArwControllerImplHelper.cpp" 947 "The detected file is only whitelisted due to error in whitelisting (likely offline), sending an action request to the SDK to kill this process. ObjectPath=dpkg, id=0x0" 04/15/17 " 14:46:33.542" 1569187 0d90 17c0 WARNING ArwSDK "" 0 "{Thread: 0x0000120C, Tick: 0x0017F1A3} [KillProcess] The process {PID: 2760} is already stopped." 04/15/17 " 14:46:33.542" 1569187 0d90 17c4 ERROR AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwControllerImpl::ArwShimErrorCallback "ArwControllerImplHelper.cpp" 379 "Arw SDK Error: ErrorCode = 24, RebootRequired = No, Severity = 1, ErrorMsg = Unable to apply action. {Action: 2; Result: 1 }." dpkg.zip

Hi I noticed that Malwarebytes breaks the Windows subsystem for Linux if I run "sudo apt update && sudo apt upgrade". This is very annoying because I have to reinstall the whole WSL system every time this happens. dpkg is NOT malware, it is a package management tool in Ubuntu. Please see: http://manpages.ubuntu.com/manpages/xenial/man1/dpkg.1.html Please see the attachment.